Hello,
i would like to create the custom alert action attached to my alert. Whenever the alert brings back results (in my case: anomaly has been detected), then the dbxquery should be fired back against the DB generating there the runtime dump. No fancy UIs, simplest possible.
The rtedump creation is a procedure call on DB side, which at splunk would translate to sth. like that:
| dbxquery query="call \"SYS.MANAGEMENT_CONSOLE_PROC('runtimedump dump','$result.host_port$',?)" connection=$result.connection$
result.host_port and result.connection would / should be taken over from the alert search, there i would set it correspondingly.
Now, how would I do this in a simplest possible way? Do I need the [custom_alert_action].html also in this case? Where would I place all the necessary files / above search / parameters?
Kind Regards,
Kamil