Solved: Repopulate a CSV with data from a search using cur...

joe06031990 · ‎03-08-2020

Hi, what is the best way to repopulate a csv with data from a search using curl but without using a username and password as I want to cron the search? Thanks

manjunathmeti · ‎03-08-2020

You can write a saved search in Splunk and schedule it. Use outputcsv command to write results to a csv file and this csv file will be created in $SPLUNK_HOME/var/run/splunk/csv.

<you search> | outputcsv create_empty=false MyTestCsvFile.csv

Note that for clustered search heads csv file is created where saved is ran and is not replicated to other search heads.

View solution in original post

manjunathmeti · ‎03-08-2020

You can write a saved search in Splunk and schedule it. Use outputcsv command to write results to a csv file and this csv file will be created in $SPLUNK_HOME/var/run/splunk/csv.

<you search> | outputcsv create_empty=false MyTestCsvFile.csv

Note that for clustered search heads csv file is created where saved is ran and is not replicated to other search heads.

joe06031990 · ‎03-09-2020

manjunathmeti Thanks

Repopulate a CSV with data from a search using curl

CSV

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!