Hello, I've created adaptive response action with Add-on builder 3.0.1. It creates a ticket in ticketing system. Splunk enterprise security 6.2.0 is running in a cluster. Indexers are also clustered, multi-site. Splunk is 8.0.6. When action is triggered from saved alert, it works perfectly. When running ad hoc action from Incident review page the script gets executed twice and creates two same tickets. There is a 5 seconds difference between two actions. Why would it be executed twice? Goran
... View more