Thank you for your feedback.
Form temporarily unavailable. Please try again or contact to submit your comments.

Splunk event actions

Log in to subscribe to topics and get notified when content changes.

Splunk event actions

When reviewing Splunk logs, you can rapidly create security events and security incidents from any item in the log using the Event Actions.

Clicking either of these actions creates a manual search command populated with the data in the log entry, and run it to generate the new record.

These actions are easily configured to add fields in your normalized data. Within Splunk, using Settings > Fields > Workflow Actions, you can select and edit either of these actions using the manual search fields.

You can choose where the action is shown, for what fields, and modify the search string that contains a search command to create your record.