Splunk® Phantom Remote Search

Splunk Phantom Remote Search

Acrobat logo Download manual as PDF


Splunk Phantom Remote Search has been replaced by Splunk App for SOAR.
Acrobat logo Download topic as PDF

About the Splunk Phantom Remote Search app

Splunk Phantom and Splunk SOAR can use an external Splunk Enterprise or Splunk Cloud Platform instance as the main search engine to search for Splunk Phantom or Splunk SOAR data. To do this, install the Splunk Phantom Remote Search app on your Splunk instance to connect your Splunk instance to your Splunk Phantom or Splunk SOAR instance.

You can use the Splunk Phantom Remote Search app to connect Splunk Phantom or Splunk SOAR to the Splunk platform in the following ways:

New features and enhancements in this release

This release of the Splunk Phantom Remote Search app includes the following enhancements and updates:

Obtain a Splunk Enterprise license to use the Splunk Phantom Remote Search app

You need a Splunk Enterprise license to use external Splunk Enterprise with Splunk Phantom or Splunk SOAR. If you don't already have a Splunk Enterprise license, work with your delivery team to purchase one.

Version compatibility with Splunk Phantom

The Splunk Phantom Remote Search App is compatible with specific Splunk Phantom and Splunk platform combinations.

Splunk Cloud Platform

Verify you have one of the following Splunk Phantom and Splunk Cloud Platform combinations:

Splunk Phantom Remote Search App Version Splunk Cloud Platform Version Splunk Phantom Version
1.0.17 8.2.2111 Splunk SOAR (On-premises) 5.1.0 or higher
8.2.2109 Splunk SOAR (On-premises) 5.0.1 or higher
8.2.2107 Splunk SOAR (On-premises) 5.0.1 or higher
8.2.2106 4.10.5.58640 or higher
8.2.2105 4.10.4.55789 or higher
8.1.2103 4.10.1.47064 or higher
8.1.2101 4.10.x
8.1.2012 4.10.x
8.1.2011 4.10.x
8.1.2009 4.10.x
8.0.6 4.10.x
1.0.14 8.0.6, 8.0.x later than 8.0.6 4.8.x, 4.9.x
7.3.x 4.8.x, 4.9.x
7.2.x 4.8.x, 4.9.x
1.0.12 7.3.x 4.8.x, 4.9.x
7.2.x 4.8.x, 4.9.x

Splunk Enterprise

Verify you have one of the following Splunk Phantom and Splunk Enterprise combinations:

Splunk Phantom Remote Search App Version Splunk Enterprise Version Splunk Phantom Version
1.0.17 8.2.4 Splunk SOAR (On-premises) 5.3.1
8.2.0–8.2.3 4.10.4–4.10.x, Splunk SOAR (On-premises) 5.2.1, 5.3.1
8.1, 8.1.x 4.10.x
8.0.6, 8.0.x later than 8.0.6 4.10.x
7.3, 7.3.x 4.10.x
1.0.14 8.0.6–8.0.x 4.8.x, 4.9.x
7.3, 7.3.x 4.8.x, 4.9.x
7.2, 7.2.x 4.8.x, 4.9.x
1.0.12 7.3 4.6.x–4.9.x
7.2, 7.2.x 4.6.x–4.9.x
Last modified on 29 April, 2022
  NEXT
Install and upgrade the Splunk Phantom Remote Search app

This documentation applies to the following versions of Splunk® Phantom Remote Search: 1.0.17


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters