Reporting

What's the best way to export a report from Splunk to another file server?

ling00
New Member

Trying to find the best way to export a Splunk report to another file server for a random user to download and view the report rather than giving direct access to the Splunk host.

0 Karma

mikclrk
Explorer

Automated transfer is fairly simple - just use FTP. Either at the end of your report generation script or set up a batch job with cron to watch a directory and ftp and new files up to your target server. Not really anything I'd expect Splunk to do.

0 Karma

harsmarvania57
SplunkTrust
SplunkTrust

If I am understanding your question that you want to export/transfer CSV files from splunk to other servers which was generated by splunk scheduled searches ? Then it is possible, you can create Custom Alert Action with customized script which will fetch generated results.csv.gz file from dispatch directory, uncompress it and send it to other server over SFTP.

0 Karma

ling00
New Member

thanks, however this only creates report . but keep part of question is how to transfer this report to share server from time to time by automated way

0 Karma

Richfez
SplunkTrust
SplunkTrust

"Best" is relative, but something you might find useful:

Assuming you have to refresh this every now and then,

  1. Create the search you want
  2. Save As to a new dashboard, name the dashboard appropriately so you can find it later
  3. Find/display the dashboard, your search shows up
  4. Click Export in the upper right, select Export PDF
  5. Save it where you'd like it to be.

Then, when you need to refresh it you can just run steps 3, 4 and 5.
Happy Splunking!
-Rich

0 Karma

ling00
New Member

thanks, however this only creates report . but keep part of question is how to transfer this report to share server from time to time by automated way

0 Karma

niketn
Legend

@ling00, easiest thing to do would be to migrate savedsearches.conf file from your app's local folder i.e. typically: $SPLUNK_HOME/etc/apps/<YourAppName>/local

However, based on the complexity of your report code, it might have various dependencies on Knowledge Object and may fail if you just move the above file name. So, it would be better to package your App and deploy on the new server. PS: This will also deploy existing Dashboards and Alerts. App packaging comes with a lot of configurations and considerations for dependencies. Refer to App packaging checklist and steps on Splunk Dev site: http://dev.splunk.com/view/webframework-developapps/SP-CAAAEMY

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...