Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

outputcsv - append field value in filename

vb1612
New Member
‎05-25-2019 06:25 PM

I have field name xyz , want to append value of this field in outputcsv filename

Tags (1)
0 Karma
Reply

koshyk
Super Champion
‎05-26-2019 01:50 AM

Something like this..

<your_search_to_get_xyz field>
|eval myCSVFile=xyz
| map search="search index=_internal| fields host,sourcetype,source|outputlookup $myCSVFile$.csv"

Above is an example.. Change it to your own searches to generate the xyz field and then apply it to the output of another search to generate outputlookup

0 Karma
Reply

DavidHourani
Super Champion
‎05-26-2019 12:24 AM

Hi @vb1612,

Where is your field located ? Is it in an index ? Are you trying to combine fields from multiple sources ?

Official documentation for output CSV is in Splunk docs :
https://docs.splunk.com/Documentation/Splunk/7.2.6/SearchReference/Outputcsv

So all you have to do is make sure your field is there before you run the outputcsv command:

index=yourindex sourcetype=yoursourcetype | fields fields_you_want_to_keep | outputcsv MyTestCsvFile

Pease provide some sample data if you want you help with your specific SPL.

Cheers,
David

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...