I'm unable to get field validation in a Custom Adaptive Response Action in Splunk Enterprise Security. What I would like to achieve is a field validation that obliges the user to fill the field (required field) but I can't get even the simplest validation working. When I click on the run button in the adaptive actions modal view on the incident, I get no validation but a message saying "action has been dispatched".
Furthermore which field should I put in alert_actions.conf.spec and savedsearched.conf.spec? The documentation I have read is quite vague.