Single-record Splunk alerts

Within any alert, you can specify security events or security incidents to be created when the alert is fired.

Open or create your alert, and when editing actions, select the type of record you want, and fill in the alert dialog box.