Are you lazy like me? Tired of running a set of known searches after you receive an alert? Well worry no more, this Adaptive response action allows you to run searches as a result of a correlation search and store the results in a seperate index. All results are in JSON format.
This app leverages the Adaptive Response framework to allow searches to be issued automatically.
Create your correlation search / alert.
Write your search in the 'Splunk Search' section prefixing 'search' with every search (unless it is a generating search like tstats). Multiple searches can be executed by inserting a hash in between.
Enter a description (Optional)
Specify the index to store the results - Default main
Specify a timeout for searches to run - Default 120
Version 1.0.0 - Added default earliest time, increased loggging, added other important fields. Splunk Appbase ready.
Version 0.0.1 - Inital release open for feedback.
If you identify any bugs or have feature requests please either contact me via twitter @MickeyPerre or post a topic under 'Questions on Splunk Answers' :)
Icons made by https://www.flaticon.com/authors/eucalyp" title="Eucalyp">Eucalyp from https://www.flaticon.com/" title="Flaticon">www.flaticon.com is licensed by http://creativecommons.org/licenses/by/3.0/" title="Creative Commons BY 3.0" target="_blank">CC 3.0 BY
Remediated search issues in Splunk
Updated name to reflect function
Updated icon.
Updated name to reflect title in Splunk
Initial release
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.