- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Retrieve/download the original source file(s) after a search
myli12
Path Finder
03-13-2012
12:18 PM
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
vincentguilbert
New Member
05-15-2012
02:44 AM
i actually have the same problem. I want to be able to download the original files when it is possible: for instance i index my logs from files not by listening on various port ...
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
myli12
Path Finder
03-13-2012
03:08 PM
The original data (source) file that contains the search results/events.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
MarioM
Motivator
03-13-2012
02:08 PM
which source file are you talking about?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
lguinn2
Legend
03-13-2012
02:03 PM
Try using the "show source" button, which is at the left side of each search result near the timestamp.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
araitz
Splunk Employee
03-14-2012
02:09 PM
Those files could be on forwarders, or not even files at all (for example, if the data source is syslog). If you can tell us why you need the entire file, maybe we can better assist you.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
myli12
Path Finder
03-14-2012
12:10 PM
The show source gives at most 1000 lines at a time. I am looking for downloading the entire file.