Given that macros lack the ability to take variable length arguments or parse a single arg into several args. what I'd like to do is create custom event generating commands in python that execute searches underneath the hood. a simple example would be a SQL 'in' syntax generator.
sqlIn( Id, 11, 33, 44 ) # where no of args can vary
would execute the search below and return the events in splunk UI or piped to subsequent commands.
index=* ( Id=11 OR Id=33 OR Id=44 )
The best way I can think of doing this is the create a event-generating command and execute the search via the rest API ( which seems clunky ) is there a way execute a search from the splunk search head calling this py script without having to infer the REST URL with env variables etc?
Even better
I'd like to be able to generate macro text from Python functions which when added to the /bin directory can be used like a normal macro.
... View more