Knowledge Management

How do you set up a GET Workflow Action that links a field directly to an event on an AV web interface?

psmaan
New Member

I have an event coming from an antivirus. Antivirus logs contain a field (lets say "URL") which contain direct links to the event on an AV web interface. If I copy that link and paste it in the browser, it will work fine.

I am trying to create a workflow action where a security analyst can click on this link directly from the event field and can open it in a new window. I created a workflow action configuration as described in here:-
https://docs.splunk.com/Documentation/Splunk/7.1.2/Knowledge/SetupaGETworkflowaction

However instead, Splunk is giving me an option to search the AV url link in Google. How do I fix this?

0 Karma

psmaan
New Member

I managed to get this done by breaking up the URL provided in the events as per format required in the URI field of the workflow configuration. However, I would still be interested in a solution where you can use such event fields directly.

0 Karma

mdicenzo
Explorer

I am trying to do this same thing. Can you clarify what you did to get this to work?

The field name is URL and the string already has https so I was trying to just put $!URL$ in the url link configuration.

0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...