Splunk® App for Edge Hub and Augmented Reality

Splunk AR: Install and Use Splunk App for Edge Hub and Splunk AR

Acrobat logo Download manual as PDF


The Splunk App for AR is a required companion app for the Splunk AR mobile app. To learn more, see About the Splunk App for AR.
This documentation does not apply to the most recent version of Splunk® App for Edge Hub and Augmented Reality. For documentation on the most recent version, go to the latest release.
Acrobat logo Download topic as PDF

Splunk AR Workflow Automation tutorial

Workflow Automation is available in Splunk AR version 2.1.0 and higher. Workflow Automation integrates Splunk SOAR playbooks into AR workspaces to guide users through real-world tasks. To use Workflow Automation, create playbooks in Splunk SOAR and then add them to your AR workspaces in the Splunk AR mobile app.

For example, you can use Workflow Automation to guide a maintenance worker through servicing a sensor. Suppose the worker needs to check if a temperature sensor works properly. You can create a playbook to instruct the worker to check if the sensor has a reading, use their own thermometer to check if the readings match, and file a ticket if the sensor doesn't work.

Follow this tutorial to get started with using Workflow Automation. This tutorial guides you through this example use case

This is an example Splunk SOAR playbook that you can use with the Splunk AR Workflow Automation feature.

Prerequisites

Before using Workflow Automation in Splunk AR, complete the following tasks:

  • Set up Splunk AR and AR workspaces. See Set up Splunk AR in the Get started with Splunk AR topic.
  1. You've installed Splunk SOAR. See the Splunk SOAR documentation to get started.
  2. You must have the ar_admin role or the edit_phantom_configuration capability to enable Workflow Automation. See Configure Splunk AR roles and permissions to learn more about Splunk AR roles and capabilities.
  3. You and your Splunk AR users have the right permissions to view and interact with playbooks. See the Splunk SOAR documentation and see Configure Splunk AR roles and permissions for playbook access permissions in Splunk AR.

Create a sensor maintenance flow playbook in Splunk SOAR for Workflow Automation

Here's how to create a simple maintenance flow playbook for Workflow Automation. These steps follow a temperature sensor maintenance flow example.

To add a new block to a playbook, drag the half-circle icon attached to any block on the canvas. Release your mouse to create a new empty block connected with an arrow to the original block.

See the Splunk SOAR documentationinformation about creating playbooks.

Check if the sensor has a reading

Create a prompt block that asks the worker if the sensor has a reading.

  1. Navigate to the Playbooks page.
  2. Click + Playbook.
  3. Create a prompt block. Drag the free edge on the START block to create prompt 1.
    1. Assign admin as the approver.
    2. In the message field, enter Does the sensor have a reading?
    3. Add a response. Select Yes/No as the response type.

The fields should be completed like this: This screenshot of Splunk SOAR shows completed fields mentioned in the steps to create a prompt that asks the worker if the sensor has a reading.

Measure temperature manually

Set up a decision tree to measure temperature manually.

  1. Create a decision block. Drag the free edge on decision 1 to create prompt 2.
  2. In the If field, select prompt_1:action_resultsummary.responses0.
  3. Select ==
  4. Enter Yes.
  5. Click Add Else.

This screenshot of Splunk SOAR shows how to set up a decision tree to measure temperature manually in the prompt Advanced Settings.

If the sensor has a reading, tell the worker to measure the temperature with their own thermometer.

  1. Drag the free edge on decision 1 to create prompt 2.
  2. Assign admin as the approver.
  3. In the message field, enter Measure the temperature with your own thermometer.
  4. Add a response: Select Custom List as a response type and enter the value OK.

This is a  screenshot of Splunk SOAR that shows completed fields for creating a prompt that tells the worker to measure the temperature with their own thermometer.

Cross check the sensor reading

Set up a decision tree that cross checks the sensor reading.

  1. Drag the free edge on prompt 2 to create prompt 3.
    1. Assign admin as the approver.
    2. In the message field, enter Does your reading match the sensor reading?
    3. Add a response: Select Yes/No as a response type.

This is a screenshot of Splunk SOAR that shows completed fields for creating a decision tree to request that the worker cross checks if the sensor has a reading. Ask the worker if the sensor reading matches the reading on their thermometer.

  1. Drag the free edge on prompt 3 to add decision 2.
  2. In the If field, select prompt_1:action_resultsummary.responses0.
  3. Select ==
  4. Enter Yes.
  5. Click Add Else If.

This is a screenshot of Splunk SOAR that shows completed fields for creating a prompt to ask the worker if the reading on their thermometer matches the sensor reading,

File a ticket if the sensor doesn't work

If the sensor does not have a reading, or if the sensor reading does not match their thermometer reading, tell the worker to file a ticket.

  1. Drag the free edge on decision 1 to create prompt 4.
    1. Assign admin as the approver.
    2. In the Message field, enter Sensor needs repair. File a ticket.
    3. Add a response. Select Custom List as a response type and enter the value OK.
  2. Drag the free edge on decision 2 to prompt 4.

This is a screenshot of Splunk SOAR that shows the completed fields for creating a prompt that tells the worker to file a service ticket if the sensor isn't working.

Complete the playbook

  1. Drag the free edge on decision 2 to create prompt 5.
    1. Assign admin as the approver.
    2. In the Message field, enter Done.
  2. Drag the free edge on prompt 4 to prompt 5.
  3. Drag the free edge on prompt 5 to the END block.

This basic example uses a prompt block to tell the worker to file a ticket. Depending on what you want to complete with this playbook, you can create any type of block, such as an action block or another playbook. Splunk SOAR integrates with various apps that let you take action outside of Workflow Automation.

Add the playbook to a workspace in the Splunk AR app

After creating a playbook for Workflow Automation, add the playbook to a workspace in the Splunk AR mobile app. See Add Splunk SOAR playbooks to AR workspaces in Splunk AR in the Administrate Splunk AR manual to learn how to use Workflow Automation in the Splunk AR app.

Last modified on 21 July, 2023
PREVIOUS
View usage metrics in the Splunk App for AR
  NEXT
Manage playbooks in the Splunk AR mobile app

This documentation applies to the following versions of Splunk® App for Edge Hub and Augmented Reality: 1.0.0, 1.10.0, 1.2.0, 1.2.1, 1.3.0, 1.4.1, 2.0.0, 2.0.2, 2.1.0, 3.0.0, 3.0.1, 4.0.0, 4.0.1, 4.1.1, 4.1.2, 4.2.1, 4.2.2, 4.3.0, 4.3.1


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters