https://community.splunk.com/t5/Splunk-Search/Dump-Command-How-to-Save-Files-on-Remote-Path-and-Question-About/m-p/112094#M183709 <P>The maxlocal argument never worked properly and has been removed from the code and the documentation.</P> Thu, 03 Aug 2017 15:53:47 GMT lstewart_splunk 2017-08-03T15:53:47Z https://community.splunk.com/t5/Splunk-Search/Dump-Command-How-to-Save-Files-on-Remote-Path-and-Question-About/m-p/112091#M183706 <P>We're trying to export data out of a very large splunk index using the dump command into multiple csv files where the min file size is 1GB of each file. </P> <P>E.g here's our command ...|dump basefilename=netezza rollsize=1024 format=csv </P> <P>What we want is to have the files saved on a remote location not local on the Splunk server. Is there a way to do this?</P> <P>Also, what does the maxlocal parameter mean? We're a little confused by that. It says once it reaches 1GB it moves it to HDFS? We don't have HDFS configured, what happens once it reaches 1GB? Is there a way to make maxlocal unlimited?</P> Fri, 15 May 2015 17:15:41 GMT https://community.splunk.com/t5/Splunk-Search/Dump-Command-How-to-Save-Files-on-Remote-Path-and-Question-About/m-p/112091#M183706 steverimar 2015-05-15T17:15:41Z https://community.splunk.com/t5/Splunk-Search/Dump-Command-How-to-Save-Files-on-Remote-Path-and-Question-About/m-p/112092#M183707 <P>Did you ever come across a way to do this or get it to work correctly.</P> <P>I could see this being useful in an incident response investigation where we needed to give a large data set out to vendor or 3rd party for analysis rather than searching within splunk.</P> Mon, 14 Sep 2015 12:12:56 GMT https://community.splunk.com/t5/Splunk-Search/Dump-Command-How-to-Save-Files-on-Remote-Path-and-Question-About/m-p/112092#M183707 millern4 2015-09-14T12:12:56Z https://community.splunk.com/t5/Splunk-Search/Dump-Command-How-to-Save-Files-on-Remote-Path-and-Question-About/m-p/112093#M183708 <P>@steverimar were you able to figure this out? <BR /> I am using Splunk 6.4.2. With dump command, when I provide maxlocal argument, it complains and returns error 'invalid argument' (not using HDFS). Did you find a way to save the output in remote system? </P> Wed, 03 Aug 2016 19:31:29 GMT https://community.splunk.com/t5/Splunk-Search/Dump-Command-How-to-Save-Files-on-Remote-Path-and-Question-About/m-p/112093#M183708 kausar 2016-08-03T19:31:29Z https://community.splunk.com/t5/Splunk-Search/Dump-Command-How-to-Save-Files-on-Remote-Path-and-Question-About/m-p/112094#M183709 <P>The maxlocal argument never worked properly and has been removed from the code and the documentation.</P> Thu, 03 Aug 2017 15:53:47 GMT https://community.splunk.com/t5/Splunk-Search/Dump-Command-How-to-Save-Files-on-Remote-Path-and-Question-About/m-p/112094#M183709 lstewart_splunk 2017-08-03T15:53:47Z https://community.splunk.com/t5/Splunk-Search/Dump-Command-How-to-Save-Files-on-Remote-Path-and-Question-About/m-p/112095#M183710 <P>Did you get this resolved?<BR /> I've done something similar, there are a couple of ways to get the data onto a remote server.<BR /> In the past I have setup a SSHFS mount at <CODE>$SPLUNK_HOME/var/run/splunk/dispatch</CODE>, note that this location will be used for all searches.<BR /> Stop Splunk before mounting the directory, you'll need to temporarily move out the old directory in order to mount it correctly. Check the file permissions are correct and then start Splunk.<BR /> The output of your DUMP commands will now be in <CODE>$SPLUNK_HOME/var/run/splunk/dispatch/&lt;sid&gt;/dump/</CODE> where is the ID of your search. <BR /> It isnt the most elegant solution but it worked for me.</P> <P>Hope this helps! </P> Mon, 05 Mar 2018 10:35:14 GMT https://community.splunk.com/t5/Splunk-Search/Dump-Command-How-to-Save-Files-on-Remote-Path-and-Question-About/m-p/112095#M183710 livehybrid 2018-03-05T10:35:14Z