- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Is the Scheduled Export of Indexed Data (SEND) to ...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Is the Scheduled Export of Indexed Data (SEND) to File app the best way to schedule an export to sftp?
I'm looking at the Scheduled Export of Indexed Data (SEND) to File app from Splunkbase
https://splunkbase.splunk.com/app/2914/
If I understand it as it stands - it is only going to try and write an alert output to a directory/file visible to the search head. I am looking for ways to push (scheduled search/alert) CSV to an SFTP location. And crucially, this will be from Splunk Cloud.
Is this app a good way to do this? Would they basically just edit the sendfile.py to send to their sftp location and get that vetted as if it was their app?
Please also comment how this approach differs from a scheduled search with script output.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello, @Damien Dallimore I am using your Send to File app and see the following error in the View log events of the app.
This the search it produces: index=_internal sourcetype=splunkd component=sendmodalert action="sendfile"
Error 1: Alert action script returned error code=2 OR Failed trying to send file
Error 2: 01-30-2019 17:04:27.261 -0500 ERROR sendmodalert - action=sendfile STDERR - [Errno 2] No such file or directory: u'\\WS101\FTP_From_AIX\SPLUNK_Demand_Reports/Fax_Test2'
I believe under the Send to File - Trigger Actions - Directory Output - its unable to find that server path.
Can you share some guidance (or an example) on how that path should be entered?
I placed the complete for i.e: \WS101\FTP_From_AIX\SPLUNK_Demand_Reports
Note: It's a Windows server.
Thank you,
ARock
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You understand correctly.
The intent of that App I put on Splunkbase is to demonstrate how you might implement a scheduled export of data using a Modular Alert.
So you can take the code and then use it as a base template for your use case , in your case , SFTP export.
You can take a copy of the code from Splunkbase or get it here :
Then add in your SFTP logic (only a couple of lines in Python most likely), dummy code example only…..
import pysftp
import sys,os
import json
def send_file(file,settings):
print >> sys.stderr, "DEBUG Sending file with settings %s" % settings
param_sftp_host = settings.get('sftp_host')
param_username = settings.get('username')
param_password = settings.get('password')
try:
srv = pysftp.Connection(host=param_sftp_host, username=param_username,password=param_password)
srv.put(file)
srv.close()
return True
except Exception as tre:
print >> sys.stderr,tre
return False
except:
e = sys.exc_info()[0]
print >> sys.stderr, "ERROR Error sending file: %s" % e
return False
Also :
Setup the sftp_host/username/password as parameters the user can enter when the setup their alert via SplunkWeb
Rename your App
Add some docs
Add app icons
Then bundle up your new App , publish to Splunkbase , and submit for Cloud vetting.
.conf24 | Registration Open!
ICYMI - Check out the latest releases of Splunk Edge Processor
Introducing the 2024 SplunkTrust!
