https://community.splunk.com/t5/Reporting/pushing-splunk-results-automatically/m-p/15252#M207 <P>thank you, very helpfull</P> Tue, 22 Jun 2010 20:39:55 GMT riderofyamaha 2010-06-22T20:39:55Z https://community.splunk.com/t5/Reporting/pushing-splunk-results-automatically/m-p/15249#M204 <P>I have a question regarding having specific splunk data that is automatically searched for exported to a different database automatically. not much information i know, but i cant think of how else to ask, thanks for your input</P> Thu, 10 Jun 2010 22:28:02 GMT https://community.splunk.com/t5/Reporting/pushing-splunk-results-automatically/m-p/15249#M204 riderofyamaha 2010-06-10T22:28:02Z https://community.splunk.com/t5/Reporting/pushing-splunk-results-automatically/m-p/15250#M205 <P>I can think of 3 ways to accomplish this:</P> <OL> <LI><P><STRONG>Scripted Alert</STRONG> - setup a schedule search which kicks off a script to write the results of the search to a database. Splunk will schedule and execute the search, pass the search results to the script, and the script will handle the DB connection and write. This would be completely automated. <A href="http://www.splunk.com/base/Documentation/latest/Admin/Configurescriptedalerts" rel="nofollow">How to create a scripted alert.</A></P></LI> <LI><P><STRONG>Custom Search Command</STRONG> - create a Splunk search command which can be used inline on the search bar with any search. Use the search command just like you would the <CODE>fields, top, stats</CODE> commands. For example, your search would call this new command like this: <CODE>... | export2DB</CODE>. This calls a python script on the backend to handle the actual DB connection and writes. <A href="http://www.splunk.com/base/Documentation/latest/Developer/SearchScripts" rel="nofollow">How to create a custom search command.</A></P></LI> <LI><P><STRONG>Event-Level Workflow</STRONG> - add an option in the event drop-down menu to write the event to the DB. This is similar to the first 2 options, but operates on a per-event basis rather than the entire result set. <A href="http://www.splunk.com/base/Documentation/latest/Knowledge/CreateworkflowactionsinSplunkWeb?r=searchtip" rel="nofollow">How to create a workflow action.</A></P></LI> </OL> <P>I hope this gives you some options. Let us know how you proceed.</P> Fri, 11 Jun 2010 04:44:17 GMT https://community.splunk.com/t5/Reporting/pushing-splunk-results-automatically/m-p/15250#M205 hulahoop 2010-06-11T04:44:17Z https://community.splunk.com/t5/Reporting/pushing-splunk-results-automatically/m-p/15251#M206 <P>You may want to check SplunkMSE. See the <A href="http://blogs.splunk.com/2010/02/10/sql-splunk-splunkmse/" rel="nofollow">Splunk MySQL Storage Engine</A> blog entry for additional info.</P> Sat, 12 Jun 2010 03:08:52 GMT https://community.splunk.com/t5/Reporting/pushing-splunk-results-automatically/m-p/15251#M206 Lowell 2010-06-12T03:08:52Z https://community.splunk.com/t5/Reporting/pushing-splunk-results-automatically/m-p/15252#M207 <P>thank you, very helpfull</P> Tue, 22 Jun 2010 20:39:55 GMT https://community.splunk.com/t5/Reporting/pushing-splunk-results-automatically/m-p/15252#M207 riderofyamaha 2010-06-22T20:39:55Z