Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Workflow action and foreign application

Azerty728
Path Finder
‎07-16-2015 05:34 AM

I'm on distributed environment with deployment server.

I created an application, outside ES but based on ES result search.

In order to simplify the interaction between the two apps (Es and my app), I added a Workflow action in ES, that points to my app (GET method).
Now I want to package my app. But my workflow action is still (created) in ES.

If I want to incorporate my workflow_actions.conf in my own app directory, how can I make it deploy in ES too ? Because right now, if I deploy my app, it only deploys files on my search heads but not this wworkflow_actions.conf in ES directory.

I hope this is clear enough to be understood.

Regards.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Azerty728
Path Finder
‎08-12-2015 08:52 AM

I am answering my own question :
I created my workflow_actions.conf where I put my workflow actions, in my app directory.
Then in metadata/default.meta, I added stanzas of my workflow actions like below, and an export key to the apps where I want my workflow actions appear:

[workflow_actions/View_Notable]
export = SA-ThreatIntelligence

[workflow_actions/Email_generation]
export = SplunkEnterpriseSecurity

So my workflow actions appear where I want to ! (in SA-ThreatIntelligence and Enterprise Security).
That's all.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

Azerty728
Path Finder
‎08-12-2015 08:52 AM

I am answering my own question :
I created my workflow_actions.conf where I put my workflow actions, in my app directory.
Then in metadata/default.meta, I added stanzas of my workflow actions like below, and an export key to the apps where I want my workflow actions appear:

[workflow_actions/View_Notable]
export = SA-ThreatIntelligence

[workflow_actions/Email_generation]
export = SplunkEnterpriseSecurity

So my workflow actions appear where I want to ! (in SA-ThreatIntelligence and Enterprise Security).
That's all.

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...