Add word in the workflow action.

dfigurello · ‎11-27-2013

Hey splunkers,

I have a doubt. I created a GET workflow action to search field in the google, but I can't put a word before the variable.

For example:

(...)google.com/search?$Reason$ it's ok. But I want always search "Trend Micro $Reason". I need add always the word "Trend Micro" for each search with variable $reason, but I can't do it.

Splunkers any idea?

Tks.

yAlff · ‎11-28-2013

Hey,

did you just try to filter for Trend Micro?

Just extract the field behind search? (maybe named as what), and then filter with sourcetype=bla what="Trend Micro*"

It means that all the returned results contain Trend Micro $reason$ and the just extract the $reason$-tag

Regards

dfigurello · ‎11-28-2013

Hey yAlff,

my splunk search returns results without any word with Trend Micro. I want add "Trend Micro + results in my index" in search google.

For example

host=ddi| stats count by Reason

Reason count
DNS response resolves to dead IP address 55
Many failed log in attempts 1
Multiple failed log in attempts 1

I want search in the google:

Trend Micro + "DNS response resolves to dead IP address"

I tried trend micro + $reason and others ways but not happens. In the search goes only Trend Micro.

any idea ?

Tks!

Add word in the workflow action.

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!