Request Builder adds the | req custom SPL command, letting you make outbound HTTP and HTTPS requests directly from the Splunk search pipeline without any extra middleware. The problem it solves: Splunk has no built-in way to call external REST APIs or webhooks during a search. Request Builder fills that gap by turning every event into a potential HTTP request — you can enrich events with live API responses, trigger SOAR or CI/CD workflows from alert actions, post data to ticketing or notification systems, or pull inventory and configuration from any REST endpoint, all with standard SPL syntax. Key capabilities: - Supports GET, POST methods - Custom request headers and JSON or plain-text request bodies - Cookie injection and configurable SSL verification (with certifi CA bundle) - Per-request timeout control - Authentication via HTTP Basic Auth, ****** or API key header — credentials stored securely in Splunk Storage Passwords, never in plain text in searches - Adds status_code, response, response_headers, and ssl_verify fields to each enriched event - Works across Splunk Enterprise 8.x+ and Splunk Cloud