Splunk SOAR
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk connector version 2.14 in SOAR 6.0 Error

uditdasgupta
Loves-to-Learn Everything
‎12-07-2023 02:11 PM

I am trying to query a Splunk search head using the Splunk connector from SOAR. However, my playbook is giving an error in the action block with the below error:

Failed to connect to splunk server. HTTP Error 400: Bad Request (1235)

There are no issues of connectivity as I have tested the connectivity to our asset in the app and it has passed successfully.

Yet, my playbook is failing with the above error.

My playbook design consists of a format block that formats the simple SPL query as :

|makeresults|eval id="This is a test" |eval playbook="App upgrade splunk"|table _time id playbook

which is referenced in the action block that queries a Splunk Search Head using the Splunk app.

Any advise on the possible issue is much appreciated ?

Thanks in advance

 

Labels (1)
Labels
0 Karma
Reply
Get Updates on the Splunk Community!

Wrapping Up Cybersecurity Awareness Month

October might be wrapping up, but for Splunk Education, cybersecurity awareness never goes out of season. ...

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

🗣 You Spoke, We Listened  Audit Trail v2 wasn’t written in isolation—it was shaped by your voices.  In ...

What's New in Splunk Observability - October 2025

What’s New?    We’re excited to announce the latest enhancements to Splunk Observability Cloud and share ...