Solved: Repopulate a CSV with data from a search using cur...

joe06031990 · ‎03-08-2020

Hi, what is the best way to repopulate a csv with data from a search using curl but without using a username and password as I want to cron the search? Thanks

manjunathmeti · ‎03-08-2020

You can write a saved search in Splunk and schedule it. Use outputcsv command to write results to a csv file and this csv file will be created in $SPLUNK_HOME/var/run/splunk/csv.

<you search> | outputcsv create_empty=false MyTestCsvFile.csv

Note that for clustered search heads csv file is created where saved is ran and is not replicated to other search heads.

View solution in original post

manjunathmeti · ‎03-08-2020

You can write a saved search in Splunk and schedule it. Use outputcsv command to write results to a csv file and this csv file will be created in $SPLUNK_HOME/var/run/splunk/csv.

<you search> | outputcsv create_empty=false MyTestCsvFile.csv

Note that for clustered search heads csv file is created where saved is ran and is not replicated to other search heads.

View solution in original post

joe06031990 · ‎03-09-2020

manjunathmeti Thanks

Repopulate a CSV with data from a search using curl

CSV

Best of Community @.conf20
Humans That Splunk: Meet Abhishek...
Humans That Splunk: Meet Guiseppe...

Visit our Community Blog >

Repopulate a CSV with data from a search using curl

CSV

Best of Community @.conf20 Humans That Splunk: Meet Abhishek... Humans That Splunk: Meet Guiseppe... Visit our Community Blog >

Best of Community @.conf20
Humans That Splunk: Meet Abhishek...
Humans That Splunk: Meet Guiseppe...

Visit our Community Blog >