Hi fellow splunkers,
my question for today is, if I could somehow save reports for later use.
I run a report everyday at midnight over the data that got collected yesterday. I want to save the reported data into CSV or PDF.
I want to store the report for at least 10 days so users have 10 days to view it in splunk.
I also want to give users some kind of list, where they then are able to click on a report.
Is it possible to save the reported data and store it somewhere for later use?
Is it possible to save a history of reports for a specific time period and let a user choose which report they wanna view?
We used the
collect command to save the report details to a
Summary Index and then created a
macro (you could also create a
form) to reconstitute the results. Before sending the data to
collect, we added
|addinfo|streamstats current=f count as serial to mark each line number and add the
info_sid so that the event ordering can be reconstituted and different sets of data (reports) can be discriminated.
To get data back just do something like this:
index=MySummaryIndex info_sid=MyReportSid | sort 0 serial | table My List Of Fields And Their Order Here