Yes i am trying with the following script:

!C:/Program Files/Splunk/bin/python

import sys, csv

def openany(p):

if  p.endswith(".gz"):
    import gzip
    return gzip.open(p)

else:
    return open(p)

results_file = sys.argv[9]
for result in csv.DictReader(openany(results_file)):

Do whatever action with your results ...

print results["_raw"]

But its not working 😞

Can you help me with this??

Test your script first.

Run your script manually against any results.csv.gz file (you can find them in $SPLUNK_HOME/var/run/splunk/dispatch/ )

eg
python pyalert.py 0 1 2 3 4 5 6 7 ./results.csv.gz

You should get a stacktrace from python telling you whats going wrong. I can't tell you 100% from looking at your code but I'm guessing you're missing an indent in the final for loop, and 'results' is not defined anywhere

This might work better:

for result in csv.DictReader(openany(results_file)):
           print result

Yes it worked 🙂
Thanks a lot @jplumsdaine22 & @jeffland

@jplumsdaine22, you can format your text almost any way you like when you use the code mode:

leave one line blank and indent by four spaces
  and then
                             you can indent as much as you like
                             and have monospaced font

i need to print (to a file) the search results when the alert is triggered, lets say i have 3 columns in the search results, i need to send the result values of these 3 columns to another file .

I am now trying in 6.3 version (trial version), but i will be implementing in 6.2 version. Is there any changes in scripts or functionalities when we use latest version of splunk??