Splunk SOAR

Splunk Observability Cloud Splunk IT Service Intelligence Splunk Cloud Platform Splunk Enterprise Data Management Splunk Enterprise Security 8 Splunk Enterprise Security 7 Splunk SOAR Security Offerings AppDynamics SaaS About This Site Community Support Supported Add-ons

Splunk Observability Cloud Splunk IT Service Intelligence Splunk Cloud Platform Splunk Enterprise Data Management Splunk Enterprise Security 8 Splunk Enterprise Security 7 Splunk SOAR Security Offerings AppDynamics SaaS About This Site Community Support Supported Add-ons

Documentation

Splunk SOAR

Splunk SOAR Contents

SOAR (Cloud)

SOAR (On-premises)

Use Splunk SOAR (On-premises)

Splunk App for SOAR

Splunk App for SOAR Export

Splunk Automation Broker

Add a note in Splunk SOAR (On-premises)

Add a general note using the /note command in Splunk SOAR (On-premises). Only general notes are supported. Use the following format:

/note "<title>" <note body>

You can use a datapath with a note to add additional information to a note. See Use a datapath in Splunk SOAR (On-premises). This is shown in the following example:

/note "Attackers" Based on geolocate ip, attacks originated from artifact:*.ip

The above example results in a note added with the title "Attackers" and a body that looks like the following:

Based on geolocate ip, attacks originated from [2.2.2.2, 1.1.1.1]

Notes and datapaths

You can use a datapath anywhere in a note title or body. The datapath is evaluated as a Python style list, and creates a single note with the results listed in it.

See Use a datapath in Splunk SOAR (On-premises).

Product Guides

Splunk SOAR (On-premises)

Last updated: May 12, 2025

Explore Topics

Splunk Observability Cloud

Splunk IT Service Intelligence

Splunk Cloud Platform

Splunk Enterprise

Data Management

Splunk Enterprise Security 8

Splunk Enterprise Security 7

Splunk SOAR

Security Offerings

AppDynamics SaaS

About This Site

Community Support

Supported Add-ons

©2005-2025 Splunk Inc. All rights reserved.