Monitoring Splunk

TrackMe: How to add sourcetypes programatically to AllowList/Block list?

GOB_Bluth
Explorer

I would like the results of a search to populate the allow/block lists in TrackeMe. The lookup file requires a unique key.

Any tips on how to generate that at search time?

Labels (1)
0 Karma

gjanders
SplunkTrust
SplunkTrust

Are you referring to _key?
That's autogenerated for kvstore entries. You don't need to manually generate it 

Alerts for Splunk Admins https://splunkbase.splunk.com/app/3796/
Version Control for Splunk https://splunkbase.splunk.com/app/4355/
0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!