Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to use Spring XML Application to read data and retrieve search results from Splunk and convert it into CSV format?

meduriphani
New Member
‎01-18-2017 12:22 PM

Hi,

I have an application (Spring XML Application) which needs to read data from Splunk and convert it into CSV format.

I am new to Splunk. Any guidance?

Thanks,
Phanendra

0 Karma
Reply

hunters_splunk
Splunk Employee
Splunk Employee
‎01-18-2017 06:55 PM

Hi Phanendra,

There are two search commands you can use to convert Splunk search results into .csv.

outputcsv
This command saves search results to the specified CSV file on the local search head in the $SPLUNK_HOME/var/run/splunk/csv directory. Updates to $SPLUNK_HOME/var/run/*.csv using the outputcsv command are not replicated across the cluster.
For details, see http://docs.splunk.com/Documentation/Splunk/6.5.1/SearchReference/Outputcsv.

outputlookup
Writes search results to a static lookup table or KV store collection that you specify.
For details, see http://docs.splunk.com/Documentation/Splunk/6.5.1/SearchReference/Outputlookup.

Hope this helps. Thanks!
Hunter

0 Karma
Reply

meduriphani
New Member
‎01-19-2017 06:50 AM

Hi Hunter,

Thank you for your reply. Another application is keep on writing the data. My Spring XML application has to query for every 2 minutes and retrieve the data in CSV format from the last fetch record. It should not read the data which is already read. The output CSV file must be returned to my application, It should not be saved onto local search head.

Right now, my application is throwing error the below error.

[java.lang.Error - Unresolved compilation problems:
The import com.google cannot be resolved
The import com.google cannot be resolved
JsonReader cannot be resolved to a type

Any suggestions?

Thanks,
Phanendra Meduri

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...
Top