×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
NuttyBrown
Engager
Member since: ‎04-11-2025
‎04-21-2025
Community Statistics
Posts 1
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎04-11-2025
Activity Feed
View All

SOAR101 question regarding passing variables

by in Splunk SOAR
‎04-11-2025 11:43 AM
‎04-11-2025 11:43 AM
Just getting started with SOAR and I am encountering a scenario where I obviously don't understand the concept enough. I could use a push in the right direction to understand how I'm supposed to pass output from a Splunk action block to a decision or utility block. Logic is as follows: 1. We utilize a Splunk -- Timer asset to schedule execution of playbook at certain time 2. First block is a Splunk query action block; basic SPL is  index=custom_index usernames=* | table usernames, emailAddresses, userScore 3. I want to pass the usernames to a decision block, and this is where I get lost. I see event choices, and CEF fields, etc. as options, but nothing explicitly stated for "usernames". Am I supposed to custom code a solution using action_result.data, and if so, can I get a hint on how to do so? (this wasn't covered in my creating playbooks course) Thank you ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎04-21-2025 08:33 AM
Karma given to
View All