Solved: Repopulate a CSV with data from a search using cur...

joe06031990 · ‎03-08-2020

Hi, what is the best way to repopulate a csv with data from a search using curl but without using a username and password as I want to cron the search? Thanks

manjunathmeti · ‎03-08-2020

You can write a saved search in Splunk and schedule it. Use outputcsv command to write results to a csv file and this csv file will be created in $SPLUNK_HOME/var/run/splunk/csv.

<you search> | outputcsv create_empty=false MyTestCsvFile.csv

Note that for clustered search heads csv file is created where saved is ran and is not replicated to other search heads.

View solution in original post

manjunathmeti · ‎03-08-2020

You can write a saved search in Splunk and schedule it. Use outputcsv command to write results to a csv file and this csv file will be created in $SPLUNK_HOME/var/run/splunk/csv.

<you search> | outputcsv create_empty=false MyTestCsvFile.csv

Note that for clustered search heads csv file is created where saved is ran and is not replicated to other search heads.

joe06031990 · ‎03-09-2020

manjunathmeti Thanks

Repopulate a CSV with data from a search using curl

CSV

AI for AppInspect

App Platform's 2025 Year in Review: A Year of Innovation, Growth, and Community

Operationalizing Entity Risk Score with Enterprise Security 8.3+

Join the Conversation

Repopulate a CSV with data from a search using curl

CSV

AI for AppInspect

App Platform's 2025 Year in Review: A Year of Innovation, Growth, and Community

Operationalizing Entity Risk Score with Enterprise Security 8.3+