Dear Splunk community, I have a Python application that pushes data to Splunk every time is executed. Multiple events are pushed using JSON format. Only a subset of the data being sent, namely two fields are changing during job execution, the rest are constant per job execution (think of them as some sort of job metadata). I would like to have that metadata in splunk so I can filter it, but I do not like also pushing lots of identical data for each event. I guess what I am looking for is some sort of bulk tagging after each import where each job metadata field would be a label. I appreciate any thoughts/suggestions how to do this usinng splunk BKMs.
... View more