This app provides the ability to ingest Orange Datalake threat intel given an api token. It replaces former app Datalake2Splunk (https://splunkbase.splunk.com/app/7589) as new version of the Datalake API required changes in the script. Temporary notes : Because some atom_types will be renamed or deleted in V3 of Datalake, query hashes need to be changed when put in this new app. Since both app share the conf files names it is possible to have both app on a instance to help migration - meaning an input created on the old app will appear on the new but won't be really editable and won't have access to the account. It is recommended to uninstall the previous app once Datalake migration will be over (planned for October 2025). Datalake2Splunk will be archived once Datalake has migrated to V3.