Below I’ve included a screencast demonstration of the process to create a diag.
Sending the file to Hurricane Labs
If you’re a Hurricane Labs Managed Splunk Services customer, you’ll share this file with us. The diag file can contain sensitive information about your configuration and should never be emailed or shared in an insecure way out of an abundance of caution. The best way to share the file with us is via the file transfer tool in our support portal.
Alternatively, your Hurricane Labs support engineer can provide you with a link to attach files securely to a support ticket in the event the administrator we’re working with doesn’t have access to the support portal.
Sending the file to Splunk Support
If you aren’t a Hurricane Labs Managed Splunk Services customer and you have an active support case with Splunk, you can upload a diag to Splunk via the diag tool. The appropriate flags are covered in Splunk docs.
You probably won’t need to create a diag often–but it’s almost inevitable that someone who works with a large number of Splunk systems will need to do this at some point in their Splunk journey. Hopefully, this guide will help when that time comes.