Splunk IT Service Intelligence

Is it possible to update alerts once custom action executed ?

jmarcoui2
Observer

Hi,

Really new to ITSI.

Already installed Splunk and ITSI on my customer site and read a lot of documentation.

I created a custom alert action (alert_action.conf and notable_alert_action.conf, don't remember exactly) in order to create a ticket to an external ticketing system accepting REST calls.

So also created a script in ../bin directory.

When I call the targeted ticketing system with REST POST, I get the INC number of the ticket created.

I would like to update the episode with this inc number in a specific field but didn't find similar situation here.

Can you help me ?

thank you in advance

Labels (1)
Tags (3)
0 Karma
Get Updates on the Splunk Community!

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...