Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Workflow actions and variables

gargantua
Path Finder
‎08-16-2023 02:00 AM

Hi,

We have a internal wiki with tons of useful informations about hosts and IPs.

I'm trying to set up a workflow that triggers a search of the value -IP or Hostname- on this internal wiki.

First issue : Since this workflow action should work with a variety of fields (src_ip, dest_ip, host, src, dest, etc.) : What variable shall I use in order to return in the workflow action the selected value ? Is there a sort of global variable like $the_selected_value$ no matter it's an IP address, a hostname or whatsoever ?

Second issue : I selected my workflow to be applied on any field with a * but the workflow action is just not available anywhere.

Thanks in advance for your kind help on this matter !

Best

0 Karma
Reply

gargantua
Path Finder
‎08-16-2023 02:28 AM

I added the workflow action within the web UI of a search head.

We're using Splunk Enterprise and Enterprise Security.
All of our Splunk instances are on version 9

We ingest all type of events : *nix, windows sysmon, web server access logs, firewalls, etc.

The workflow action is now available, but I still don't know what variable to use in my web request.

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎08-16-2023 02:11 AM

Where is this workflow defined? Which Splunk product(s) and version(s) are you using? What events do you have ingested into Splunk?

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

Data Management Digest – May 2026

Welcome to the May 2026 edition of Data Management Digest!   As your trusted partner in data innovation, the ...