Monitoring Splunk

TrackMe: How to add sourcetypes programatically to AllowList/Block list?


I would like the results of a search to populate the allow/block lists in TrackeMe. The lookup file requires a unique key.

Any tips on how to generate that at search time?

Labels (1)
0 Karma


Are you referring to _key?
That's autogenerated for kvstore entries. You don't need to manually generate it 

Alerts for Splunk Admins
Version Control for Splunk
0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!