Hi Splunk Community,
I have a list of IP that returned from a search, and would like to parse line by line and do a POST api call to third party and display it on the dashboard in realtime. Im including IP in the POST API and receiving reputation of the IP back.
I read the splunk doc but was confused with saved search, sid and etcs. Can anyone please help me elaborate the steps i need to take to make it happened? I have knowledge in Python and Bash
Example of my API call.
curl -X POST "httpx://api.3rdparty.com/ "Token: 12ab3a1d81124cc323249c7d1c723e39 -i "220.127.116.11"
Thank you. Im new to Splunk development, please be kind 🙂