Using custom commands is an advanced feature within Splunk, and requires a Python developer in order to create one. The advantage to this is that, if you have a system that you need to run a command on in real time to, say, check memory utilization, CPU utilization, or even unlock a user account or restart a service, you can leverage this technique and then have your Splunk alerts/searches perform these functions in real time. It really might be a good idea to reference the free, pre-built alert action apps on Splunkbase. They can be an extremely valuable jumping-off point for someone who wants to build a custom action, but perhaps isn't sure how to. Let's say we want to restart a remote service when a specific ...