Getting Data In

How do I make a report save to a share on a different server every 24 hours?

Mick
Splunk Employee
Splunk Employee

I run a report every 24 hours, and I want to make the .csv results file available to multiple users afterwards. Can I configure the report to automatically save it to an alternate location rather than the default $SPLUNK_HOME/var/run/splunk/dispatch/<search_id>/results.csv.gz?

mzax
Splunk Employee
Splunk Employee

In order to send the search results to another location, you can use the search command: outputcsv. Documented at: http://www.splunk.com/base/Documentation/latest/SearchReference/Outputcsv

keeping the saved search artifact for longer in the $SPLUNK_HOME/var/run/splunk/dispatch dir, is done using the dispatch.ttl parameter in the saved search configuration. (It can get a bit complicated if there are actions that are triggered from the search).

See: http://www.splunk.com/base/Documentation/latest/Admin/Savedsearchesconf The default value for keeping the saved searches results is twice the time period.

mayler
Path Finder

You can also configure splunk to email those .csv results every day to anyone you want. It's in the saved search, alert actions, email and include results. Or you could trigger the shell script from the saved search-no need to issue command line search.

jfraiberg
Communicator

do the search via command line and you can specify where it goes, from there you can cron something to put it where ever you want.

The end of the search command can look something like this -

-format csv > "/usr/local/reports/whatever.csv.gz"

Get Updates on the Splunk Community!

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...