Join the Conversation
- Find Answers
- :
- Using Splunk
- :
- Other Using Splunk
- :
- Reporting
- :
- How to send Splunk report to Unix server
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to send Splunk report to Unix server
Hi Team,
I'm generating a report weekly and sending it across as an email.
However, the team wants this file to be pushed onto a directory on Unix server.
Any idea on how I can achieve this?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Assuming not SHC, create a cron job in the OS of the Search Head that runs every X-minutes looking in the dispatch directory for files named XFERME_<destination>_<real_name_starts_here>.csv which does sftp then rm. Create them using |outputcsv.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
sorry couldnt get this.
Currently I'm spitting certain piece of info on logs and delimitting it using '|' character.
From Splunk search using regex_raw , eval and split i'm getting the desired data generated in columns.
I have added a report and scheduled it to send on necessary mail ID everyday using schedule -> actions in reporting.
However now the team wants the same report to be pushed on to a FTP server location. How can i acheive this ?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
One option is to create your custom alert action (Ref https://docs.splunk.com/Documentation/Splunk/8.0.0/AdvancedDev/ModAlertsIntro) to achieve this, in this option you need to write script.
Other option is, this add-on https://splunkbase.splunk.com/app/4398/ might work but I never tried this add-on.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This may help you:
https://answers.splunk.com/answers/51140/save-reports-in-shared-folders.html
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Agent Mode Engaged! Enchaining Agentic Operations with Splunk AI Assistant 2.0
Announcing Modern Navigation: A New Era of Splunk User Experience
Modernize your Splunk Apps – Introducing Python 3.13 in Splunk
