Security Profile field name "action"

[ark2491]

Although it is very straight forward to call action "Unknown/Allowed/Denied/Other" and i agree with it, the field action is already present in another Models (CIM) used by Splunk, and I think it may be a hard time to migrate use cases from people who use this field/values already. CIM itself does not really follow a strict standardized format for actions already, so i agree with the field/action_id requirement. But certain data types would be hard to migrate for legacy customers and datasets. Would it be possible to rename this to something slightly similar, and keep action_id as that makes sense as well. I'm open to discussion about this, as my goal is for people to adopt this schema, without conflicting with other use cases that data owners may have in production.