Knowledge Management
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to make a workflow action that performs a Google Search for every field?

JustRoot
Path Finder
‎07-07-2017 09:16 AM

Is there a way I can make a workflow action in order to search Google for every field? My problem right now is that when I put in the URI, I have to pass ONE specific field. Is there a way to pass in whatever field is being looked at?alt text

Preview file
1 KB
Reply
1 Solution
Solved! Jump to solution
Solution

adonio
Ultra Champion
‎07-07-2017 10:11 AM

hello there:
like this?
$SPLUNK_HOME$/etc/apps/appName/workflow_actions.conf

[google]
display_location = both
fields = *
label = Google $@field_name$
link.method = get
link.target = blank
link.uri = http://www.google.com/search?q=$@field_name$
type = link

the above is in screenshots, you can also google the field value for example:

[google_value]
display_location = both
fields = *
label = Google $@field_value$
link.method = get
link.target = blank
link.uri = http://www.google.com/search?q=$@field_value$
type = link

alt text

alt text

hope it helps

View solution in original post

Preview file
1 KB
Preview file
1 KB
Reply
Solved! Jump to solution

woodcock
Esteemed Legend
‎07-07-2017 02:29 PM

You cannot use workflow to create a search for "every" field but you can make one for "any" field. So if you really mean "every field" (which is what you said), you cannot.

0 Karma
Reply
Solved! Jump to solution

JustRoot
Path Finder
‎07-10-2017 07:29 AM

I downvoted this post because wrong answer.

0 Karma
Reply
Solved! Jump to solution

JustRoot
Path Finder
‎07-10-2017 07:28 AM

Check above to see how to do it

0 Karma
Reply
Solved! Jump to solution
Solution

adonio
Ultra Champion
‎07-07-2017 10:11 AM

hello there:
like this?
$SPLUNK_HOME$/etc/apps/appName/workflow_actions.conf

[google]
display_location = both
fields = *
label = Google $@field_name$
link.method = get
link.target = blank
link.uri = http://www.google.com/search?q=$@field_name$
type = link

the above is in screenshots, you can also google the field value for example:

[google_value]
display_location = both
fields = *
label = Google $@field_value$
link.method = get
link.target = blank
link.uri = http://www.google.com/search?q=$@field_value$
type = link

alt text

alt text

hope it helps

Preview file
1 KB
Preview file
1 KB
Reply
Solved! Jump to solution

JustRoot
Path Finder
‎07-10-2017 07:05 AM

This is almost what I want. Instead of searching for "JSESSIONID", I would like it to search for the value of "JSESSIONID," or in this case "SD5SL4FF5ADFF1." Is that possible? Thanks.

0 Karma
Reply
Solved! Jump to solution

adonio
Ultra Champion
‎07-10-2017 07:18 AM

its in the second code i posted
google_value stanza

0 Karma
Reply
Solved! Jump to solution

JustRoot
Path Finder
‎07-10-2017 07:28 AM

That worked, thanks!

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

🍂 Fall into November with a fresh lineup of Community Office Hours, Tech Talks, and Webinars we’ve ...

Transform your security operations with Splunk Enterprise Security

Hi Splunk Community, Splunk Platform has set a great foundation for your security operations. With the ...

Splunk Admins and App Developers | Earn a $35 gift card!

Splunk, in collaboration with ESG (Enterprise Strategy Group) by TechTarget, is excited to announce a ...