Thank you for your feedback.
Form temporarily unavailable. Please try again or contact docfeedback@servicenow.com to submit your comments.
Versions
  • London
  • Kingston
  • Jakarta
  • Istanbul
  • Helsinki
  • Geneva
  • Store
Close

Splunk event actions

Splunk event actions

When reviewing Splunk logs, you can rapidly create security events and security incidents from any item in the log using the Event Actions.

Clicking either of these will create a manual search command populated with the data in the log entry, and run it to generate the new record.

These actions are very easily configured to add fields in your normalized data. Within Splunk, using Settings > Fields > Workflow Actions, you can select and edit either of these actions using the manual search fields.

You can choose where the action is shown, for what fields, and modify the search string that contains a search command to create your new record.