I could not figure out how to markdown text in the comments, so I am posting my script as an answer.
Here is the python script
import time
import string
import splunk
import splunk.auth
import splunk.search
searchQuery = r"search sourcetype=retrans daysago=1 WARNING | sort _time"
splunk.mergeHostPath('splunkserv:8089', True)
key = splunk.auth.getSessionKey('user','passwd')
job = splunk.search.dispatch(searchQuery)
while not job.isDone:
time.sleep(1)
for x in job.events:
print x.fields
job.cancel()
... View more