Reporting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to export logs from Splunk with host, source and sourcetype fields

jackson_storm
Explorer
‎05-30-2018 02:46 AM

Hello. I have a questions.

How to export logs from Splunk Enterprise with "host", "source" and "sourcetype" fields ?
And how to import these logs into other Splunk Enterprise instance correctly ?

I'm trying to export Windows logs from my current Splunk instance and save it for future usage or upload into other Splunk.
Using "Export" button i can only export raw logs without necessary for me fields("host", "source" and "sourcetype")

Good example is ButterCup Games training logs in Splunk documentation. I need to get something like this.

Reply

splunker12er
Motivator
‎05-31-2018 01:34 AM

How to export logs from Splunk Enterprise with "host", "source" and "sourcetype" fields ? 

<yoursearch> |  table host, source, sourcetype, _raw

Once results are displayed click export to download logs.

How to upload into other Splunk.? (I use CLI command)

splunk add monitor c:\xxxx.log -index yourindexname -source yoursourcename -sourcetype yoursourcetypename -hostname yourhostname
0 Karma
Reply

jackson_storm
Explorer
‎06-06-2018 02:59 AM

What format should i use ?
CSV, XML or JSON ?
Export as raw data is not supported

0 Karma
Reply
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...