×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
wazza
Loves-to-Learn Everything
Member since: ‎03-11-2024
‎05-29-2025
Community Statistics
Posts 1
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎03-11-2024
Topics I've Started
No posts to display.
View All

Re: Issue with event_id Not Appearing When Sending...

by in Splunk SOAR
‎05-21-2025 04:21 PM
‎05-21-2025 04:21 PM
Hi @kn450 , @Saba    I have encountered this same issue a few days back and solved it by running a playbook to do a splunk search to create the event_id from the data in my artifact. The macro `get_event_id_meval` is used to create the event id from the indexer_guid, index and event_hash fields, separated by "@@", i.e. indexer_guid@@index@@event_hash. Is this the best way? Probably not, but it does work and I can always update it should I find a better solution. See the search below. index=notable search_name="<your_search_name>" firstTime="xxxx" lastTime="xxxx" | eval `get_event_id_meval` | fields event_id   ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎05-29-2025 07:42 PM