Splunk® AR for iOS

Administer Splunk AR

This documentation does not apply to the most recent version of Splunk® AR for iOS. For documentation on the most recent version, go to the latest release.

Create a playbook in Splunk Phantom to use in the Splunk AR Workflow Automation feature

Workflow Automation is a beta feature available in Splunk AR version 2.1.0 and later. Workflow Automation integrates Phantom playbooks into AR workspaces to guide users through real-world tasks. To use Workflow Automation, create playbooks in Phantom and then add them to your AR workspaces in the Splunk AR mobile app.

For example, you can use Workflow Automation to guide a maintenance worker through servicing a sensor. Suppose the worker needs to check if a temperature sensor works properly. You can create a playbook to instruct the worker to check if the sensor has a reading, use their own thermometer to check if the readings match, and file a ticket if the sensor doesn't work.

Sensor maintenance flow playbook.png

Prerequisites

Before using Workflow Automation in Splunk AR, complete the following tasks:

Create a sensor maintenance flow playbook in Splunk Phantom for Workflow Automation

Here's how to create a simple maintenance flow playbook for workflow automation. These steps follow a temperature sensor maintenance flow example.

To add a new block to a playbook, drag the half-circle icon attached to any block on the canvas. Release your mouse to create a new empty block connected to the originating block with an arrow.

See Create and debug playbooks in Splunk Phantom using the visual playbook editor in Use Splunk Phantom for detailed information about creating playbooks.

Check if the sensor has a reading

Ask the worker if the sensor has a reading.

  1. Navigate to the Playbooks page.
  2. Click + Playbook.
  3. Create a prompt block. Drag the green half-circle on the START block to create prompt 1.
    1. Assign admin as the approver.
    2. Write a message: Write "Does the sensor have a reading?"
    3. Add a response. Select Yes/No as the response type.

1.png

Measure temperature manually

Set up a decision tree.

  1. Create a decision block. Drag the green half-circle on decision 1 to create prompt 2.
  2. Select if prompt_1:action_resultsummary.responses0.
  3. Enter == Yes.
  4. Click Add Else.

2.png

If the sensor has a reading, tell the worker to measure the temperature with their own thermometer.

  1. Drag the green half-circle on decision 1 to create prompt 2.
  2. Assign admin as the approver.
  3. Write a message: Write "Measure the temperature with your own thermometer."
  4. Add a response: Select Custom List as a response type and enter the value OK.

3.png

Cross check the sensor reading

Set up a decision tree.

  1. Drag the green half-circle on prompt 2 to create prompt 3.
    1. Assign admin as the approver.
    2. Write a message: Write "Does your reading match the sensor reading?"
    3. Add a response: Select Yes/No.

4.png Ask the worker if the sensor reading matches the reading on their thermometer.

  1. Drag the green half-circle on prompt 3 to add decision 2.
  2. Select if prompt_1:action_resultsummary.responses0.
  3. Enter == Yes.
  4. Click Add Else.

5.png

File a ticket if the sensor doesn't work

If the sensor does not have a reading, or if the sensor reading does not match their thermometer reading, tell the worker to file a ticket.

  1. drag the purple half-circle on decision 1to create prompt 4.
    1. Assign admin as the approver.
    2. Write a message: Write "Sensor needs repair. File a ticket."
    3. Add a response: Select Custom List as a response type and enter the value OK.
  2. Drag the purple half-circle on decision 2 to prompt 4.

File a ticket.png

To keep things simple, this example uses a prompt block to tell the worker to file a ticket. Depending on what you want to complete with this playbook, you can create any type of block, such as an action block or another playbook. Splunk Phantom integrates with various apps that let you take action outside of Workflow Automation. See Add and configure apps and assets to provide actions in Splunk Phantom to learn how to provide actions in a playbook. See Run other playbooks inside your playbook to learn how to add another playbook to your playbook.

Complete the playbook

  1. Drag the green half-circle on decision 2 to create prompt 5.
    1. Assign admin as the approver.
    2. Write a message: Write "Done"
  2. Drag the half green circle on prompt 4 to prompt 5.
  3. Drag the green half-circle on prompt 5 to the END block.

Add the playbook to a workspace in the Splunk AR app

See Add Phantom playbooks to AR workspaces in Splunk AR to learn how to use Workflow Automation in the Splunk AR app.

Last modified on 09 October, 2020
Workflow Automation Security   Manage playbooks in Splunk AR

This documentation applies to the following versions of Splunk® AR for iOS: 2.1.0, 2.2.0, 2.3.0, 2.4.1, 2.5.0


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters