I am looking into the ability to set a script to run when an alert is triggered. My Splunk GUI tells me that the option to trigger a command is deprecated. So I started looking into creating alert_actions.conf. Can this file be in /system/local on the forwarder and not on the DC or DS? Also if the alert is setup through the GUI would I be able to just reference the alert name in alert_actions.conf and configure the command trigger on the forwarder?