Join the Conversation
- Find Answers
- :
- Using Splunk
- :
- Other Using Splunk
- :
- Reporting
- :
- Re: Help in Outputcsv command
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Outputcsv command will export the log to a csv file in var\run\splunk location. I have used only enterprise trial version of splunk and i want to know how will it be in real scenario where we have multiple indexers, searchheads etc. Where this file will be stored? Whether in the indexer or Searchhead or Deployment server .
Incase the file is located in an indexer or Search head , how can i access the file (inputcsv) from different indexer or searchhead instance.
I have a scenario where i have created a schedule search which will update the csv file. And i have dashboards created reading values from this csv file using inputcsv command. Right now it is working in Enterprise trial version (single splunk instance). In real scenario i want to know whether this csv file will be generated in a centralised location.
Thanks
Jagadish
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The CSV file will be created in the location (node/machine) where the search runs.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for your response.
Yes I am planning to use Search Head Pooling and savedsearch will be scheduled on Search Heads
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Are you planning to use Search Head pooling (may be using Shared NAS) and Will you be using a Separate JobServer instance for these saved searches or they will be scheduled on Search Heads only?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Where are you planning to keep your Saved Search which creates the CSV file and the search which is used for dashboard?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The CSV file will be created in the location (node/machine) where the search runs.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks Strive
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you want to write CSV file to same app's lookups directory then try using outputlookup command
http://docs.splunk.com/Documentation/Splunk/6.1.2/SearchReference/Outputlookup
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Modernize your Splunk Apps – Introducing Python 3.13 in Splunk
Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...
SplunkTrust Application Period is Officially OPEN!
