Solved: Repopulate a CSV with data from a search using cur...

joe06031990 · ‎03-08-2020

Hi, what is the best way to repopulate a csv with data from a search using curl but without using a username and password as I want to cron the search? Thanks

manjunathmeti · ‎03-08-2020

You can write a saved search in Splunk and schedule it. Use outputcsv command to write results to a csv file and this csv file will be created in $SPLUNK_HOME/var/run/splunk/csv.

<you search> | outputcsv create_empty=false MyTestCsvFile.csv

Note that for clustered search heads csv file is created where saved is ran and is not replicated to other search heads.

View solution in original post

manjunathmeti · ‎03-08-2020

You can write a saved search in Splunk and schedule it. Use outputcsv command to write results to a csv file and this csv file will be created in $SPLUNK_HOME/var/run/splunk/csv.

<you search> | outputcsv create_empty=false MyTestCsvFile.csv

Note that for clustered search heads csv file is created where saved is ran and is not replicated to other search heads.

joe06031990 · ‎03-09-2020

manjunathmeti Thanks

Repopulate a CSV with data from a search using curl

CSV

Leveraging Detections from the Splunk Threat Research Team & Cisco Talos

New in Splunk Observability Cloud: Automated Archiving for Unused Metrics

Calling All Security Pros: Ready to Race Through Boston?

Are you a member of the Splunk Community?

Repopulate a CSV with data from a search using curl

CSV

Leveraging Detections from the Splunk Threat Research Team & Cisco Talos

New in Splunk Observability Cloud: Automated Archiving for Unused Metrics

Calling All Security Pros: Ready to Race Through Boston?