Splunk Tech Talks
Deep-dives for technical practitioners.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
New Article

Understanding Phantom’s Join Logic

melissap
Splunk Employee
Splunk Employee
‎11-19-2020 02:22 PM

View our Tech Talk: Security Edition, Understanding Phantom’s Join Logic. 

(view in My Videos)

 

Playbooks allow analysts to automate everyday security tasks and save time. Oftentimes, these playbooks are simple: run a query or complete a single action. However, playbooks can also be very complex. As that complexity grows, there’s a need for more advanced features of playbook design to be considered to ensure they run effectively.

 

One of the ways to do this is to take a look at how parallel action blocks are set to re-join each other to continue processing. Have your complex playbooks ever stopped running unexpectedly after parallel single actions? That’s probably because of your ‘join’ settings. This talk will explain how Phantom’s 'join' logic works, and tips for writing effective and error-free playbooks.

Tune in to learn:

  • What may cause a playbook to stop running unexpectedly and how to fix it
  • How to use the join logic effectively 
  • How to properly use Phantom join logic in a live demo
Tags (2)
0 Karma
2 Comments
Get Updates on the Splunk Community!

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...

Updated Team Landing Page in Splunk Observability

We’re making some changes to the team landing page in Splunk Observability, based on your feedback. The ...

New! Splunk Observability Search Enhancements for Splunk APM Services/Traces and ...

Regardless of where you are in Splunk Observability, you can search for relevant APM targets including service ...