Knowledge Management
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How do you set up a GET Workflow Action that links a field directly to an event on an AV web interface?

psmaan
New Member
‎09-12-2018 03:43 PM

I have an event coming from an antivirus. Antivirus logs contain a field (lets say "URL") which contain direct links to the event on an AV web interface. If I copy that link and paste it in the browser, it will work fine.

I am trying to create a workflow action where a security analyst can click on this link directly from the event field and can open it in a new window. I created a workflow action configuration as described in here:-
https://docs.splunk.com/Documentation/Splunk/7.1.2/Knowledge/SetupaGETworkflowaction

However instead, Splunk is giving me an option to search the AV url link in Google. How do I fix this?

0 Karma
Reply

psmaan
New Member
‎09-13-2018 04:02 PM

I managed to get this done by breaking up the URL provided in the events as per format required in the URI field of the workflow configuration. However, I would still be interested in a solution where you can use such event fields directly.

0 Karma
Reply

mdicenzo
Explorer
‎08-17-2022 05:49 AM

I am trying to do this same thing. Can you clarify what you did to get this to work?

The field name is URL and the string already has https so I was trying to just put $!URL$ in the url link configuration.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...