Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Repopulate a CSV with data from a search using curl

joe06031990
Communicator
‎03-08-2020 01:28 AM

Hi, what is the best way to repopulate a csv with data from a search using curl but without using a username and password as I want to cron the search? Thanks

Labels (1)
Labels
Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

manjunathmeti
Champion
‎03-08-2020 09:51 PM

You can write a saved search in Splunk and schedule it. Use outputcsv command to write results to a csv file and this csv file will be created in $SPLUNK_HOME/var/run/splunk/csv.

<you search> | outputcsv create_empty=false MyTestCsvFile.csv

Note that for clustered search heads csv file is created where saved is ran and is not replicated to other search heads.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

manjunathmeti
Champion
‎03-08-2020 09:51 PM

You can write a saved search in Splunk and schedule it. Use outputcsv command to write results to a csv file and this csv file will be created in $SPLUNK_HOME/var/run/splunk/csv.

<you search> | outputcsv create_empty=false MyTestCsvFile.csv

Note that for clustered search heads csv file is created where saved is ran and is not replicated to other search heads.

0 Karma
Reply
Solved! Jump to solution

joe06031990
Communicator
‎03-09-2020 01:12 PM

manjunathmeti Thanks

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...