Hey All, I am wondering how you can make a search in Splunk, and then send the data it returns to a custom python command for further processing. For example the search without the custom command: "source="C:\\Documents\\Logs.csv" index="logs" sourcetype="csv" | stats count as alertCount by Alert | stats count(alertCount)" This will return to me the number of types of alerts in this CSV I have. But I want to take that number (which is stored in "alertCount") and send it to my custom command as a parameter in order to send that number to an outbound-external API via REST. Ultimately my search would look something like this "source="C:\\Documents\\Logs.csv" index="logs" sourcetype="csv" | stats count as alertCount by Alert | stats count(alertCount) | splunkcommand num=alertCount" "splunkcommand" is my custom python script that takes in a parameter "num" and sends it to an API via REST. However, Splunk tells me that "splunkcommand" needs to be the first command in the search, making what I am trying to do not possible, because I want to make the SPL search first, to send it to the custom command. Is what I am trying to achieve possible?
... View more