topic Re: Add word in the workflow action. in Splunk Search

Add word in the workflow action.

dfigurello — Thu, 28 Nov 2013 00:41:35 GMT

Hey splunkers,

I have a doubt. I created a GET workflow action to search field in the google, but I can't put a word before the variable.

For example:

(...)google.com/search?$Reason$ it's ok. But I want always search "Trend Micro $Reason". I need add always the word "Trend Micro" for each search with variable $reason, but I can't do it.

Splunkers any idea?

Tks.

Re: Add word in the workflow action.

yAlff — Thu, 28 Nov 2013 11:00:57 GMT

Hey,

did you just try to filter for Trend Micro?

Just extract the field behind search? (maybe named as what), and then filter with sourcetype=bla what="Trend Micro*"

It means that all the returned results contain Trend Micro $reason$ and the just extract the $reason$-tag

Regards

Re: Add word in the workflow action.

dfigurello — Thu, 28 Nov 2013 11:28:31 GMT

Hey yAlff,

my splunk search returns results without any word with Trend Micro. I want add "Trend Micro + results in my index" in search google.

For example

host=ddi| stats count by Reason

Reason count
DNS response resolves to dead IP address 55
Many failed log in attempts 1
Multiple failed log in attempts 1

I want search in the google:

Trend Micro + "DNS response resolves to dead IP address"

I tried trend micro + $reason and others ways but not happens. In the search goes only Trend Micro.

any idea ?

Tks!