Splunk Enterprise Security
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Need a help with workflow action or notable event contribution Events

satyaallaparthi
Communicator
‎08-15-2019 11:38 AM

Hello,

We created a notable event for DLP which creating

Contributing Events:
DLP Drilldown for 652837

when ever I click on DLP drill down for incident.. that is taking to splunk search and search for the who dlp web link in splunk search where I am not getting anything..

how can I create a notable event to link that with the google search instead of splunk search..
https://dlp/ProtectManager/EndpointIncidentDetail.do?value(variable_1)=incident.id&value(operator_1)...

and I created a workflow action but no luck. I am attaching my both workflow actions and notable event screen shot.. Please do help me with that.

Any help would be great.

Thanksalt text

workflow.png
Preview file
89 KB
test.png
Preview file
89 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

solarboyz1
Builder
‎08-15-2019 12:24 PM

The drill-down field of a notable is expecting splunk search syntax, you can't reference a workflow.

Since your workflow has been created, you should see it available as a drop-down on the actions menu for the event on the incident review page.

Additionally, if you drill-in to the notable, the workflow should be available in action menu for the incident_id field.

As far as I know, you cannot specify and external link or workflow as a drill-down.

View solution in original post

Reply
Solved! Jump to solution
Solution

solarboyz1
Builder
‎08-15-2019 12:24 PM

The drill-down field of a notable is expecting splunk search syntax, you can't reference a workflow.

Since your workflow has been created, you should see it available as a drop-down on the actions menu for the event on the incident review page.

Additionally, if you drill-in to the notable, the workflow should be available in action menu for the incident_id field.

As far as I know, you cannot specify and external link or workflow as a drill-down.

Reply
Get Updates on the Splunk Community!

Join the Splunk Developer Program Hackathon: Splunk Build-a-thon!

The Splunk Developer Program is launching in beta, and we’re celebrating with an exciting hackathon! This is ...

Announcing the Expansion of the Splunk Academic Alliance Program

The Splunk Community is more than just an online forum — it’s a network of passionate users, administrators, ...

Learn Splunk Insider Insights, Do More With Gen AI, & Find 20+ New Use Cases You Can ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...
Top