Splunk ITSI

Is it possible to update alerts once custom action executed ?

jmarcoui2
Observer

Hi,

Really new to ITSI.

Already installed Splunk and ITSI on my customer site and read a lot of documentation.

I created a custom alert action (alert_action.conf and notable_alert_action.conf, don't remember exactly) in order to create a ticket to an external ticketing system accepting REST calls.

So also created a script in ../bin directory.

When I call the targeted ticketing system with REST POST, I get the INC number of the ticket created.

I would like to update the episode with this inc number in a specific field but didn't find similar situation here.

Can you help me ?

thank you in advance

Labels (1)
Tags (3)
0 Karma
Get Updates on the Splunk Community!

Exporting Splunk Apps

Join us on Monday, October 21 at 11 am PT | 2 pm ET!With the app export functionality, app developers and ...

Cisco Use Cases, ITSI Best Practices, and More New Articles from Splunk Lantern

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Build Your First SPL2 App!

Watch the recording now!.Do you want to SPL™, too? SPL2, Splunk's next-generation data search and preparation ...