Thanks for your info! We didn't get it to work in our platform which runs in version 9.0.5 But we've found another app with the same features which works for us! Syslog alert action Add-On https://splunkbase.splunk.com/app/6177 It's really easy to use in Alerts or as Adaptive Response Action in Splunk ES. Create your customized syslog-message using eval syslogmessage = .. in the Search query and mention the syslogmessage field als message param in the app config.
... View more