Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to create dump command and put datetime?

khyoung7410
Communicator
‎04-03-2018 08:26 AM

Hi

Ask about basefilename in dump command.
I would like to create a file by date with search results and I would like to put the time in basefilename as in the month and date.
What should I do?

My Search is:

 index=_audit 
    | eval date=strftime(_time,"%F %T") 
    | eval _dstpath=strftime(_time, "%Y%m/%d") 
    | dump basefilename=splunk format=csv fields="date, user, action, info, index, sourcetype"
0 Karma
Reply

s2_splunk
Splunk Employee
Splunk Employee
‎04-03-2018 10:38 AM

The only thing I can think of is to create a macro, since the dump command does not accept variables directly.

Example:
alt text

You can then do something like this:

<yoursearch> | eval myFileName="DumpFile_".strftime(now(),"%Y%m%d") | `dumpWithFilename(myFileName)`

Adjust your macro to include other parameters as needed.

Preview file
1 KB
0 Karma
Reply
Get Updates on the Splunk Community!

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...

Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation

As of Splunk Cloud Platform 9.3.2408 and Splunk Enterprise 9.4, classic dashboard export features are now ...