I am interacting with splunk through the API (more specifically I use the search.py from the SDK).
I have a set of rules that I would like to run. Those rules have different field names than the ones I use on my Splunk.
For example one of the rules I have, searches if the dstport="4242", but my parsing on my Splunk is made differently. I have named that specific field destinationport and not dst_port. The search is therefore failing and finds 0 results. But when running multiple rules it is impossible to understand if the search returns 0 results because the field does exist or because it simply did not found anything.
I want to run multiple searches (around 200+), and force Splunk to indicate me if (for one specific search) it could not find any results BECAUSE the field(s) I am searching does not exist.
This is an example of how i perform one simple search: