Is it possible to program some special consolidation inside Splunk?
For example: I want to run trough all log lines, ordered by id_user and date. For each 30 minutes a user navigate on my site, I count one visitor session, except for IPs inside a black list.
Is Splunk made for it?
Splunk can do just about anything provided you know how to write the search query. Take a look at the 'transaction' command - I believe it is what you seek -
This works fine, but I must always use that query-like structure inside Splunk?
Can I do some kink of structured programming inside Splunk?
Can I use Java inside Splunk?
Splunk is pretty flexible. Take a look at lookup tables and custom search commands.
Lookup tables allow you to add new fields based on existing ones. Typically you'll use a CSV file, but you can also us custom Python code. Take a look at the earlier question about Using CIDR in a lookup table for more ideas.
For your example case, a lookup is the way to go. If you are blacklisting individual IP addresses, create a CSV-based lookup with two fields
blacklisted, then search for, e.g.,
blacklisted=1. If you want to use network ranges instead, try the subnet lookup script referenced here or use eventtypes.