Splunk AR Workflow Automation tutorial
Workflow Automation is available in Splunk AR version 2.1.0 and higher. Workflow Automation integrates Splunk SOAR playbooks into AR workspaces to guide users through real-world tasks. To use Workflow Automation, create playbooks in Splunk SOAR and then add them to your AR workspaces in the Splunk AR mobile app.
For example, you can use Workflow Automation to guide a maintenance worker through servicing a sensor. Suppose the worker needs to check if a temperature sensor works properly. You can create a playbook to instruct the worker to check if the sensor has a reading, use their own thermometer to check if the readings match, and file a ticket if the sensor doesn't work.
Follow this tutorial to get started with using Workflow Automation. This tutorial guides you through this example use case
Prerequisites
Before using Workflow Automation in Splunk AR, complete the following tasks:
- Set up Splunk AR and AR workspaces. See Set up Splunk AR in the Get started with Splunk AR topic.
- You've installed Splunk SOAR. See the Splunk SOAR documentation to get started.
- You must have the ar_admin role or the edit_phantom_configuration capability to enable Workflow Automation. See Configure Splunk AR roles and permissions to learn more about Splunk AR roles and capabilities.
- You and your Splunk AR users have the right permissions to view and interact with playbooks. See the Splunk SOAR documentation and see Configure Splunk AR roles and permissions for playbook access permissions in Splunk AR.
- Enable the Workflow Automation feature on user devices.
Create a sensor maintenance flow playbook in Splunk SOAR for Workflow Automation
Here's how to create a simple maintenance flow playbook for Workflow Automation. These steps follow a temperature sensor maintenance flow example.
To add a new block to a playbook, drag the half-circle icon attached to any block on the canvas. Release your mouse to create a new empty block connected with an arrow to the original block.
See the Splunk SOAR documentationinformation about creating playbooks.
Check if the sensor has a reading
Create a prompt block that asks the worker if the sensor has a reading.
- Navigate to the Playbooks page.
- Click + Playbook.
- Create a prompt block. Drag the free edge on the START block to create prompt 1.
- Assign admin as the approver.
- In the message field, enter Does the sensor have a reading?
- Add a response. Select Yes/No as the response type.
The fields should be completed like this:
Measure temperature manually
Set up a decision tree to measure temperature manually.
- Create a decision block. Drag the free edge on decision 1 to create prompt 2.
- In the If field, select prompt_1:action_resultsummary.responses0.
- Select ==
- Enter Yes.
- Click Add Else.
If the sensor has a reading, tell the worker to measure the temperature with their own thermometer.
- Drag the free edge on decision 1 to create prompt 2.
- Assign admin as the approver.
- In the message field, enter Measure the temperature with your own thermometer.
- Add a response: Select Custom List as a response type and enter the value OK.
Cross check the sensor reading
Set up a decision tree that cross checks the sensor reading.
- Drag the free edge on prompt 2 to create prompt 3.
- Assign admin as the approver.
- In the message field, enter Does your reading match the sensor reading?
- Add a response: Select Yes/No as a response type.
Ask the worker if the sensor reading matches the reading on their thermometer.
- Drag the free edge on prompt 3 to add decision 2.
- In the If field, select prompt_1:action_resultsummary.responses0.
- Select ==
- Enter Yes.
- Click Add Else If.
File a ticket if the sensor doesn't work
If the sensor does not have a reading, or if the sensor reading does not match their thermometer reading, tell the worker to file a ticket.
- Drag the free edge on decision 1 to create prompt 4.
- Assign admin as the approver.
- In the Message field, enter Sensor needs repair. File a ticket.
- Add a response. Select Custom List as a response type and enter the value OK.
- Drag the free edge on decision 2 to prompt 4.
Complete the playbook
- Drag the free edge on decision 2 to create prompt 5.
- Assign admin as the approver.
- In the Message field, enter Done.
- Drag the free edge on prompt 4 to prompt 5.
- Drag the free edge on prompt 5 to the END block.
This basic example uses a prompt block to tell the worker to file a ticket. Depending on what you want to complete with this playbook, you can create any type of block, such as an action block or another playbook. Splunk SOAR integrates with various apps that let you take action outside of Workflow Automation.
Add the playbook to a workspace in the Splunk AR app
After creating a playbook for Workflow Automation, add the playbook to a workspace in the Splunk AR mobile app. See Add Splunk SOAR playbooks to AR workspaces in Splunk AR in the Administrate Splunk AR manual to learn how to use Workflow Automation in the Splunk AR app.
Splunk AR remote collaboration | Manage playbooks in the Splunk AR mobile app |
This documentation applies to the following versions of Splunk® App for Edge Hub and Augmented Reality: 1.0.0, 1.10.0, 1.2.0, 1.2.1, 1.3.0, 1.4.1, 2.0.0, 2.0.2, 2.1.0, 3.0.0, 3.0.1, 4.0.0, 4.0.1, 4.1.1, 4.1.2, 4.2.1, 4.2.2, 4.3.0, 4.3.1
Feedback submitted, thanks!