Workflow actions and variables

gargantua · ‎08-16-2023

Hi,

We have a internal wiki with tons of useful informations about hosts and IPs.

I'm trying to set up a workflow that triggers a search of the value -IP or Hostname- on this internal wiki.

First issue : Since this workflow action should work with a variety of fields (src_ip, dest_ip, host, src, dest, etc.) : What variable shall I use in order to return in the workflow action the selected value ? Is there a sort of global variable like $the_selected_value$ no matter it's an IP address, a hostname or whatsoever ?

Second issue : I selected my workflow to be applied on any field with a * but the workflow action is just not available anywhere.

Thanks in advance for your kind help on this matter !

Best

gargantua · ‎08-16-2023

I added the workflow action within the web UI of a search head.

We're using Splunk Enterprise and Enterprise Security.
All of our Splunk instances are on version 9

We ingest all type of events : *nix, windows sysmon, web server access logs, firewalls, etc.

The workflow action is now available, but I still don't know what variable to use in my web request.

ITWhisperer · ‎08-16-2023

Where is this workflow defined? Which Splunk product(s) and version(s) are you using? What events do you have ingested into Splunk?

Workflow actions and variables

New This Month - Splunk Observability updates and improvements for faster ...

What's New in Splunk Cloud Platform 9.3.2411?

Buttercup Games: Further Dashboarding Techniques (Part 6)