- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to export daily dataset to csv file?
Hi,
I need a help in creating a daily csv export to a file from a data set for 24 hrs . I have a data set under Search & Reporting >>Datasets >>my dump report. now when i click on the my dump report it gives me report for any specific condition / time / period what ever i like and then i am able to download the same as csv file . I need help to create a daily automatic job of the same so that after every 24 hrs ( each day from 00:00:00 hrs to 23:59:00 hrs ) the report is created and saved / exported to a specific folder / disk with date_Month_year wise folder / file . Kindly help me / guide me for the same . i am trying on splunk installed on windows.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Sir,
Greetings . Thanks for help . As i am very new to Splunk so i was not able to figure out the solution you shared though i read the documentation shared by you . I need more help in creating this solution to get the desired output . Regarding moving the csv file from Splunk Base that i can handle. Can you help me further in this regard.
Regards
Rayees
Hi Sir,
Greetings . Thanks for help . As i am very new to Splunk so i was not able to figure out the solution you shared though i read the documentation shared by you . I need more help in creating this solution to get the desired output . Regarding moving the csv file from Splunk Base that i can handle. Can you help me further in this regard. I have attached the screen shots.
Regards
Rayees
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @Rayees,
you should modify your search adding the outputcsv command at the end of your search (https://docs.splunk.com/Documentation/Splunk/9.0.2/SearchReference/Outputcsv) and create an alert using this search.
The only problem is that the csv can be saved in a fixed (and not configurable) folder: $SPLUNK_HOME\var\run\splunk\csv
This means that you have also to create a script that mopves the csv in the desidered folder.
Ciao.
Giuseppe
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Sir,
Greetings . Thanks for help . As i am very new to Splunk so i was not able to figure out the solution you shared though i read the documentation shared by you . I need more help in creating this solution to get the desired output . Regarding moving the csv file from Splunk Base that i can handle. Can you help me further in this regard.
Regards
Rayees
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @Rayees ,
I don't know your search, but if it' something like this:
<your_search>
| timechart span=1h count BY hostyou have to add the outputcsv at the end of your search:
<your_search> earliest=-24h@h latest=@h
| timechart span=1h count BY host
| outputcsv your_csv_file.csvand save it as an alert scheduled e.g. at 1 AM in [Save As > Alert > Run every day > Run at 1.00 > Save]
In this way you'll have the file in the $SPLUNK_HOME\var\run\splunk\csv folder, so you can schedule a shell script to move it in another folder.
Ciao.
Giuseppe
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @Rayees,
if this answer solves your need, please accept it for the other people of Community or tell me how I can help you.
Ciao and happy splunking.
Giuseppe
P.S.: Karma Points are appreciated by all the Contributors;-)
