How do you set up a GET Workflow Action that links...

psmaan · ‎09-12-2018

I have an event coming from an antivirus. Antivirus logs contain a field (lets say "URL") which contain direct links to the event on an AV web interface. If I copy that link and paste it in the browser, it will work fine.

I am trying to create a workflow action where a security analyst can click on this link directly from the event field and can open it in a new window. I created a workflow action configuration as described in here:-
https://docs.splunk.com/Documentation/Splunk/7.1.2/Knowledge/SetupaGETworkflowaction

However instead, Splunk is giving me an option to search the AV url link in Google. How do I fix this?

psmaan · ‎09-13-2018

I managed to get this done by breaking up the URL provided in the events as per format required in the URI field of the workflow configuration. However, I would still be interested in a solution where you can use such event fields directly.

mdicenzo · ‎08-17-2022

I am trying to do this same thing. Can you clarify what you did to get this to work?

The field name is URL and the string already has https so I was trying to just put $!URL$ in the url link configuration.

How do you set up a GET Workflow Action that links a field directly to an event on an AV web interface?

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!