Solved: How to write splunk output in csv file using pytho...

harshal_chakran · ‎12-16-2013

Hi,

I have created an application using Django Binding, where I have a code in Python in which wrote a search query whose output am willing to save in csv file.
Following is my code:

kwargs_normalsearch = {"exec_mode": "normal"}

searchquery_normal = 'search * |search sourcetype.....'

job = service.jobs.create(searchquery_normal, **kwargs_normalsearch)

for result in results.ResultsReader(job.results()):

c = csv.writer(open("C:/NewFile.csv", "wb"))

c.writerow([result])

When I open the NewFile, it shows output as :

OrderedDict([('Parameter', '221')])

what I want is to show,'Parameter ' as heading and '221' as row value in csv file. Can I even fetch this values from it in order to use it for another purpose.
Please Help...!!!

Damien_Dallimor · ‎12-17-2013

Here is a simple code example , expand on it as necessary , but it returns the search results in CSV format and dumps to a file.

args = {'host':'somehost','port':8089,'username':'admin','password':'foobar'}
service = Service(**args)
service.login()   

job = service.jobs.create('search index=_internal | head 5', **{"exec_mode": "blocking"})
search_results = job.results(**{"output_mode": "csv"})

f = open("/Users/scoobydoo/NewFile.csv", 'w')

f.write(search_results.read())

View solution in original post

Damien_Dallimor · ‎12-17-2013

Here is a simple code example , expand on it as necessary , but it returns the search results in CSV format and dumps to a file.

args = {'host':'somehost','port':8089,'username':'admin','password':'foobar'}
service = Service(**args)
service.login()   

job = service.jobs.create('search index=_internal | head 5', **{"exec_mode": "blocking"})
search_results = job.results(**{"output_mode": "csv"})

f = open("/Users/scoobydoo/NewFile.csv", 'w')

f.write(search_results.read())

chi · ‎08-06-2020

I have executed the python query have the results.

The binding response reader results are in bytes and getting the TypeError while writing to CSV

Requesting help to export the search results to a CSV file.

Quick response is highly appreciated.

Thank you

raghav130593 · ‎01-27-2017

I had a question regarding output_mode for export search. In the export search, there's no search job created and the results are streamed. I wasn't able to find anything conclusive regarding setting output_mode of an export search to 'CSV'. I wanted to know how is it done?

harshal_chakran · ‎12-18-2013

Thanks Damien,

There is one more question in my mind.Is it possible that I can extract the values from search result , assign it to different variables and perform some arithmetic operations on it before saving it in csv file.??

martindurant · ‎01-21-2015

How about numpy.loadtxt(search_results, delimiter=',') ?

How to write splunk output in csv file using python code?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Announcing Modern Navigation: A New Era of Splunk User Experience

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

Join the Conversation