Sorry PickleRick, have been heads down on some stuff the last few days. So to answer your question, yes, I can get the uuid I need from an existing event inside splunk.  I, however, had one of those famous IT 'aha' moments after I stepped away from this for a bit. I retrofitted my add-on python code to just glean the uuid's through its own API call, put them in a list, and then loop through them as part of what it does to get the data. So all-in-all, problem solved. Thanks for your assistance! ... View more

I am fairly new to splunking (if we are being honest), but thank you for your response. Below is some cleaned-up code of what I am trying to do. The issue is that I dont know the 'uuid' variable until I run some queries on other data sources.   def collect_events(helper, ew): opt_api_key=str(helper.get_global_setting('csw_api_key')) opt_api_secret=str(helper.get_global_setting('csw_api_secret')) API_ENDPOINT=str(helper.get_global_setting('csw_url')) opt_uuid=str(helper.get_arg('uuid')) #auth restclient = RestClient(API_ENDPOINT, api_key=opt_api_key, api_secret=opt_api_secret, verify=False) #GET resp = restclient.get('/workload/'+ opt_uuid) #Turn Resp into python list r_status=resp.status_code if r_status !=200: resp.raise_for_status() parsed_resp = resp.json() event = helper.new_event(json.dumps(parsed_resp), time=None, host=None, index=None, source=None, sourcetype=None, done=True, unbroken=True) ew.write_event(event)   ... View more