You can change the output mode to csv which will parse it for you.
import splunklib.client as client
import splunklib.results as results
import csv
service = client.connect(
host=HOST,
port=PORT,
username=un,
password=pwd
query= """search {+enter your query here}"""
results_kwargs = {
"earliest_time": "-30min",
# or "earliest_time": datetime.datetime(2015, 6, 29).isoformat()
"latest_time": "now",
"search_mode": "normal",
"output_mode": "csv"
}
oneshotsearch_results = service.jobs.oneshot(query, **results_kwargs)
f=open('myresults.csv', 'w')
f.write(oneshotsearch_results.read())
f.close()
... View more