Thanks for the advice, I looked into alerts, and I'm not sure that the alert solution is correct for my particular application. This is because the criteria for triggering the block are diverse and inconsistent. The same set of conditions that in one instance would require a block, in a another would not. Really just looking for a new argument to supply to a specific search i.e. "search | uniq | block" that would trigger the block. I have found that it is easy enough to trigger the action, I have having problems accessing the data, also debugging python is a huge pain inside of splunk.
... View more