@splunk_user4  It is possible but very difficult by design of splunk.  When I worked for Northrup Grumman, I wrote a dashboard exactly like this that would display results about users and allow the "SOC" administrator to Enable, disable, or delete a user account on the fly.   I do not recall the specifics of it now, but I will dig and try to find this data because it was certainly a labor of love at the time.   There was one specific scripting part where I had to dump the script output to "null" otherwise the script would hang.  Once I did that, we were able to execute python scripts using winRM to perform account actions. ... View more

This is INDEED the exact issue.  Editing via source and then simply closing/saving fixes the issue of the token adding spaces between each character which is then fed into any subsequent searches utilizing the token, which of course makes it fail.  Big thanks to "richardAtOmni" ... View more