Archive
Highlighted

Automate: Execute a Splunk search and export the results to CSV on a windows machine

New Member

Hi Experts,
I'm a new bee to Splunk. and I am trying to find an automated way to execute a splunk search, export the results in a csv format to my Windows 7 VM or a share drive. The aim is to load the data to a SQL Server.

With the Splunk set-up that we have, We cannot use DB-Connect. A few teams are using python script to execute and automate this process but I am not a linux or a python coder. Hence struggling to automate it.

Can anyone please hep me on how to automate the process.

Thanks,
Krishna.

Tags (1)
0 Karma
Highlighted

Re: Automate: Execute a Splunk search and export the results to CSV on a windows machine

Ultra Champion

Hi Krishna,

A similar question at how to export search result to my local directories in csv

It says -

alt text

0 Karma
Highlighted

Re: Automate: Execute a Splunk search and export the results to CSV on a windows machine

New Member

Thank you for the direction. I did try this option. However, looks like we do not have access to save or schedule searches 😞 .

0 Karma
Highlighted

Re: Automate: Execute a Splunk search and export the results to CSV on a windows machine

Super Champion

Multiple approaches.
1. If you have access to the server, then you can run "Splunk command line search directly" and put an outputcsv at the end of search. (or you can make the whole thing into a savedsearch if it is repetitive)
2. You can use CURL if you want to access remotely using REST Api . This is the best method, if you want to interact pro-grammatically and do external juggling.
3. You don't even need to trigger scripts it but generate it within Splunk. e.g. schedule it as a report within Splunk and send/export out as alert/report etc. (Always remember Splunk is ultimately a mathematical engine and you can do anything which is possible out using code)

0 Karma
Highlighted

Re: Automate: Execute a Splunk search and export the results to CSV on a windows machine

New Member

Thank you for the instant response.

I am a SQL/BI person, hence is challenged with coding. I did review the CURL "Remotely using REST API". Copule of Questions

  1. Is the Python example a working model?
  2. How can the Python code be executed and scheduled on a windows machine (sorry for being dumb here)
  3. Is there a working model where I can plug in my Splunk Search, and magically get the output in csv :).... I know its too much to ask for.

Thanks in advance for the help.
Krishna.

0 Karma
Highlighted

Re: Automate: Execute a Splunk search and export the results to CSV on a windows machine

Super Champion

if you want to schedule, why you can't schedule it within splunk and export it outside? (like the option 3 I mentioned).
You don't even need a python code to execute curl. You can run install curl utility on windows and just run on "cmd" prompt. In python, you have a curl utility (pycurl) which can do the similar. It is just a oneliner

0 Karma