View the list of configured playbooks in
The Playbooks table contains all currently available playbooks and significant metadata about those playbooks. Use the playbooks list to sort, filter, and manage your playbooks.
To view the Playbooks table, click the main menu in , then click Playbooks.
From the Playbooks table page, you can perform any of the following tasks:
- Use the search field to find specific playbooks. Searches are case-insensitive and partial-word matches are supported. This search does not support booleans, such as AND, NOT, or OR.
- Click on column headers to sort the playbooks. The first click sorts in ascending order. The second will sort in descending order. For example, click the Updated column header. The icon changes to indicate whether the column is sorted in descending or ascending order. so that the playbooks with the most recent changes are listed at the top.
- By default, 10 playbooks are displayed at a time. Click the Show 10 dropdown and select the number of playbooks you want displayed at a time.
- Click the Reorder Active Playbooks icon () to change the order in which active playbooks are listed. See Reorder active playbooks in .
- Click the Import Playbook icon () to add a playbook to . See Import a playbook to .
- Click + Playbook button to create a new playbook. The Playbook Editor will open in a new tab or window.
The columns in the Playbook table are described in the following table. By default, all available columns are visible. Scroll to the right as needed to view all available columns. Click the vertical ellipsis icon to select which columns to display.
|Name||The name and description of the playbook.|
|Success||The number of times the playbook has run successfully.|
|Failed||The number of times the playbook did not finish running.|
|Label||The event label that the playbooks runs on. This value is configured as the Operates on field in the playbook settings. See Review playbook settings for a playbook in .|
|Repo||The repository or folder where the playbook is saved.|
|Category||The playbook category. This value is configured in the Category field in the playbook settings. See Review playbook settings for a playbook in .|
|Status||Indicates whether or not the playbook is active in Splunk Mission Control:
Only active playbooks can be run.
|Mode||Either Classic or Modern. A Classic playbook uses the older version of the two playbook editors available in , and a Modern playbook uses a newer version of the playbook editor in . For details about the differences between them, see Choose between playbooks and classic playbooks in .|
|Type||The type of user who created the playbook, either Automation or Input. Automation playbooks run automatically based on triggers. Input playbooks are used only as sub-playbooks, and are not automatically triggered as independent playbooks. The input type playbooks can't be run manually so they won't be visible if you use the Run Playbook button.|
|Python Version||The Python version used in the playbook.|
|Created||The date and time when the playbook was saved for the first time.|
|Updated||The date and time when the playbook was most recently saved.|
|Updated By||The name of the user who last updated the playbook.|
|Version||The playbook version number.|
|Tags||The tags associated with the playbook.|
|Apps Used||The apps that are used by this playbook.|
|Actions Used||The actions that are used by this playbook.|
|Sub-Playbooks Called||The sub-playbooks that are called by this playbook.|
Create custom lists for use in playbook comparisons
Export and import playbooks in
This documentation applies to the following versions of Splunk® SOAR (Cloud): current