I agree. I work on a network with >100,000 endpoints and >80,000 users. There's currently no good way to get scheduled reports (CSV or PDF) that contains all the rows we normally need, automatically sent via the e-mail export function. I would be nice if the scheduling process would have a clean interface to request how many lines should be included at the time the e-mail is scheduled. In a perfect world the 'unlimited' option would be restricted based on user role, but I'd take the basic functionality without this if that's and extra complication.
To add, as a network admin, gathering logs from over 2000 network devices, firewalls and name servers, our security department is all over logs from these things. They like to see who's requesting dns lookups, which ip's are coming into the firewall, attempting to break in, probes, etc. With Splunk and being able to provide geo data on which countries are trying to come into the network, etc, providing them an excel spreadsheet over a csv would be ideal.
As there are limitations with the export to CSV to 10,000 events, an export to Excel from a scheduled search would be much more helpful, especially if it bypasses the 10,000 limit. Of course, this can be adjusted by changing the settings in the Splunk configurations manually, however, if you're an end user, without access to make changes to the code, you're out of luck if you need more than 10k lines exported currently.
Hi, well there is some preexisting codebase like the excel creator add-in and the OData one... spending some time to create a decent working excel output would be really really really useful.