How to send Splunk report to Unix server

aqaadi · ‎11-04-2019

Hi Team,

I'm generating a report weekly and sending it across as an email.
However, the team wants this file to be pushed onto a directory on Unix server.

Any idea on how I can achieve this?

woodcock · ‎11-04-2019

Assuming not SHC, create a cron job in the OS of the Search Head that runs every X-minutes looking in the dispatch directory for files named XFERME_<destination>_<real_name_starts_here>.csv which does sftp then rm. Create them using |outputcsv.

aqaadi · ‎12-03-2019

sorry couldnt get this.

Currently I'm spitting certain piece of info on logs and delimitting it using '|' character.
From Splunk search using regex_raw , eval and split i'm getting the desired data generated in columns.
I have added a report and scheduled it to send on necessary mail ID everyday using schedule -> actions in reporting.

However now the team wants the same report to be pushed on to a FTP server location. How can i acheive this ?

harsmarvania57 · ‎11-04-2019

One option is to create your custom alert action (Ref https://docs.splunk.com/Documentation/Splunk/8.0.0/AdvancedDev/ModAlertsIntro) to achieve this, in this option you need to write script.

Other option is, this add-on https://splunkbase.splunk.com/app/4398/ might work but I never tried this add-on.

mayurr98 · ‎11-04-2019

This may help you:

https://answers.splunk.com/answers/51140/save-reports-in-shared-folders.html

How to send Splunk report to Unix server

Enterprise Security Content Update (ESCU) | New Releases

Announcing the 1st Round Champion’s Tribute Winners of the Great Resilience Quest

We’ve Got Education Validation!