I am searching events form data summary with meaningful search patterns. Now I need to post my results into share point link with CSV file format. I am using SPLUNK version 6 in Windows platform, How can I post my results into share point? I have to install any plug-in for this?
Have your scheduled search run an "exportcsv"/outputlookup command in the end and the exported csv file will be created in $SPLUNK_HOME/var/run/splunk folder. Later configure an scripted input to either push directly to sharepoint (using some API) or copy it to sharepoint's shared location.
@mohan401 I have similar use case. I am very new to written scripts. Could you please share the scripts that you have written.
Have your scheduled search run an "exportcsv"/outputlookup command in the end and the exported csv file will be created in $SPLUNK_HOME/var/run/splunk folder. Later configure an scripted input to either push directly to sharepoint (using some API) or copy it to sharepoint's shared location.
I am connecting SPLUNK through web interface(UI) and I have only User and Dev permissions on my hand. Where I will get $SPLUNK_HOME/var/run/splunk folder.
okay. You can use outputlookup command in your search query and save as report from GUI. so that it will save your report in corresponding apps folder. Then use scripted inputs to post that data in sharepoint.
Below is the link for outputloookup command,
http://docs.splunk.com/Documentation/SplunkCloud/6.5.1/SearchReference/Outputlookup
I have created csv file using output lookup, then I have installed "splunk app for unix" but I didn't get where to write script. I have searched a lot, we need to change in config file?
click on settings->Data Inputs->Scripts.
Scripth Path-> $SPLUNK_HOME$/etc/apps/splunk_app_for_unix/bin
Command -> your command or steps
Interval Inputs -> seconds
Interval ->
Source name override : optional
Thank you sbbadri, In Command block we can only select the script which one we have to run but I want to know how to copy my script into $SPLUNK_HOME$/etc/apps/splunk_app_for_unix/bin path
And one more thing actually I don't have Data Inputs option in settings. How to enable it?
Then you don't have enough permission. So need to ask the right person to copy the scripts to $SPLUNK_HOME/etc/apps/splunk_app_for_unix through ssh to that server.
For Data Inputs option you need to modify your role i.e., need to add right capabilities.
Below is the link,
https://docs.splunk.com/Documentation/Splunk/6.6.2/Admin/Authorizeconf
Can you know where Dashboards will save and how to copy to SharePoint link