I'm a new bee to Splunk. and I am trying to find an automated way to execute a splunk search, export the results in a csv format to my Windows 7 VM or a share drive. The aim is to load the data to a SQL Server.
With the Splunk set-up that we have, We cannot use DB-Connect. A few teams are using python script to execute and automate this process but I am not a linux or a python coder. Hence struggling to automate it.
Can anyone please hep me on how to automate the process.
1. If you have access to the server, then you can run "Splunk command line search directly" and put an
outputcsv at the end of search. (or you can make the whole thing into a savedsearch if it is repetitive)
2. You can use CURL if you want to access remotely using REST Api . This is the best method, if you want to interact pro-grammatically and do external juggling.
3. You don't even need to trigger scripts it but generate it within Splunk. e.g. schedule it as a report within Splunk and send/export out as alert/report etc. (Always remember Splunk is ultimately a mathematical engine and you can do anything which is possible out using code)
Thank you for the instant response.
I am a SQL/BI person, hence is challenged with coding. I did review the CURL "Remotely using REST API". Copule of Questions
Thanks in advance for the help.
if you want to schedule, why you can't schedule it within splunk and export it outside? (like the option 3 I mentioned).
You don't even need a python code to execute curl. You can run install curl utility on windows and just run on "cmd" prompt. In python, you have a curl utility (pycurl) which can do the similar. It is just a oneliner