Reporting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How do I export first 5 minutes of a server log?

sebtardif
New Member
‎10-05-2017 04:57 AM

Everything I have is always sent to Splunk. We don't have any native files. I have a third party vendor that want the log of the first 5 minutes after my application server started. How can I do that?

Tags (2)
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎10-05-2017 05:24 AM

Write a search for the application logs spanning the period you need. Then click the Export icon and choose a format for the export.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

DalJeanis
Legend
‎10-05-2017 09:09 AM

So, to be even more specific -
1) Identify what source and index your server log is ingested into
2) identify the last time the server was started
3) run the search for that 5 minute timeframe.

Hopefully your logs will be complete, as long as you haven't set up the conf for that kind of data to send unwanted stuff to the nullqueue.

0 Karma
Reply
Get Updates on the Splunk Community!

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

New Release | Splunk Cloud Platform 10.1.2507

Hello Splunk Community!We are thrilled to announce the General Availability of Splunk Cloud Platform 10.1.2507 ...

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

🗣 You Spoke, We Listened  Audit Trail v2 wasn’t written in isolation—it was shaped by your voices.  In ...