I have a list of hosts that are assigned to a tag so the user doesn't have to input the list of hosts manually in search. These hosts are changed occasionally and I have an external system that manages those changes. Is there any way to pull the host changes from the external system (which has an api) and dynamically populate my tags instead of manually changing them.
You can edit tags through Splunk's REST API: http://docs.splunk.com/Documentation/Splunk/latest/RESTREF/RESTknowledge#search.2Ftags
If you need Splunk to be the active "pulling" part, you could build a scripted or modular input that runs on a schedule, queries your external source, makes REST calls accordingly (and logs to Splunk, obviously).