Thank you for your help, Sorry, I am not very familiar at all with coding.  I am struggling thru the Python script, but making progress.  So the first API call I need to make is: "https://ServerName/nitro/v1/config/lbvserver" This gives me a JSON return with about 50  name values like:   [ { "name":"server1", "insertvserveripport":"OFF", }, { "name":"server2", "insertvserveripport":"OFF", },   I need to make a secondary API call that would use these names in the API URL, like: https://su-ns-vpx-int-1.siteone.com/nitro/v1/config/lbvserver_servicegroup_binding/(name) I can't figure out how to capture the name values from the first API call in order for the second API call to be executed for each variable. : (   I hope that makes sense. 🙂  Here's the actual code I am using:       import os import sys import time import datetime import json ''' IMPORTANT Edit only the validate_input and collect_events functions. Do not edit any other part in this file. This file is generated only once when creating the modular input. ''' ''' # For advanced users, if you want to create single instance mod input, uncomment this method. def use_single_instance_mode(): return True ''' def validate_input(helper, definition): """Implement your own validation logic to validate the input stanza configurations""" # This example accesses the modular input variable # global_account = definition.parameters.get('global_account', None) pass def collect_events(helper, ew): # Note, for single instance mod input, args will be returned as a dict. # For multi instance mod input, args will be returned as a single value. opt_global_account = helper.get_arg('global_account') global_userdefined_global_var = helper.get_global_setting("userdefined_global_var") # The following examples send rest requests to some endpoint. url="https://servername.com/nitro/v1/config/lbvserver" headers = {"authorization":"Basic bnNyb2dghdg90O0c2NsciEh"} final_result = [] response = helper.send_http_request(url, 'GET', parameters=None, payload=None,headers=headers, cookies=None, verify=True, cert=None,timeout=None, use_proxy=True) # get response body as json. If the body text is not a json string, raise a ValueError r_json = response.json() for name in r_json["lbvserver"]: state = helper.get_check_point(name["name"]) if state is None: final_result.append(name) helper.save_check_point(name["name"], "Indexed") helper.delete_check_point(name["name"]) # get response status code r_status = response.status_code if r_status !=200: # check the response status, if the status is not sucessful, raise requests.HTTPError response.raise_for_status() # To create a splunk event event = helper.new_event(json.dumps(final_result), time=None, host=None, index=None, source=None, sourcetype=None, done=True, unbroken=True) ew.write_event(event)         Thanks again for responding, very much appreciated. 🙂   Thanks, Tom       ... View more

Hello, sorry, I forgot to mention that I am using the API portion of the Add-On Builder, no scripting, just direct API connection.   Thanks again, Tom ... View more

Awesome, that did the trick, thank you very much for the quick help!!! Thanks ... View more

Thank you very much for the quick help, that did the trick. ... View more

Hello, thank you for all of the help. 🙂  I think I'm all set now.   ... View more

Hello, no problem.  In the screenshot below, there a numerical values in the each cell of the Count column.  Currently, we see when the Cell color is Green, the Text color is Black, and when the Cell color is Red, the Text color is White.  I need a way to change that Text color to be Green if the Cell is Green, and Red if the Cell is Red in order to hide the Text from the Count column.  Or if there is a way to hide the Text Value in the Count Column and only display the Cell color.  That would be awesome.     Thanks, Tom ... View more

Thanks again,  sorry, but that method only changes the cell color.  I need the actual Text color to change or figure out how to hide the Text for this column.   Thanks for the help though, Tom ... View more

Hello, Thank you for the help,  I am just using a Count for the column the Threshold is changing colors on for me.  But, I can't find a way to change the text color thru the GUI or anywhere else sad to say.  I would love to remove the number from being displayed. Here's the Query I am using:   integrationName="Opsgenie Edge Connector - Splunk" "[ThousandEyes] Alert for https://httpURL.com" action != "AddNote" action !="Acknowledge" | transaction "alert.id", alert.message startswith=Create endswith=Close keepevicted=true | table _time, alert.updatedAt, alert.message, "alertDetails.Alert Details URL", alert.alias, alert.id, action, _raw, closed_txn, _time, source, Component | where closed_txn=0 | stats values("alertDetails.Alert Details URL") as "Source Link", count("closed_txn") as Count | eval Application = "ApplicationName" | eval "Monitor Details" = "Performs an HTTP call to Boomi Gateways, Load Balancer, and Molecule servers to verify they are functioning" | eval Contact = "ContactName" | eval Component = Count."|".Application | fields Count, Application, "Monitor Details", "Contact", "Source Link", Component   Thanks again, Tom   ... View more

Hello, Thank you both for all of the advice, really appreciate it.  I've basically have been trying to piece this together from a lot of googling. My objective is the following: I have a Dashboard table that displays only the 'Create' events using the following Transaction Search. integrationName="Opsgenie Edge Connector - Splunk", alert.message = "STORE*", alert.message != "*Latency" alert.message != "*Loss" action != "AddNote" | transaction "alert.id", alert.message startswith=Create endswith=Close keepevicted=true | table _time, alert.updatedAt, alert.message, alert.alias, alert.id, action, "alertDetails.Alert Details URL", _raw, closed_txn, _time | where closed_txn=0 | rename alert.message AS "Branch" | rename "alertDetails.Alert Details URL" as "Source Link" | eval Created=strftime(_time,"%m-%d-%Y %H:%M:%S") | fields Created, Branch, "Source Link" | sort by Created DESC | fields - _raw, _time I have been asked to add a ServiceNow Incident # to this table. I was able to get the join working with the following Search (integrationName="Opsgenie Edge Connector - Splunk" alert.message = "STORE*") OR (sourcetype="snow:incident" dv_opened_by=OPSGenieIntegration) | eval joiner=if(integrationName="Opsgenie Edge Connector - Splunk", alertAlias, x_86994_opsgenie_alert_alias) | stats values(*) as * by joiner | where alertAlias==x_86994_opsgenie_alert_alias | rename dv_number as Incident | table alertAlias, Incident | fields alertAlias, Incident But I'm stuck on joining those two searches together to display in a table, the Created, Branch, and "Source Link" from the Transaction search, the Incident from the Join search, and only for the open transactions. The alertAlias and the opsgenie_alert_alias contain the same content, so I was doing the join on those. Again, thanks for all of the help, Tom ... View more

Perfect, that did the trick, thank you for the help. ... View more

Thanks for the help, So I went into the Source and can see the Search Query, but I get no results when I try to Search it manually.  I'm thinking I need to change the format but am not sure what that would be.   pivot DBX_Job_Metrics Job_Metrics median(duration) AS "Median of duration" SPLITROW _time AS _time PERIOD auto SPLITCOL input_name FILTER status is COMPLETED FILTER input_name is myinput SORT 100 _time ROWSUMMARY 0 COLSUMMARY 0 NUMCOLS 100 SHOWOTHER 1   Thanks again, Tom ... View more