I have been looking in Splunk documentation for a few hours now and I cannot find a good way to send all the results of a saved search as an emailed PDF. I want all lines to be shown for all results. Right now, I can only get the latest 50 results, and only 10 lines per event. How do I make it so that I see everything? I don't really care how big the PDF or email is.
btw, i take it you do care for the nice indentation, the human readable timestamp and the field extraction (host/source/sourcetype)? If so, then it is not raw results that you would like to send to PDF, it is actually parsed/indexed data.
Unfortunately this is the limitation of the PDF server and im not entirely sure but splunk is working on creating some way to make this work.
What can you use in the mean time?
Output to CSV file, use excel or any other type of software to manipulate the data and print to PDF.
Create a view that allows you to show as many events as you want and then print to PDF.
Any other ideas?
.gz