Splunk Search

Is there a way to automate diag to support?

daniel333
Builder

All,

Silly question - Is there a way to automate the sending of diags to Splunk support? I'd like to know they have current diags on file at anytime. If I can submit one nightly to them and they keep in a repo or something?

woodcock
Esteemed Legend

The best way would be to open a P0 support case, which is code for Enhancement Request (ER) and in the body request such a feature but then, because these never go anywhere and never get closed, use the CLI arguments for the diag command to continuously attach diags to that case. Then any time you open a new case or whatever, you can just tell them to grab the latest diags from your never-ending ER.

0 Karma

anthonymelita
Contributor

I don't see this as being possible, or why Splunk would allow it. Your diag gets attached to a case, for the purpose of troubleshooting the issue that case.

0 Karma
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...