I'd like to run a script based on a pattern match in a particular logfile. Ordinarily I'd do this with an alert, but I can't do that because—
Is there any way of getting the forwarder to run the script when a particular pattern matches? Or is there another approach that I could try?
One approach you might be able to try is to request access to the REST API for your Cloud Search Heads. Then you could run searches remotely and make those search results a conditional part of your script.