Archive
Highlighted

How to post "events data file.csv" from Splunk to sharepoint.

Engager

I am searching events form data summary with meaningful search patterns. Now I need to post my results into share point link with CSV file format. I am using SPLUNK version 6 in Windows platform, How can I post my results into share point? I have to install any plug-in for this?

0 Karma
Highlighted

Re: How to post "events data file.csv" from Splunk to sharepoint.

Motivator

Have your scheduled search run an "exportcsv"/outputlookup command in the end and the exported csv file will be created in $SPLUNK_HOME/var/run/splunk folder. Later configure an scripted input to either push directly to sharepoint (using some API) or copy it to sharepoint's shared location.

View solution in original post

0 Karma
Highlighted

Re: How to post "events data file.csv" from Splunk to sharepoint.

Engager

I am connecting SPLUNK through web interface(UI) and I have only User and Dev permissions on my hand. Where I will get $SPLUNK_HOME/var/run/splunk folder.

0 Karma
Highlighted

Re: How to post "events data file.csv" from Splunk to sharepoint.

Motivator

okay. You can use outputlookup command in your search query and save as report from GUI. so that it will save your report in corresponding apps folder. Then use scripted inputs to post that data in sharepoint.

Below is the link for outputloookup command,

http://docs.splunk.com/Documentation/SplunkCloud/6.5.1/SearchReference/Outputlookup

0 Karma
Highlighted

Re: How to post "events data file.csv" from Splunk to sharepoint.

Engager

I have created csv file using output lookup, then I have installed "splunk app for unix" but I didn't get where to write script. I have searched a lot, we need to change in config file?

0 Karma
Highlighted

Re: How to post "events data file.csv" from Splunk to sharepoint.

Motivator

click on settings->Data Inputs->Scripts.

Scripth Path-> $SPLUNKHOME$/etc/apps/splunkappforunix/bin
Command -> your command or steps
Interval Inputs -> seconds
Interval ->
Source name override : optional

0 Karma
Highlighted

Re: How to post "events data file.csv" from Splunk to sharepoint.

Engager

Thank you sbbadri, In Command block we can only select the script which one we have to run but I want to know how to copy my script into $SPLUNKHOME$/etc/apps/splunkappforunix/bin path

0 Karma
Highlighted

Re: How to post "events data file.csv" from Splunk to sharepoint.

Engager

And one more thing actually I don't have Data Inputs option in settings. How to enable it?

0 Karma
Highlighted

Re: How to post "events data file.csv" from Splunk to sharepoint.

Motivator

Then you don't have enough permission. So need to ask the right person to copy the scripts to $SPLUNKHOME/etc/apps/splunkappforunix through ssh to that server.

0 Karma
Highlighted

Re: How to post "events data file.csv" from Splunk to sharepoint.

Motivator

For Data Inputs option you need to modify your role i.e., need to add right capabilities.

Below is the link,
https://docs.splunk.com/Documentation/Splunk/6.6.2/Admin/Authorizeconf

0 Karma