To augment the built-in commands, Splunk provides the ability to write commands in Python and Perl. You can write commands to modify events, replace events, and even dynamically produce events.
While external commands can be very useful, if the number of events to be processed is large or if performance is a concern, it should be considered a last resort. You should make every effort to accomplish the task at hand using the search language built into Splunk or other built-in features. For instance, if you want to accomplish any of the following tasks, make sure you know what to do, which is what is discussed here:
To use regular expressions, learn to use
rex,regex, and extracted fieldsTo calculate a new field or modify an existing field, look into
eval(search forsplunkevalfunctions with your favorite search engine)To augment your results with external data, learn to use lookups, which can also be a script if need be
To read external data that...