Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to create dump command and put datetime?

khyoung7410
Communicator
‎04-03-2018 08:26 AM

Hi

Ask about basefilename in dump command.
I would like to create a file by date with search results and I would like to put the time in basefilename as in the month and date.
What should I do?

My Search is:

 index=_audit 
    | eval date=strftime(_time,"%F %T") 
    | eval _dstpath=strftime(_time, "%Y%m/%d") 
    | dump basefilename=splunk format=csv fields="date, user, action, info, index, sourcetype"
0 Karma
Reply

s2_splunk
Splunk Employee
Splunk Employee
‎04-03-2018 10:38 AM

The only thing I can think of is to create a macro, since the dump command does not accept variables directly.

Example:
alt text

You can then do something like this:

<yoursearch> | eval myFileName="DumpFile_".strftime(now(),"%Y%m%d") | `dumpWithFilename(myFileName)`

Adjust your macro to include other parameters as needed.

Preview file
1 KB
0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...