Splunk® SOAR (Cloud)

Build Playbooks with the Playbook Editor

The classic playbook editor will be deprecated soon. Convert your classic playbooks to modern mode.
After the future removal of the classic playbook editor, your existing classic playbooks will continue to run, However, you will no longer be able to visualize or modify existing classic playbooks.
For details, see:

View the list of configured playbooks in

The Playbooks table contains all currently available playbooks and significant metadata about those playbooks. Use the playbooks list to sort, filter, and manage your playbooks.

To view the Playbooks table, select the main menu in , then select Playbooks.

From the Playbooks table page, you can perform any of the following tasks:

  • Use the search field to find specific playbooks. Searches are case-insensitive and partial-word matches are supported. This search does not support booleans, such as AND, NOT, or OR.
  • Select column headers to sort the playbooks. The first click sorts in ascending order. The second will sort in descending order. For example, select the Updated column header. The icon changes to indicate whether the column is sorted in descending or ascending order. so that the playbooks with the most recent changes are listed at the top.
  • By default, 10 playbooks are displayed at a time. Select the Show 10 dropdown and select the number of playbooks you want displayed at a time.
  • Select the Reorder Active Playbooks icon (The Reorder Active Playbooks icon) to change the order in which active playbooks are listed. See Reorder active playbooks in .
  • Select the Update from source control icon (The Update from source control icon) to update playbooks based on the source you select and your source control settings.
  • Select the Manage source control icon (The Manage source control icon) to manage your source control settings. See Configure a source control repository for your playbooks.
  • Select the Import Playbook icon (The Import Playbook icon) to add a playbook to . See Import a playbook to .
  • Select the + Playbook button to create a new playbook. The Playbook Editor will open in a new tab or window.

The columns in the Playbook table are described in the following table. By default, all available columns are visible. Scroll to the right as needed to view all available columns. Select the vertical ellipsis icon to select which columns to display.

Column Description
Name The name and description of the playbook.
Success The number of times the playbook has run successfully.
Failed The number of times the playbook did not finish running.
Label The event label that the playbooks runs on. This value is configured as the Operates on field in the playbook settings. See Review playbook settings for a playbook in .
Repo The repository or folder where the playbook is saved.
Category The playbook category. This value is configured in the Category field in the playbook settings. See Review playbook settings for a playbook in .
Status Indicates whether or not the playbook is active in Splunk Mission Control:
  • Inactive means the playbook is not active.
  • Active means the playbook is active.

Only active playbooks can be run.


Either Classic or Modern. A Classic playbook uses the older version of the two playbook editors available in , and a Modern playbook uses a newer version of the playbook editor in . For details about the differences between them, see Choose between playbooks and classic playbooks in .

Type The type of user who created the playbook, either Automation or Input. Automation playbooks run automatically based on triggers. Input playbooks are used only as sub-playbooks, and are not automatically triggered as independent playbooks. The input type playbooks can't be run manually so they won't be visible if you use the Run Playbook button.
Python Version The Python version used in the playbook.
Created The date and time when the playbook was saved for the first time.
Updated The date and time when the playbook was most recently saved.
Updated By The name of the user who last updated the playbook.
Version The playbook version number.
Tags The tags associated with the playbook.
Apps Used The apps that are used by this playbook.
Actions Used The actions that are used by this playbook.
Sub-Playbooks Called The sub-playbooks that are called by this playbook.
Last modified on 29 May, 2024
Create custom lists for use in playbook comparisons   Export and import playbooks in

This documentation applies to the following versions of Splunk® SOAR (Cloud): current, current

Was this topic useful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters