Splunk SOAR

Deleting Custom List Items

CS_
Path Finder

In a playbook, I have a decision tree.

If option A -> Check List -> If Value Exists in custom list -> Do Nothing

Else If Option b -> Check list -> If Value Exists in custom list -> Delete that list entry.

Checking in the SOAR Phantom app actions, I see several options for lists, but no option to "remove/delete listitem" (see attached pic)


How do I go about deleting items from a Custom List?

Thanks!

(SOAR Cloud 5.3.1)

 

 

Labels (2)
0 Karma
1 Solution

phanTom
SplunkTrust
SplunkTrust

@CS_ 

There is an API to perform this in a code block or custom function:

https://docs.splunk.com/Documentation/SOAR/current/PlaybookAPI/DataManagementAPI#delete_from_list 

Otherwise you can rebuild the list without the value(s) and then use set_list to overwrite: 

 https://docs.splunk.com/Documentation/SOAR/current/PlaybookAPI/DataManagementAPI#set_list 

View solution in original post

0 Karma

phanTom
SplunkTrust
SplunkTrust

@CS_ 

There is an API to perform this in a code block or custom function:

https://docs.splunk.com/Documentation/SOAR/current/PlaybookAPI/DataManagementAPI#delete_from_list 

Otherwise you can rebuild the list without the value(s) and then use set_list to overwrite: 

 https://docs.splunk.com/Documentation/SOAR/current/PlaybookAPI/DataManagementAPI#set_list 

0 Karma

CS_
Path Finder

@phanTomAs always, you've dropped the perfect answer. Many thanks!

I'll give this a try (from the first URL you provided)

phantom.delete_from_list(list_name=None, value=None, column=None, remove_all=False, remove_row=False)

 

Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...