Reporting

What's the best way to export a report from Splunk to another file server?

New Member

Trying to find the best way to export a Splunk report to another file server for a random user to download and view the report rather than giving direct access to the Splunk host.

0 Karma

Explorer

Automated transfer is fairly simple - just use FTP. Either at the end of your report generation script or set up a batch job with cron to watch a directory and ftp and new files up to your target server. Not really anything I'd expect Splunk to do.

0 Karma

SplunkTrust
SplunkTrust

If I am understanding your question that you want to export/transfer CSV files from splunk to other servers which was generated by splunk scheduled searches ? Then it is possible, you can create Custom Alert Action with customized script which will fetch generated results.csv.gz file from dispatch directory, uncompress it and send it to other server over SFTP.

0 Karma

New Member

thanks, however this only creates report . but keep part of question is how to transfer this report to share server from time to time by automated way

0 Karma

SplunkTrust
SplunkTrust

"Best" is relative, but something you might find useful:

Assuming you have to refresh this every now and then,

  1. Create the search you want
  2. Save As to a new dashboard, name the dashboard appropriately so you can find it later
  3. Find/display the dashboard, your search shows up
  4. Click Export in the upper right, select Export PDF
  5. Save it where you'd like it to be.

Then, when you need to refresh it you can just run steps 3, 4 and 5.
Happy Splunking!
-Rich

0 Karma

New Member

thanks, however this only creates report . but keep part of question is how to transfer this report to share server from time to time by automated way

0 Karma

Legend

@ling00, easiest thing to do would be to migrate savedsearches.conf file from your app's local folder i.e. typically: $SPLUNK_HOME/etc/apps/<YourAppName>/local

However, based on the complexity of your report code, it might have various dependencies on Knowledge Object and may fail if you just move the above file name. So, it would be better to package your App and deploy on the new server. PS: This will also deploy existing Dashboards and Alerts. App packaging comes with a lot of configurations and considerations for dependencies. Refer to App packaging checklist and steps on Splunk Dev site: http://dev.splunk.com/view/webframework-developapps/SP-CAAAEMY

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!