Trying to find the best way to export a Splunk report to another file server for a random user to download and view the report rather than giving direct access to the Splunk host.
Automated transfer is fairly simple - just use FTP. Either at the end of your report generation script or set up a batch job with cron to watch a directory and ftp and new files up to your target server. Not really anything I'd expect Splunk to do.
If I am understanding your question that you want to export/transfer CSV files from splunk to other servers which was generated by splunk scheduled searches ? Then it is possible, you can create Custom Alert Action with customized script which will fetch generated results.csv.gz
file from dispatch directory, uncompress it and send it to other server over SFTP.
thanks, however this only creates report . but keep part of question is how to transfer this report to share server from time to time by automated way
"Best" is relative, but something you might find useful:
Assuming you have to refresh this every now and then,
Then, when you need to refresh it you can just run steps 3, 4 and 5.
Happy Splunking!
-Rich
thanks, however this only creates report . but keep part of question is how to transfer this report to share server from time to time by automated way
@ling00, easiest thing to do would be to migrate savedsearches.conf
file from your app's local folder i.e. typically: $SPLUNK_HOME/etc/apps/<YourAppName>/local
However, based on the complexity of your report code, it might have various dependencies on Knowledge Object and may fail if you just move the above file name. So, it would be better to package your App and deploy on the new server. PS: This will also deploy existing Dashboards and Alerts. App packaging comes with a lot of configurations and considerations for dependencies. Refer to App packaging checklist and steps on Splunk Dev site: http://dev.splunk.com/view/webframework-developapps/SP-CAAAEMY