A knowledge object that enables a variety of interactions between indexed fields in events and other web resources, including external web resources. For example, you can define workflow actions that:
- Are associated with an IP address field in your search results; you use it to perform an external WHOIS lookup based on a particular value of that field in a specific event.
- Use the field values in an HTTP error event to create a new entry in an external issue tracking system.
- Perform an external search (using Google or a similar web application) on the value of a field in an event.
- Launch secondary Splunk searches that use one or more field values from selected events.
In addition, you can define workflow actions that:
- Are targeted to events that contain a particular field or set of fields, or which belong to a specific event type
- Open either in the current window or a new one when they are selected.
- Appear in field menus, event menus, or both (in search results).
You can set up and manage workflow actions through Manager. Navigate to Manager > Fields > Workflow actions.
For more information
See the Knowledge Manager Manual: