Splunk SOAR
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

playbook id changes all the time

meshorer
Path Finder
‎10-23-2023 06:46 AM

hi,

I see that playbooks ID keep changing all the time.

can anyone explain the reasons to it?

 

 

thank you,

 

Daniel

 

 

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

phanTom
SplunkTrust
SplunkTrust
‎10-23-2023 08:23 AM

@meshorer Understood but I am just wondering that you mean by tracking as the system "tracks" them. 

Yes there is a rest call to find the name based on the id:

xxx/rest/playbook/<id>/name

If you need to find an ID based on the name then you can also:

xxx/rest/playbook?_filter_name="<name>"

-- Happy SOARing! Please mark as a solution for future readers if it resolved your issue. --

View solution in original post

0 Karma
Reply
Solved! Jump to solution

phanTom
SplunkTrust
SplunkTrust
‎10-23-2023 06:49 AM

@meshorer whenever you update a playbook it will save with a different id to enable version control. 

Is something about it changing the id causing you some issues in automation (or other places)?

0 Karma
Reply
Solved! Jump to solution

meshorer
Path Finder
‎10-23-2023 08:00 AM

@phanTom , thank you.

it is a bit difficult to keep track all the ID's, but I learned there is a rest query to get the name of the playbook from it's ID.

 

0 Karma
Reply
Solved! Jump to solution
Solution

phanTom
SplunkTrust
SplunkTrust
‎10-23-2023 08:23 AM

@meshorer Understood but I am just wondering that you mean by tracking as the system "tracks" them. 

Yes there is a rest call to find the name based on the id:

xxx/rest/playbook/<id>/name

If you need to find an ID based on the name then you can also:

xxx/rest/playbook?_filter_name="<name>"

-- Happy SOARing! Please mark as a solution for future readers if it resolved your issue. --

0 Karma
Reply
Solved! Jump to solution

meshorer
Path Finder
‎10-23-2023 08:28 AM

"tracks" meaning that I plan to monitor logs to fire an alert when for example a playbook fails to execute.
in that case, I would probably need to identify which is the failing playbook by it's ID.

I have posted a new question about it 🙂

thank you

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Answers Content Calendar, July Edition I

Hello Community! Welcome to another month of Community Content Calendar series! For the month of July, we will ...

Secure Your Future: Mastering Upgrade Readiness for Splunk 10

Spotlight: The Splunk Health Assistant Add-On  The Splunk Health Assistant Add-On is your ultimate companion ...

Observability Unlocked: Kubernetes & Cloud Monitoring with Splunk IM

Ready to master Kubernetes and cloud monitoring like the pros? Join Splunk’s Growth Engineering team on ...