Splunk® App for SOAR

Use Splunk App for SOAR

Learn about the remote-search service in Splunk App for SOAR

Starting with Splunk SOAR version 6.2.0, Splunk App for SOAR uses universal forwarders instead of remote search.

Splunk SOAR can use an external Splunk Cloud Platform or Enterprise instance as the main search engine to search for Splunk SOAR data. To do that, install Splunk App for SOAR (previously known as Splunk Phantom Remote Search) on your Splunk instance to connect your Splunk instance to your Splunk SOAR instance.

After you have configured the remote-search feature on your Splunk SOAR instance, you can use Splunk searches on your Splunk SOAR data. Refer to the Search reference manual for more information about search functionality, SPL syntax, and more.

Last modified on 05 March, 2024
Learn about Splunk App for SOAR   Learn about the Splunk System Logs in SOAR in Splunk App for SOAR

This documentation applies to the following versions of Splunk® App for SOAR: 1.0.57, 1.0.67, 1.0.71


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters