This workflow template enables the execution of a Splunk search query with the added benefit of optional filtering of the results. Ideal for threat hunting and data analysis, it allows users to return specific fields by providing a comma-delimited list, simplifying data management and integration into larger workflows. Its ease of use and configurability make it a valuable tool for teams requiring quick and targeted access to Splunk data.
Optional Triggers
["Nested Workflow","Webhook"]
Use Cases
Threat Hunting
Workflow Breakdown
Provide the search query and optional field filters
Output will be provided once the search job is finishes
Vendors
Utils, Splunk
Workflow Output
Success/Failure
Tips
If a static IP address is required for Splunk, use a step-runner to execute the Splunk steps.