I have created an alert which when triggered sends events to service now,the alerts sends a type.severity,node etc fields.How can I include the URL of the alert triggered in a field called additional_info similar to the view results in splunk in alert actions which will redirect to the same search than trigerred the alert
Below is the search I ran
index=main sourcetype="aws:cloudtrail" eventName=ConsoleLogin additionalEventData.MFAUsed=No
| eval time=strftime(_time,"%d/%m/%Y %H:%M:%S")
| eval node=recipientAccountId
| eval resource="AWS Console LogIn"
| eval type="Console LogIn without MFA"
| eval severity=1
| eval description="Logged into AWS console without MFA" . " AWSAccount: " . recipientAccountId . " Source IP: ". sourceIPAddress." on ". time
| table node resource type severity description
| eval splunk="https://splunk.zzz.com/en-US/app/search/search?q=search%20index%3Dmain%20sourcetype%3D%22aws%3Acloud..."