- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi everyone,
I am creating a workflow action that allows me to links to a website (e.g. google.com) from Incident Review dashboard. The problem is, in order to use the workflow action, I need to pass a field that is available from a lookup file (based on event_id). May I know how to do lookup for the notable events?
Thanks
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
data:image/s3,"s3://crabby-images/f2c43/f2c43ff9fe30701b4ec7d60d5201063534e5c1eb" alt="SplunkTrust SplunkTrust"
If you intend to use the workflow action from Incident Review or similar pages, that lookup would need to be called from within the notable
macro... that macro makes sure the event_id
is computed, and therefore your lookup can only be added afterwards.
Then you can use the lookup's output fields in your workflow action as usual.
Caution: Make sure any changes to the default macro made in any upgrade of ES versions also gets replicated in your local copy.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
data:image/s3,"s3://crabby-images/f2c43/f2c43ff9fe30701b4ec7d60d5201063534e5c1eb" alt="SplunkTrust SplunkTrust"
If you intend to use the workflow action from Incident Review or similar pages, that lookup would need to be called from within the notable
macro... that macro makes sure the event_id
is computed, and therefore your lookup can only be added afterwards.
Then you can use the lookup's output fields in your workflow action as usual.
Caution: Make sure any changes to the default macro made in any upgrade of ES versions also gets replicated in your local copy.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ah I see..thanks for the detailed explanations!
data:image/s3,"s3://crabby-images/2f34b/2f34b8387157c32fbd6848ab5b6e4c62160b6f87" alt=""