Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to use Spring XML Application to read data and retrieve search results from Splunk and convert it into CSV format?

meduriphani
New Member
‎01-18-2017 12:22 PM

Hi,

I have an application (Spring XML Application) which needs to read data from Splunk and convert it into CSV format.

I am new to Splunk. Any guidance?

Thanks,
Phanendra

0 Karma
Reply

hunters_splunk
Splunk Employee
Splunk Employee
‎01-18-2017 06:55 PM

Hi Phanendra,

There are two search commands you can use to convert Splunk search results into .csv.

outputcsv
This command saves search results to the specified CSV file on the local search head in the $SPLUNK_HOME/var/run/splunk/csv directory. Updates to $SPLUNK_HOME/var/run/*.csv using the outputcsv command are not replicated across the cluster.
For details, see http://docs.splunk.com/Documentation/Splunk/6.5.1/SearchReference/Outputcsv.

outputlookup
Writes search results to a static lookup table or KV store collection that you specify.
For details, see http://docs.splunk.com/Documentation/Splunk/6.5.1/SearchReference/Outputlookup.

Hope this helps. Thanks!
Hunter

0 Karma
Reply

meduriphani
New Member
‎01-19-2017 06:50 AM

Hi Hunter,

Thank you for your reply. Another application is keep on writing the data. My Spring XML application has to query for every 2 minutes and retrieve the data in CSV format from the last fetch record. It should not read the data which is already read. The output CSV file must be returned to my application, It should not be saved onto local search head.

Right now, my application is throwing error the below error.

[java.lang.Error - Unresolved compilation problems:
The import com.google cannot be resolved
The import com.google cannot be resolved
JsonReader cannot be resolved to a type

Any suggestions?

Thanks,
Phanendra Meduri

0 Karma
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What’s New & Next in Splunk SOAR

Security teams today are dealing with more alerts, more tools, and more pressure than ever.  Join us for an ...

Observability Unlocked: Kubernetes Monitoring with Splunk Observability Cloud

 Ready to master Kubernetes and cloud monitoring like the pros? Join Splunk’s Growth Engineering team for an ...