$0 = Script name $1 = Number of events returned $2 = Search terms $3 = Fully qualified query string $4 = Name of saved search $5 = Trigger reason (i.e. "The number of events was greater than 1") $6 = Browser URL to view the saved search $7 = This option has been deprecated and is no longer used $8 = File where the results for this search are stored (contains raw results)
thanks in advance!!
It looks like there may be a way to do it but you'll have to make some modifications to config files and scripts. I would recommend backing up any files first of course so you can roll back.
I was looking for the answer to the same question as yours, but I ended up with the use of $8, which is the path to the compressed search result as results.csv.gz in splunk's var/run/splunk/dispatch directory.
Modifying the JS would also work, but I am afraid the modification you make probably will be overwritten when you upgrade the splunk software.
Better check with Splunk support.
I hit upon the same issue and ended up using the powershell app to orchestrate the searches. This way I can pass unlimited arguments in via the REST API and handle the results in the PS script