Are you a member of the Splunk Community?
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- What are the pros and cons of using search workflo...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
These two items seem to do the same thing. Does anyone have a good relative/comparative pros and cons discussion link?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
i think they are very different
workflow actions as described and explained here: https://docs.splunk.com/Splexicon:Workflowaction
is A highly configurable knowledge object that enables a variety of interactions between fields in events and other web resources.
Workflow actions can:
Create HTML links that, for example, run searches in external search engines for field values.
Generate HTTP POST requests to specified URIs.
Launch secondary searches that use specific field values from a selected event.
a subsearch is a search within a search, many times used as a filter
more detailed definition here: https://docs.splunk.com/Splexicon:Subsearch
so to your question, i dont think there are relative/comparative pros and cons or discussion around that topic
what is the problem you are trying to solve?
hope it helps
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It's not that I'm trying to solve a particular problem. Had that been the case I would have identified the problem. I'm trying to understand the difference between 2 types of search. If you disregard GET and POST as I did in my subj line, and focus on "search workflow actions" as described in the docs vice the splexicon: http://docs.splunk.com/Documentation/Splunk/6.6.2/Knowledge/CreateworkflowactionsinSplunkWeb#Set_up_... where it says "• Search workflow actions, which launch secondary searches that use specific field values from an event, such as a search that looks for the occurrence of specific combinations of ipaddress and http_status' field values in your index over a specific time range.", it seems to be very similar, if not identical, to a subsearch. Hence the question as it was posed.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
i think they are very different
workflow actions as described and explained here: https://docs.splunk.com/Splexicon:Workflowaction
is A highly configurable knowledge object that enables a variety of interactions between fields in events and other web resources.
Workflow actions can:
Create HTML links that, for example, run searches in external search engines for field values.
Generate HTTP POST requests to specified URIs.
Launch secondary searches that use specific field values from a selected event.
a subsearch is a search within a search, many times used as a filter
more detailed definition here: https://docs.splunk.com/Splexicon:Subsearch
so to your question, i dont think there are relative/comparative pros and cons or discussion around that topic
what is the problem you are trying to solve?
hope it helps
.conf25 Community Recap
Splunk App Developers | .conf25 Recap & What’s Next
Congratulations to the 2025-2026 SplunkTrust!
