Learn about the remote-search service in Splunk App for SOAR
Starting with Splunk SOAR version 6.2.0, Splunk App for SOAR uses universal forwarders instead of remote search.
Splunk SOAR can use an external Splunk Cloud Platform or Enterprise instance as the main search engine to search for Splunk SOAR data. To do that, install Splunk App for SOAR (previously known as Splunk Phantom Remote Search) on your Splunk instance to connect your Splunk instance to your Splunk SOAR instance.
After you have configured the remote-search feature on your Splunk SOAR instance, you can use Splunk searches on your Splunk SOAR data. Refer to the Search reference manual for more information about search functionality, SPL syntax, and more.
Learn about Splunk App for SOAR | Learn about the Splunk System Logs in SOAR in Splunk App for SOAR |
This documentation applies to the following versions of Splunk® App for SOAR: 1.0.57, 1.0.67, 1.0.71
Feedback submitted, thanks!