08_Splunk 9 Creating Workflow Actions

 1 Splunk 9: Creating Workflow Actions - by Joe Abraham

1.1 Course Overview

2 Learn About Splunk Workflow Actions

2.1 Introducing Splunk Workflow Actions

2.2 Learning About Splunk Workflow Actions

2.3 Using Workflow Actions

2.4 Demonstrating a Simple Workflow Action

2.5 Additional Workflow Action Information

3 Create and Use GET Workflow Actions

3.1 Understanding GET Workflow Actions

3.2 Detailing GET Use Cases

3.3 Configuring a GET Workflow Action

4 Create and Use POST Workflow Actions

4.1 Understanding POST Workflow Actions

4.2 Learning About POST Requests

4.3 Detailing POST Use Cases

4.4 Configuring a POST Workflow Action

4.5 Wrapping up POST Workflow Actions

5 Create and Use Search Workflow Actions

5.1 Understanding Search Workflow Actions

5.2 Learning About Search Workflow Actions

5.3 *Configuring a Search Workflow Action

5.4 *Using a Search Workflow Action

5.5 Wrapping up Splunk Workflow Actions

1. Splunk 9: Creating Workflow Actions - by Joe Abraham

1. Course Overview

https://docs.splunk.com/Splexicon:Workflowaction

https://docs.splunk.com/Documentation/SplunkCloud/latest/Knowledge/CreateworkflowactionsinSplunkWeb

Workflow Action 

A highly configurable knowledge object that enables a variety of interactions between fields in events and other web resources.

< domain controller logs, endpoing logs, network infrastructure compliance, security appliance logs,  >

2.  Learn About Splunk Workflow Actions

1. Introducing Splunk Workflow Actions

What You'll Learn Here

Learn about Splunk Workflow Actions

Create and Use POST Workflow Actions

Create and Use GET Workflow Actions

Create and Use Search Workflow Actions 

2. Learning About Splunk Workflow Actions

Workflow action examples

Send GET and POST requests to a resource

• Find information on IP addresses  

• Search for field values  

• Send information to ticketing server 

Generate secondary search

• Find additional information from initial Query 

• Sort/filter/format the information 

Types of Workflow Actions

GET workflow actions create an HTML link to access information

POST workflow actions create HTTP POST to a specific URI

Search workflow actions create a secondary search 

Knowledge object will have conf  - We can keep it either private or public

Workflow Action configuration file: workflow actions.conf

We can do CLI configuration 

3. Using Workflow Actions

workflow actions.conf

[Duck Duck Go Search]

display _ location = field_menu
event types = *
fields  = *
label = Search on DuckDuckGo for $@field_name$ equals $@field_value$ 

link.method = get
link.target=blank
link. uri  = https : //duckduckgo.com/?q=$@field_name$+$@field_value$
type=link 

Splunk Community Page

https://community.spIunk.com/t5/Community/ct-p/en-us 

4. Demonstrating a Simple Workflow Action

Get workflow actionb = Link

https://duckduckgo.com/

5. Additional Workflow Action Information

3. Create and Use GET Workflow Actions

1. Understanding GET Workflow Actions

2. Detailing GET Use Cases

3. Configuring a GET Workflow Action

4. Create and Use POST Workflow Actions

1. Understanding POST Workflow Actions

• Ex - Splunk Sending info to ticketing system 

• 
  

2. Learning About POST Requests

• API is act like middle man between two systems

3. Detailing POST Use Cases

4. Configuring a POST Workflow Action

Good tool to test http methods

5. Wrapping up POST Workflow Actions

This will be updated in conf file

5. Create and Use Search Workflow Actions

1. Understanding Search Workflow Actions

2. Learning About Search Workflow Actions

3. *Configuring a Search Workflow Action

Using tokens in the new workflow action

4. *Using a Search Workflow Action

5. Wrapping up Splunk Workflow Actions