Have been trying to create custom command, but it seems that getOrganizedResults() doesn't  doesn't seem to get the previous search results.  Just to test things i wrote this:  import sys,splunk.Intersplunk # this call populates the results variable with all the events passed into the search script: results,dummyresults,settings = splunk.Intersplunk.getOrganizedResults() # hand the results right back to Splunk splunk.Intersplunk.outputResults(results) The data hadn't came back, the massage was: "No results found. Try expanding the time range." The command was added in commands.conf, I was authorized to use it.  Why can't getOrganizedResults get data?  ... View more