Hm, how about using it in scheduled searches (like, using splunk for reports)?
Folks interested might wanna try this small app: http://apps.splunk.com/app/1832/
hope ithelps
I agree. I work on a network with >100,000 endpoints and >80,000 users. There's currently no good way to get scheduled reports (CSV or PDF) that contains all the rows we normally need, automatically sent via the e-mail export function. I would be nice if the scheduling process would have a clean interface to request how many lines should be included at the time the e-mail is scheduled. In a perfect world the 'unlimited' option would be restricted based on user role, but I'd take the basic functionality without this if that's and extra complication.
I agree this feature would be very useful to overcome the 10,000 csv report issue.
To add, as a network admin, gathering logs from over 2000 network devices, firewalls and name servers, our security department is all over logs from these things. They like to see who's requesting dns lookups, which ip's are coming into the firewall, attempting to break in, probes, etc. With Splunk and being able to provide geo data on which countries are trying to come into the network, etc, providing them an excel spreadsheet over a csv would be ideal.
As there are limitations with the export to CSV to 10,000 events, an export to Excel from a scheduled search would be much more helpful, especially if it bypasses the 10,000 limit. Of course, this can be adjusted by changing the settings in the Splunk configurations manually, however, if you're an end user, without access to make changes to the code, you're out of luck if you need more than 10k lines exported currently.
I could implement something in the future that reports/alerts could use as a scripted alert action. Community: let me know if this would be useful.
Yes, it would be great if splunk will send e-mail with excel report. May be during year something changed and it is possible now?
@andrey2007 check out the TA-XLS, hope it helps
Hi, well there is some preexisting codebase like the excel creator add-in and the OData one... spending some time to create a decent working excel output would be really really really useful.