Solved: SPLUNk SOAR- Splunk Run query

harishlnu · ‎04-25-2024

Hi Team,

Could you please help me on running query in Splunk,
The query starts with | ldapsearch.

run query only have command search,tstats,eval,savedsearch,stats

Could you please guide me on this

Thanks in advance

Regards,

Harisha

phanTom · ‎04-25-2024

@harishlnu just leave the command field empty and put the full SPL in the query field and it will work. It may complain about the command field not being populated but IMO that was a silly addition to the app action.

-- Hope this helps! If it does please mark as a solution for the future. Happy SOARing! --

View solution in original post

phanTom · ‎04-25-2024

@harishlnu just leave the command field empty and put the full SPL in the query field and it will work. It may complain about the command field not being populated but IMO that was a silly addition to the app action.

-- Hope this helps! If it does please mark as a solution for the future. Happy SOARing! --

harishlnu · ‎04-25-2024

It worked Thank you @phanTom

SPLUNk SOAR- Splunk Run query

development

SOC Modernization: How Automation and Splunk SOAR are Shaping the Next-Gen Security ...

Ask It, Fix It: Faster Investigations with AI Assistant in Observability Cloud

Index This | How many sides does a circle have?