Hi ,

Below the installation guide mentioned in the addon

- This add-on should be installed on Search Head nodes.
- Drop this bad boy into $SPLUNK_HOME/etc/apps or download from it from the GUI, etc.
- Use the Setup to establish global SM Connection and Credential Parameters, and set the
  Field Captions as exposed in SM's RESTful API.
  - You'll need to talk to your SM administrator to get a user/pass for the API.
    - The user must have the "RESTful API" capability word and rights to create Incident records.
  - Default captions are suggested, based on an out-of-box v9.52 Service Manager API.
  - The out-of-box v9.52 probsummary extaccess record still captions Subcategory and
    Area respectively as Area and Subarea, even though the Incident screen labels them
    as Subcategory and Area. For consistency, it is recommended that the Service Manager
    Administrator re-caption these in the probsummary extaccess record.
- That's it! The add-on is installed!
- Now, when you or your users are creating alerts which will generate SM Incident
  tickets, you can select which values will go into which fields.
  - These can be the same values for all alerts, or separate values - as you please, but in
    this release they will need to be re-entered for each alert if you choose the former.

- Deploy to Distributed Search Head Cluster:
  You'll need to set the SM operator password on each node. Sorry about that, but since this
  add-on uses the storage/passwords API to encrypt the SM operator password, it is what it is.
  You can set every other global parameter in the Setup, and then only have to set the
  password on each node, though.

Please note that this is an addon and you will be able to view it in the alert action