This worked for me:
step 1. in search box of web interface
| makeresults | jonsnow dest="bbb", source="bla-bla-bla"
step 2. for "jonsnow" custom command to work
write this in commands.conf
[jonsnow]
filename = jonsnow.py
and this to local.meta of the same Splunk app
[commands/jonsnow]
access = read : [ * ], write : [ admin, power ]
export = system
owner = myusername
step 3. the script itself (jonsnow.py)
import splunk.Intersplunk
import subprocess
keywords, argvals = splunk.Intersplunk.getKeywordsAndOptions()
xxx = argvals['xxx']
yyy = argvals['yyy']
subprocess.call(["sh", "./jonsnow.sh", xxx, yyy])
... View more