Raw data back to files


Is there a way to convert all the raw data of a particular index to a file.

We have ingested data from files to splunk. The rawdata of that index is over 500GB. We would like to convert the raw data back to files and store data on other external storages for other purpose. Is it possible to do so.

Tags (2)
0 Karma


Easiest way would be, Run a python script which runs splunk search , fetches data and put it into file.


Hi ankithreddy777,
you can run a search like


and then use the export button (on the high right) choosing the "raw data" option as export format (the other are csv, xml and json).
Otherwise you can add the outputtext command to the previous search (see ) but in this case you export index on the server.