Splunk Enterprise Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to make a report or a CSV file from a search result?

ofaheem
New Member
‎03-31-2022 12:26 AM

Hi,

I want to make a report or a CSV file from a search result. However, the search result is more than 7 million. So now I have a few queries:

  • I am trying to save the search; however, whenever I try to open that search to show people how many and what type of events were found, it does not show.
  • How can I make a report or CSV file for more than 7 million events?

Please advise.

Thanks & regard,

Osama Faheem

Labels (1)
Labels
0 Karma
Reply

aasabatini
Motivator
‎03-31-2022 01:26 AM

Hi @ofaheem 

you can use outputlookup command in your search, there aren't limits.

Or you can follow this article

https://www.splunk.com/en_us/blog/tips-and-tricks/help-i-cant-export-more-than-10000-events.html?_ga...

 

“The answer is out there, Neo, and it’s looking for you, and it will find you if you want it to.”
0 Karma
Reply
Get Updates on the Splunk Community!

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

SignalFlow: What? Why? How?

What is SignalFlow? Splunk Observability Cloud’s analytics engine, SignalFlow, opens up a world of in-depth ...

Federated Search for Amazon S3 | Key Use Cases to Streamline Compliance Workflows

Modern business operations are supported by data compliance. As regulations evolve, organizations must ...