I've read the concepts page, and a lot of the App Framework documentation over at dev.splunk.com. But I still don't have a good picture of what it takes to add the bare minimum functionality not supported within the default Splunk apps.
I know how to get all the DNS lookups in Splunk. I know how to write a bloom filter in Python and find all entries that aren't in the Alexa top 1,000,000 domains, with 99.99% accuracy and low memory/CPU requirements.
But I don't know how to get the results of that Splunk DNS lookup into my python script, and back into the output of a Splunk search. All the howtos and tutorials seem to be saying that I have to build a heavyweight MVC app to accomplish it; and it seems like there should be a much easier way.
As far as I can tell, that's exactly what I was hoping existed. Thanks!
I'll come back for more if it turns out, later, that doesn't do it.
the dns lookup script is itself an example of a scripted python search command.