Splunk® Enterprise

Knowledge Manager Manual

Download manual as PDF

Download topic as PDF

Control workflow action appearance in field and event menus

When workflow actions are set up correctly, they appear in menus associated with fields and events in your search results. You can arrange for workflow actions to be event-level (meaning they apply to an entire event), field-level (meaning they apply to specific fields within events), or both.

To select event-level workflow actions:

  • Run a search.
  • Go to the Events tab.
  • Expand an event in your search results and click Event Actions.

Here's an example of "Show Source," an event-level workflow action that, when clicked, displays the source for the event in your raw search data.

6.0 wkflw actions event1.png

Alternatively, you can have the workflow action appear in the Actions menus for fields within an event. Here's an example of a workflow action that opens a Google search in a separate window for the selected field and value.

6.0 wkflow actions field1.png

Both of these examples are of workflow actions that use the GET link method.

You can also define workflow actions that appear both at the event level and the field level. For example, you might do this for workflow actions that do something with the value of a specific field in an event, such as User_ID.

PREVIOUS
Set up a search workflow action
  NEXT
Use special parameters in workflow actions

This documentation applies to the following versions of Splunk® Enterprise: 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.1.0, 7.1.1, 7.1.2


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters