Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Workflow actions and variables

gargantua
Path Finder
‎08-16-2023 02:00 AM

Hi,

We have a internal wiki with tons of useful informations about hosts and IPs.

I'm trying to set up a workflow that triggers a search of the value -IP or Hostname- on this internal wiki.

First issue : Since this workflow action should work with a variety of fields (src_ip, dest_ip, host, src, dest, etc.) : What variable shall I use in order to return in the workflow action the selected value ? Is there a sort of global variable like $the_selected_value$ no matter it's an IP address, a hostname or whatsoever ?

Second issue : I selected my workflow to be applied on any field with a * but the workflow action is just not available anywhere.

Thanks in advance for your kind help on this matter !

Best

0 Karma
Reply

gargantua
Path Finder
‎08-16-2023 02:28 AM

I added the workflow action within the web UI of a search head.

We're using Splunk Enterprise and Enterprise Security.
All of our Splunk instances are on version 9

We ingest all type of events : *nix, windows sysmon, web server access logs, firewalls, etc.

The workflow action is now available, but I still don't know what variable to use in my web request.

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎08-16-2023 02:11 AM

Where is this workflow defined? Which Splunk product(s) and version(s) are you using? What events do you have ingested into Splunk?

0 Karma
Reply
Get Updates on the Splunk Community!

[Live Demo] Watch SOC transformation in action with the reimagined Splunk Enterprise ...

Overwhelmed SOC? Splunk ES Has Your Back Tool sprawl, alert fatigue, and endless context switching are making ...

What’s New & Next in Splunk SOAR

Security teams today are dealing with more alerts, more tools, and more pressure than ever.  Join us on ...

Your Voice Matters! Help Us Shape the New Splunk Lantern Experience

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...