workflow_runner
Execute Splunk troubleshooting workflows by ID with parameter control and parallel processing for automated diagnostic analysis.
Instructions
Execute any available workflow by ID with comprehensive parameter control and parallel execution.
This tool provides a flexible interface to execute both core (built-in) and contrib (user-contributed) workflows with full control over execution parameters and diagnostic context. It leverages the same parallel execution engine used by the dynamic troubleshoot agent for optimal performance.
Core Capabilities:
Universal Execution: Run any workflow by ID - core or contrib workflows
Parameter Flexibility: Full control over time ranges, focus areas, and complexity levels
Parallel Processing: Dependency-aware parallel task execution for optimal performance
Comprehensive Results: Detailed execution results with performance metrics and summaries
Progress Tracking: Real-time progress reporting during workflow execution
Key Parameters:
workflow_id (required): ID of workflow to execute (use list_workflows to discover)
problem_description (optional): Context about the specific issue being investigated
earliest_time/latest_time (optional): Time range for diagnostic searches (default: "-24h" to "now")
focus_index/focus_host/focus_sourcetype (optional): Specific focus areas for targeted analysis
complexity_level (optional): "basic", "moderate", "advanced" analysis depth (default: "moderate")
enable_summarization (optional): AI-powered result summarization (default: True)
Supported Workflows:
Core Workflows: missing_data_troubleshooting, performance_analysis
Contrib Workflows: Any custom workflows from contrib/workflows/ directory
Benefits:
Consistent interface for all workflow types
Optimized parallel execution with dependency management
Flexible parameter control for different scenarios
Comprehensive result analysis and reporting
Integration with existing workflow infrastructure
When to use
Use when you know the workflow ID to run (discover via
list_workflows)Use for executing core or contrib workflows with custom time windows and focus context
Use in automation pipelines that orchestrate troubleshooting by workflow ID
Arguments
See Key Parameters list above. All are optional except
workflow_id.
Outputs
Detailed execution results, task results, summary, and metadata including execution timing
Perfect for executing specific workflows when you know exactly which diagnostic procedure you need to run, or for building automated troubleshooting pipelines.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| workflow_id | Yes | ||
| problem_description | No | ||
| earliest_time | No | -24h | |
| latest_time | No | now | |
| focus_index | No | ||
| focus_host | No | ||
| focus_sourcetype | No | ||
| complexity_level | No | moderate | |
| enable_summarization | No |