I'm running this search:
| rest/servicesNS/-/-/saved/searches
| search disabled=0 AND is_scheduled=1 AND eai:acl.sharing!="user" AND alert_type!="always"
| fields title author actions action.email.to
| sort title
One of the results I get back shows the actions as "email, sendmn". However, I can't find any correlation between "sendmn" and anything about the alert it's related to.
What does this field refer to?
I just ran into the same issue, I am certain that is created by the "mobile_access" app
config should be in default/alert_actions.conf
# the custom alert action for sending Apple push notification in Splunk 6.2 or earlier
[sendmn]
command = |rest /services/server/info splunk_server=local|sendmn alert="$name$" sid="$search_id$" \
results_count="$results.count$" severity="$alert.severity$" \
alert_expires="$alert.expires$" results_link="$results.url$" count_type="$counttype$" \
app="$app$"