I am searching events form data summary with meaningful search patterns. Now I need to post my results into share point link with CSV file format. I am using SPLUNK version 6 in Windows platform, How can I post my results into share point? I have to install any plug-in for this?
Have your scheduled search run an "exportcsv"/outputlookup command in the end and the exported csv file will be created in $SPLUNK_HOME/var/run/splunk folder. Later configure an scripted input to either push directly to sharepoint (using some API) or copy it to sharepoint's shared location.
I am connecting SPLUNK through web interface(UI) and I have only User and Dev permissions on my hand. Where I will get $SPLUNK_HOME/var/run/splunk folder.
okay. You can use outputlookup command in your search query and save as report from GUI. so that it will save your report in corresponding apps folder. Then use scripted inputs to post that data in sharepoint.
Below is the link for outputloookup command,
I have created csv file using output lookup, then I have installed "splunk app for unix" but I didn't get where to write script. I have searched a lot, we need to change in config file?
click on settings->Data Inputs->Scripts.
Scripth Path-> $SPLUNKHOME$/etc/apps/splunkappforunix/bin
Command -> your command or steps
Interval Inputs -> seconds
Source name override : optional
Thank you sbbadri, In Command block we can only select the script which one we have to run but I want to know how to copy my script into $SPLUNKHOME$/etc/apps/splunkappforunix/bin path
Then you don't have enough permission. So need to ask the right person to copy the scripts to $SPLUNKHOME/etc/apps/splunkappforunix through ssh to that server.