splunkSearch
splunkSearch
splunkSearch (resource: ID!, searchQuery: String!, earliestTime: String, latestTime: String, maxResults: Int) → SplunkSearchResult
Execute a search query against a Splunk SIEM instance.
The resource parameter specifies which Splunk connection to use (by ID or AKA).
The searchQuery parameter is the SPL (Search Processing Language) query to execute.
Example:
{
splunkSearch(
resource: "splunk:my-splunk.example.com"
searchQuery: "index=aws_cloudtrail errorCode=AccessDenied | head 100"
earliestTime: "-24h"
latestTime: "now"
maxResults: 100
) {
resultCount
results
}
}