This is a Splunk Modular Alert used to facilitate scheduled export of indexed data (SEND) to a file location The exported file is just a gzipped CSV of the search results that triggered the alert. The real intent of this add-on though is as an example for developers to follow to show how you can essentially leverage the Modular Alerts framework to perform a scheduled data output. Other types of outputs to consider implementing : ftp,scp,jms,kafka,aws,rdbms,datawarehouse,some other data storage or processing platform etc... The Python code in this App is dual 2.7/3 compatible. This version of the App enforces Python 3 for execution of the modular alert script when running on Splunk 8+ in order to satisfy Splunkbase AppInspect requirements. If running this App on Splunk versions prior to 8 , then Python 2.7 will get executed. For details of the support we offer for our Apps , browse to : https://www.baboonbones.com/#support This App is fully AppInspect passed for running in your own Splunk Enterprise environments.