Other Usage
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Exporting data and importing into another Splunk instance

CSReviews
Loves-to-Learn
‎04-02-2024 05:44 PM

I am planning on teaching others how to use Splunk to search through data, similar to the Splunk boss of the soc challenges-

https://github.com/splunk/botsv3

Similarly, I would like to export the data I generated in my Splunk instance to then have students import into there's to follow along. The only way I can figure out how to do this is from running a search and using the export feature. Is there a recommendation for this? 

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎05-16-2024 12:59 PM

Hi

there some apps, which you could use to generate continuously sample data. Probably mostly used is eventgen https://splunkbase.splunk.com/app/1924

One option is just e.g. tar that index and untar it on target systems. Of course you need to do also app for defining it on those target systems. This needs that those nodes are enough equal like same Linux etc. If I recall right something like this was done for those older bots datasets?

r. Ismo

0 Karma
Reply

splunkreal
Motivator
‎05-16-2024 12:10 PM

Hello @CSReviews you can export as csv file it's then easy to import.

https://hurricanelabs.com/splunk-tutorials/ingesting-a-csv-file-into-splunk/

"Upload with Splunk Web"

 

 

* If this helps, please upvote or accept solution if it solved *
0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...