Splunk® SOAR (Cloud)

Administer Splunk SOAR (Cloud)

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Configure search in

In earlier releases of search was handled by an embedded version of Splunk Enterprise. Beginning with release 6.2.0, uses PostgreSQL full-text search, which has been modified to accept the * wildcard. For search syntax and examples, see Search within .

To improve the ability to get data into a Splunk Cloud Platform, support was added for Universal Forwarders. For information about configuring forwarders, see Configure forwarders to send SOAR data to your Splunk deployment.

Configure to forward data to Splunk Cloud Platform

Integrating with Splunk Cloud Platform requires the following actions:

Reindex data to make newly added information searchable

You can reindex all of your data.

Reindexing will send all your SOAR data to your Splunk Enterprise or Splunk Cloud Platform deployment again, which can result in duplicated data. To prevent duplicates, make sure to delete existing objects from all forwarder groups before reindexing. See How indexing works in the Splunk Enterprise Managing Indexers and Clusters of Indexers manual.

Last modified on 30 November, 2023
PREVIOUS
Customize email templates in 		  NEXT
Configure forwarders to send SOAR data to your Splunk deployment

This documentation applies to the following versions of Splunk® SOAR (Cloud): current

Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters