Why is the map command a risky command? - Splunk Community

Splunk Search

Other than poor speed and performance, is there a reason why the map command is considered dangerous?

The official documentation says that the map command can result in data loss or potential security risks. But I don't see any details.

Why?

https://docs.splunk.com/Documentation/SplunkCloud/latest/SearchReference/Map

hello. @vigneshnarendra

So I'm curious about why maps are dangerous.

In some cases system data may be lost. I would like to know the detailed reason why it is possible.

HI @munang.

The risky command warning is only a safeguard for many commands which could be a potential risk if users run them without knowing what they are doing.

https://docs.splunk.com/Documentation/Splunk/9.3.0/Security/SPLsafeguards

You could set commands.conf as below and restart splunk to remove the warning.

[<your_command_name>]
is_risky = false

Get Updates on the Splunk Community!

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

From Idea to Implementation: Why Splunk Built mTLS into Splunk Enterprise 10.0 mTLS wasn’t just a checkbox ...