https://community.splunk.com/t5/Getting-Data-In/Retrieve-output-data-from-Splunk/m-p/298163#M92935 <P>Hi JosIJntema,<BR /> Yes, you can extract the number of events for each user, export results in a file and then categorize results in Excel.<BR /> to write the result of a Splunk search you can add at the end of your search the outputcsv command (see <A href="http://docs.splunk.com/Documentation/Splunk/6.6.0/SearchReference/Outputcsv">http://docs.splunk.com/Documentation/Splunk/6.6.0/SearchReference/Outputcsv</A>).<BR /> Remember that the folder where you can find csv files is fixed: $SPLUNK_HOME/var/run/splunk/csv</P> <P>But I'd prefer to do the same categorization adding to your app a lookup containing users and categories, in this way you can create a report with categories, users and the number of events for each user.<BR /> You have many advantages of this methis:</P> <UL> <LI>you'll use only one tool to create your report;</LI> <LI>you don't need to do manual operations on results;</LI> <LI>in addition, you can also verify if someone of your users hasn't events.</LI> </UL> <P>Bye.<BR /> Giuseppe</P> Wed, 17 May 2017 12:43:33 GMT gcusello 2017-05-17T12:43:33Z https://community.splunk.com/t5/Getting-Data-In/Retrieve-output-data-from-Splunk/m-p/298162#M92934 <P>Hi there,</P> <P>We want to get data from Splunk after a Splunk search has outputted the data in a file.</P> <P>Case<BR /> In Splunk we have events for each user. With these events we can categorise users in target groups. What we can do is make an output everyday where the users are updated and for each user id the target group is saved.</P> <P>How could I then query this information from for example a website?</P> <P>Is this a good use of Splunk? Is there another solution that better solves what I want to achieve?</P> <P>Thanks!</P> Wed, 17 May 2017 12:33:19 GMT https://community.splunk.com/t5/Getting-Data-In/Retrieve-output-data-from-Splunk/m-p/298162#M92934 JosIJntema 2017-05-17T12:33:19Z https://community.splunk.com/t5/Getting-Data-In/Retrieve-output-data-from-Splunk/m-p/298163#M92935 <P>Hi JosIJntema,<BR /> Yes, you can extract the number of events for each user, export results in a file and then categorize results in Excel.<BR /> to write the result of a Splunk search you can add at the end of your search the outputcsv command (see <A href="http://docs.splunk.com/Documentation/Splunk/6.6.0/SearchReference/Outputcsv">http://docs.splunk.com/Documentation/Splunk/6.6.0/SearchReference/Outputcsv</A>).<BR /> Remember that the folder where you can find csv files is fixed: $SPLUNK_HOME/var/run/splunk/csv</P> <P>But I'd prefer to do the same categorization adding to your app a lookup containing users and categories, in this way you can create a report with categories, users and the number of events for each user.<BR /> You have many advantages of this methis:</P> <UL> <LI>you'll use only one tool to create your report;</LI> <LI>you don't need to do manual operations on results;</LI> <LI>in addition, you can also verify if someone of your users hasn't events.</LI> </UL> <P>Bye.<BR /> Giuseppe</P> Wed, 17 May 2017 12:43:33 GMT https://community.splunk.com/t5/Getting-Data-In/Retrieve-output-data-from-Splunk/m-p/298163#M92935 gcusello 2017-05-17T12:43:33Z https://community.splunk.com/t5/Getting-Data-In/Retrieve-output-data-from-Splunk/m-p/298164#M92936 <P>You are describing <CODE>Summary Indexing</CODE>; read all about it here:</P> <P><A href="https://docs.splunk.com/Documentation/Splunk/6.6.0/Knowledge/Usesummaryindexing">https://docs.splunk.com/Documentation/Splunk/6.6.0/Knowledge/Usesummaryindexing</A></P> Wed, 17 May 2017 12:50:50 GMT https://community.splunk.com/t5/Getting-Data-In/Retrieve-output-data-from-Splunk/m-p/298164#M92936 woodcock 2017-05-17T12:50:50Z