Skip to main content
All CollectionsTemplatesBasic
Simple Splunk Query with Optional Return Field Filters - Workflow Template
Simple Splunk Query with Optional Return Field Filters - Workflow Template

A simple Splunk query that can use optional field filters to filter the dataset returned. Can be used as a nested workflow to simplify use.

Updated over a week ago

This workflow template enables teams to perform targeted threat hunting by running a Simple Splunk Query with the added flexibility of Optional Return Field Filters. If specific fields are not required, operators can utilize the optional field filters to refine the dataset and streamline the resulting output. This efficiency is crucial for identifying threats faster and more accurately, especially when integrated into a nested workflow for simplified operations.

Take Me to the Template

Optional Triggers

"Nested Workflow",Webhook

Use Cases

Threat Hunting

Workflow Breakdown

  1. Provide the search query and optional field filters

  2. Output will be provided once the search job is finishes

Vendors

Utils, Splunk

Workflow Output

Success/Failure

Tips

If a static IP address is required for Splunk, use a step-runner to execute the Splunk steps

Related Articles
Fetch New QRadar Offenses with Pagination - Workflow Template
Query Logs on Singularity XDR with Pagination - Workflow Template
VirusTotal Domain Enrichment with Cache - Workflow Template
AlienVault Domain Enrichment with Cache - Workflow Template
Search Observables by Grouped UDM Fields in Chronicle - Workflow Template
Did this answer your question?