this alert action gave me an error when testing the python.
2018-03-07 18:34:42,033 ERROR pid=24690 tid=MainThread file=cim_actions.py:message:271 | sendmodaction - signature="Error: 'module' object has no attribute 'process_event'. Please double check spelling and also verify that a compatible version of Splunk_SA_CIM is installed." action_name="test_alert" search_name="test_arf" sid="1520447680.116" rid="0" app="TA-fancydudeapp" user="admin" action_mode="adhoc" action_status="failure"
I found this in the error logs. I am trying to just create alert actions to add .json alerts to each event I alert on.
So its a python script which uses slack webhook to send the alert to with the crafted .json message.
The `os` module/method can be used to execute filesystem commands.
I would have an alert
1) alert action - slack alert with $ results.