Understanding Workflows

Workflow agents run predefined multi-step pipelines. Chat agents answer questions and iterate. Use workflows when you need repeatable, automated checks.

Parent: Workflows
Related: Workflow Templates | Running Workflows

What Are Workflow Agents?

Workflow agents are automated pipelines that execute a fixed sequence of steps. Each step runs a tool (e.g., Splunk query, index check, license check) and passes results to the next step. The workflow produces a single consolidated report at the end.

You do not chat with a workflow agent. You trigger it, and it runs until completion. You get structured output: findings, status, and recommended actions.

Workflow Agents vs Chat Agents

Aspect	Workflow Agents	Chat Agents
Interaction	One-shot execution	Conversational back-and-forth
Steps	Fixed sequence (predefined)	Dynamic, user-driven
Output	Structured report	Answers, explanations, or ad-hoc results
Use case	Repeatable checks (health, quality, ingestion)	Exploratory questions, debugging, learning
Scheduling	Yes (Enterprise)	No

When to Use Workflows

Use workflows when you:

Run the same checks daily (e.g., Daily Health Check)
Need consistent, auditable output (e.g., ingestion status, data quality)
Want to schedule automated runs (e.g., every morning)
Prefer a single report over a conversation

When to Use Chat Agents

Use chat agents when you:

Ask questions or explore data (e.g., "Why did this search fail?")
Debug a specific incident or error
Learn Splunk or SPL
Need ad-hoc analysis or custom queries

Multi-Step Automation

Workflows chain multiple steps. For example, a Daily Health Check might:

Indexer health
Search Head status
License usage
Ingestion status
Forwarder connectivity
Performance metrics

Each step runs in order. Results feed into the next step. The final step produces a summary report.

Summary

Workflows are for repeatable, automated pipelines. Chat agents are for interactive, exploratory work. Use both: workflows for routine checks, chat agents for everything else.