If you are using the latest version of Splunk software, I would suggest taking a look at the webhook alert action. Here is some documentation about it:
Webhooks can POST information from an alert to an external web resource.
Hope this helps! Let me know if you need other suggestions.
Yup that is me. That code is represented in the repo. Though I do need to redo all this in the new alert framework as mentioned by frobinson above in the comments. email@example.com will reach me.
I saw this as a new feature with 6.3 and will test. However based on my reading it doesn't look to be very configurable or support the macros I would want: source and/or destination IP, source and/or destination port, etc.
Thanks starcher. I figured it would probably come down to a python script, but I am not a very strong script writer. I will try to research a bit and see what I can find to create a script for this sort of integration.
You can always make your own python code and send in the results in a table csv for it to act on. Similar to what I do here: https://github.com/georgestarcher/Splunk-Alert/tree/master/XARF Not GUI simple but works.