Splunk® SOAR (Cloud)

Administer Splunk SOAR (Cloud)

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Share data from

When is deployed, the platform sends anonymized usage data to Splunk Inc. ("Splunk") to help improve in future releases.

How data is collected

uses Splunk Web Analytics (swa.js) to collect anonymous usage data. These analytics run in the background. Collecting data affects the web interface loading in a minimal way.

What data is collected

Data is collected to measure metrics of the product, assess performance for optimizations, evaluate engagement for roadmaps, and discover client-side errors to inform UI fixes. The metrics do not contain any user-provided values such as username, email, or any URL parameters that are user or customer identifiable. collects the following basic usage information:

Name Description Example
app.session.session_start Reports the browser and OS, along with their versions.
data: {
    app: UNKNOWN_APP
    browser: Chrome
    browserVersion: 78.0.3904.97
    device: MacIntel
    locale: en-US
    os: Mac OS X
    osVersion: 10.
    page: UNKNOWN_PAGE
    splunkVersion: not available
}
eventID: d9ca862c-d48d-83a1-d1bb-f0f25f4b5af8
experienceID: 6c2c534b-e750-e1a0-95fd-fcada1a50be0
optInRequired: 3
timestamp: 1574213029
visibility: anonymous
app.session.soar.pageview Reports which pages are visited by users.
data: {
   app: soar
   page: admin.company_settings.info
   soarDeploymentID: soar-a2a983de-38ec-42d7-a179-30087b0ca8ca
   soarUserID: 5d900c28b8d1555745c09908ef386860
}
deploymentID: soar-a2a983de-38ec-42d7-a179-30087b0ca8ca
eventID: 0db11144-7c14-88f7-b3e9-3a999102bfc6
experienceID: 20d4d671-7d18-f74a-c72f-9811b5bee20d
optInRequired: 3
timestamp: 1574210581565
visibility: anonymous
app.session.soar.error Reports uncaught errors of front-end scripts.
data: {
   app: soar
   errorMsg: Uncaught ReferenceError: helloworld is not defined
   file: /inc/swa/swa_enabled.js
   page: admin.product_settings.telemetry
   position: 74:1
   soarDeploymentID: soar-a2a983de-38ec-42d7-a179-30087b0ca8ca
   soarUserID: 5d900c28b8d1555745c09908ef386860
}
deploymentID: soar-a2a983de-38ec-42d7-a179-30087b0ca8ca
eventID: 94efce66-ab89-33ae-f894-1cceb8f68f78
experienceID: 239facf6-261d-dd96-be08-33870c7d3750
optInRequired: 3
timestamp: 1574294947704
visibility: anonymous
app.session.soar.apiTime Reports roundtrip time consumption for each API request.
data: {
    app: soar
    endpoint: /rest/ph_user/3/permissions
    method: get
    page: UNKNOWN_PAGE
    status: 200
    time: 150
    soarDeploymentID: soar-a2a983de-38ec-42d7-a179-30087b0ca8ca
    soarUserID: 5d900c28b8d1555745c09908ef386860
}
deploymentID: soar-a2a983de-38ec-42d7-a179-30087b0ca8ca
eventID: 551e5c46-4f71-d92a-51ba-30cf97ae3a97
experienceID: 6c2c534b-e750-e1a0-95fd-fcada1a50be0
optInRequired: 3
timestamp: 1574213030362
visibility: anonymous
app.session.soar.pageview Reports the page that user is visiting. Query strings and parameters are removed.
data: {
   app: soar
   page: admin.company_settings.info
   soarDeploymentID: soar-a2a983de-38ec-42d7-a179-30087b0ca8ca
   soarUserID: 5d900c28b8d1555745c09908ef386860
}
deploymentID: soar-a2a983de-38ec-42d7-a179-30087b0ca8ca
eventID: 0db11144-7c14-88f7-b3e9-3a999102bfc6
experienceID: 20d4d671-7d18-f74a-c72f-9811b5bee20d
optInRequired: 3
timestamp: 1574210581565
visibility: anonymous
app.session.soar.license Reports license status, limits, and usage information. Sent once per session.
data: {
   app: soar
   expirationDate: 1576800000000
   issueDate: 1575504000000
   limits: {
      actions: 50
      events: 75
      tenants: 250
      users: 5
   }
   page: UNKNOWN_PAGE
   type: standard
   usage: {
      recentAppRunCount: 5
      recentDebugRunCount: 5
      recentPlaybookRunCount: 1
   }
   soarDeploymentID: soar-a2a983de-38ec-42d7-a179-30087b0ca8ca
   soarUserID: 5d900c28b8d1555745c09908ef386860
}
deploymentID: soar-a2a983de-38ec-42d7-a179-30087b0ca8ca
eventID: 5854bede-18d9-5a88-d023-e698dab1afaf
experienceID: 31a418cc-1371-c58a-a0b8-dc87638b126f
optInRequired: 3
timestamp: 1575656115189
visibility: anonymous
app.session.soar.systemSettings Reports the feature on/off settings and product version.
data: {
   app: soar
   isClusteringEnabled: false
   isMultiTenantEnabled: false
   numOfClusterNodes: 0
   page: UNKNOWN_PAGE
   productVersion: 10900.0.5
   nodeGUID: dca36837-3e10-4cbd-bf14-b49097b84347
   isElasticSearchEnabled: false
   splunkConfig: {
     searchLocation: local
     searchType: standalone
   }
   soarDeploymentID: soar-a2a983de-38ec-42d7-a179-30087b0ca8ca
   soarUserID: 5d900c28b8d1555745c09908ef386860
}
deploymentID: soar-a2a983de-38ec-42d7-a179-30087b0ca8ca
eventID: d4b331e7-3ce3-91b6-7724-bc4d7235bca9
experienceID: 21febb16-c3f6-cbd5-ffac-905f1466c830
optInRequired: 3
timestamp: 1576695256840
visibility: anonymous
app.session.soar.vpe Reports:
  • VPE version (Classic or Modern)
  • The types of blocks in a playbook
  • The number of blocks in a playbook
  • Which hotkey shortcuts were used while editing a playbook
  • Specific SOAR features used in a playbook
data: {
   app: soar
   jsonSchemaVersion:"5.0.3"
   page: UNKNOWN_PAGE
   blocks: {
     totalCount: 14
     blockTypes: {
       action: 2
       playbook: 1
       code: 1
       utility: 1
       filter: 1
       decision: 1
       format: 6
       prompt: 1
     }
     customCodeBlockCount: 3
     customCodeBlockTypeCounts: {
       start: 0
       end: 1
       action: 2
       playbook: 0
       code: 0
       utility: 0
       filter: 0
       decision: 0
       format: 0
       prompt: 0
     }
     actions: ["geolocate ip", "whois domain"]
   }
   hotkeys: {
     totalCount: 14
     interactions: {
       addMiniMenu: 7
       addActionBlock: 6
       addPlaybookBlock: 0
       addCodeBlock: 0
       addUtilityBlock: 0
       addFilterBlock: 0
       addDecisionBlock: 0
       addFormatBlock: 1
       addPromptBlock: 0
       autoArrange: 1
       zoomToFit: 1
       zoomIn: 0
       zoomOut: 0
       savePlaybook: 1
       deleteNode: 0
       toggleEditor: 1
       toggleDebugger: 1
       toggleSettings: 1
       showShortcutModal: 1
     }
   }
   features: {
     customConditionLabel: 3
     customDatapaths: 2
     playbookInputs: {
       count: 0
       dataTypes: {
         "domain": 0
         "file id": 0
         "file name": 0
         "file path": 0
         "hash": 0
         "host name": 0
         "ip": 0
         "mac address": 0
         "port": 0
         "process name": 0
         "url": 0
         "user name": 0
       }
     }
     playbookOutputs: {
       count: 1
       dataTypes: {
         "domain": 1
         "file id": 0
         "file name": 0
         "file path": 0
         "hash": 0
         "host name": 0
         "ip": 0
         "mac address": 0
         "port": 0
         "process name": 0
         "url": 0
         "user name": 0
       }
       dedupeCount: 0
     }
   }
   playbookType: automation
   playbookName: 5d900c28b8d1555745c09908ef133337
   soarDeploymentID: soar-a2a983de-38ec-42d7-a179-30087b0ca8ca
   soarUserID: 5d900c28b8d1555745c09908ef386860
}
deploymentID: soar-a2a983de-38ec-42d7-a179-30087b0ca8ca
eventID: d4b331e7-3ce3-91b6-7724-bc4d7235bca9
experienceID: 21febb16-c3f6-cbd5-ffac-905f1466c830
optInRequired: 3
timestamp: 1576695256840
visibility: anonymous
app.session.soar.vpeTime Reports the time in milliseconds it took for the VPE to load in the browser.
data: {
   app: soar
   pageLoadTime: 10298
}
deploymentID: soar-a2a983de-38ec-42d7-a179-30087b0ca8ca
eventID: d4b331e7-3ce3-91b6-7724-bc4d7235bca9
experienceID: 21febb16-c3f6-cbd5-ffac-905f1466c830
optInRequired: 3
timestamp: 1576695256840
visibility: anonymous
Last modified on 03 September, 2021
PREVIOUS
Add and configure apps and assets to provide actions in
  NEXT
Manage roles and permissions in

This documentation applies to the following versions of Splunk® SOAR (Cloud): current


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters