Add word in the workflow action.

dfigurello · ‎11-27-2013

Hey splunkers,

I have a doubt. I created a GET workflow action to search field in the google, but I can't put a word before the variable.

For example:

(...)google.com/search?$Reason$ it's ok. But I want always search "Trend Micro $Reason". I need add always the word "Trend Micro" for each search with variable $reason, but I can't do it.

Splunkers any idea?

Tks.

yAlff · ‎11-28-2013

Hey,

did you just try to filter for Trend Micro?

Just extract the field behind search? (maybe named as what), and then filter with sourcetype=bla what="Trend Micro*"

It means that all the returned results contain Trend Micro $reason$ and the just extract the $reason$-tag

Regards

dfigurello · ‎11-28-2013

Hey yAlff,

my splunk search returns results without any word with Trend Micro. I want add "Trend Micro + results in my index" in search google.

For example

host=ddi| stats count by Reason

Reason count
DNS response resolves to dead IP address 55
Many failed log in attempts 1
Multiple failed log in attempts 1

I want search in the google:

Trend Micro + "DNS response resolves to dead IP address"

I tried trend micro + $reason and others ways but not happens. In the search goes only Trend Micro.

any idea ?

Tks!

Add word in the workflow action.

Detecting Brute Force Account Takeover Fraud with Splunk

Buttercup Games: Further Dashboarding Techniques (Part 9)

Buttercup Games: Further Dashboarding Techniques (Part 8)

Are you a member of the Splunk Community?

Add word in the workflow action.

Detecting Brute Force Account Takeover Fraud with Splunk

Buttercup Games: Further Dashboarding Techniques (Part 9)

Buttercup Games: Further Dashboarding Techniques (Part 8)