I am trying to do the following, but haven't been able to figure out how.
For a particular event, I want to trigger some analysis of the event. The analysis may involve performing additional searches using Splunk, and combining some of the results from these searches. Then finally present the final results to the user.
I looked at various options such as workflow actions, Splunk app or add-on, etc, but not exactly sure how to do that. The best I can come up with is
Is this what I need to do? What are my options?
Thanks for your help!
Thanks Martin. I saw that as well. AFAICT, unfortunately that doesn't allow me to run the search, process the results dynamically, and re-run another search based on the output of the processing, and reiterate until the final result is obtained. I would like to do these steps automatically in a program.
In that case you're not looking for a workflow action, rather for a small program to do the looping for you. Out of the box Splunk doesn't do loops.
That small program could be a custom search command, or an external program using the REST API / various SDKs.