I see two possible ways:
What would most likely be the "cleanest" way is creating a custom alert action. You could then schedule a search and have your custom alert action trigger, it being provided with the result of that search. I've not done this yet and please be aware that Splunk still runs Python 2 (sadly).
You could start on that here.
The quick and dirty approach would be run Splunk CLI and have it output the results in CSV style, then load that CSV into your python and there you go.
The CLI command could be like this:
splunk search "index=badguys yoursearchhere | stats count by something" -output csv -auth admin:changeme
Pick your poison. 😉
Hope that helps - if it does I'd be happy if you would upvote/accept this answer, so others could profit from it. 🙂
... View more