Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Triggering workflow action for use in a report

jlsantini
Explorer
‎12-03-2024 09:19 AM

Hi,

We installed the #AbuseIPDB app in our Splunk cloud instance.  I created a workflow action called jodi_abuse_ipdb using the documentation provided in the app

Label: Check $ip$ with AbuseIPDB
Apply only to: ip
Search string: |makeresults|abuseipdbcheck ip=$ip$

I'd like to be able to use this for a report but I haven't figured out how trigger to call this workflow action to provide results.  I've done Google searches and I've tried a number of things. I am hoping someone in the community might be able to help.

Thank you!

Jodi

Labels (1)
Labels
Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎12-04-2024 11:23 AM

Workflow actions are an interactive feature used in search results to perform something on an event.  See https://dev.splunk.com/enterprise/docs/devtools/customworkflowactions and https://docs.splunk.com/Documentation/Splunk/9.3.2/Knowledge/CreateworkflowactionsinSplunkWeb#Contro... for more information.

That said, workflow actions are not applicable to reports.

If you put the report in a dashboard, then you add a drilldown that uses the same search as your workflow action.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

Reply
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎12-04-2024 11:23 AM

Workflow actions are an interactive feature used in search results to perform something on an event.  See https://dev.splunk.com/enterprise/docs/devtools/customworkflowactions and https://docs.splunk.com/Documentation/Splunk/9.3.2/Knowledge/CreateworkflowactionsinSplunkWeb#Contro... for more information.

That said, workflow actions are not applicable to reports.

If you put the report in a dashboard, then you add a drilldown that uses the same search as your workflow action.

---
If this reply helps you, Karma would be appreciated.
Reply
Solved! Jump to solution

jlsantini
Explorer
‎12-04-2024 11:26 AM

Thank you @richgalloway  I appreciate the information.  It looks like I was trying to do something that isn't possible.  I'll review the documentation you sent and look at trying this as a dashboard.

Thanks again!

0 Karma
Reply
Solved! Jump to solution

jlsantini
Explorer
‎12-04-2024 08:37 AM

My end goal is to be able to use the AbuseIDB  API to look up IP addresses and give back information rather than maintaining spreadsheet lookup table.  I was able to pull the blacklist data from AbuseIPDB as a CSV and my report using the CSV lookup works.  I'm trying to get data on IPs, blacklist or not, leveraging the API.

I want a report that looks like the one I have for blacklisted IPs.

jlsantini_0-1733330185358.png

 

0 Karma
Reply
Solved! Jump to solution

jlsantini
Explorer
‎12-04-2024 08:18 AM

Here my workflow action:

jlsantini_0-1733329050784.png

 

This is the search I created for my report:

index=oht_f5 request_status!="passed" workflow action="jodi_abuse_ipdb"

I get 0 results.  When I take off the workflow action piece, I get 635 results in 15 minutes.

0 Karma
Reply
Get Updates on the Splunk Community!

CX Day is Coming!

Customer Experience (CX) Day is on October 7th!! We're so excited to bring back another day full of wonderful ...

Strengthen Your Future: A Look Back at Splunk 10 Innovations and .conf25 Highlights!

The Big One: Splunk 10 is Here!  The moment many of you have been waiting for has arrived! We are thrilled to ...

Now Offering the AI Assistant Usage Dashboard in Cloud Monitoring Console

Today, we’re excited to announce the release of a brand new AI assistant usage dashboard in Cloud Monitoring ...