When workflow actions are set up correctly, they appear in menus associated with fields and events in your search results. You can arrange for workflow actions to be event-level (meaning they apply to an entire event), field-level (meaning they apply to specific fields within events), or both.
To select event-level workflow actions:
- Run a search.
- Go to the Events tab.
- Expand an event in your search results and click Event Actions.
Here's an example of "Show Source," an event-level workflow action that, when clicked, displays the source for the event in your raw search data.
Alternatively, you can have the workflow action appear in the Actions menus for fields within an event. Here's an example of a workflow action that opens a Google search in a separate window for the selected field and value.
Both of these examples are of workflow actions that use the GET link method.
You can also define workflow actions that appear both at the event level and the field level. For example, you might do this for workflow actions that do something with the value of a specific field in an event, such as User_ID
.
Set up a search workflow action | Use special parameters in workflow actions |
This documentation applies to the following versions of Splunk Cloud Platform™: 8.2.2112, 8.2.2201, 8.2.2202, 9.0.2205, 8.2.2203, 9.0.2208, 9.0.2209, 9.0.2303, 9.1.2308, 9.1.2312, 9.2.2403 (latest FedRAMP release), 9.2.2406
Feedback submitted, thanks!