- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Export to dump with wrong values in fields
Hi,
I'm trying to export some data with the dump command, the data from the dump is not exported correctly, some values are being inserted in wrong fields, example: "TimeStamp":"20", "UserID": "2018-12-11T17:20:33.000Z", should be in reverse order...
The same command in the search query of splunk work's well, and the fields are showed correctly, only the parse for the dump is not corrected, anyone can help?
Thank you
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can run the search via CLI or RestAPI..
https://docs.splunk.com/Documentation/Splunk/7.2.1/Search/ExportdatausingCLI
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The output of the dump with CLI or RestAPI is the same... so changing the way, doesn't fix the problem with the dump...
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I mean to say is run a splunk search via CLI or RestAPI to export the data instead of dump, something like this..
splunk search "index=_internal earliest=09/14/2015:23:59:00 latest=09/16/2015:01:00:00 " -output rawdata -maxout 200000 > c:/test123.dmp
curl -u admin:changeme \
-k https://localhost:8089/servicesNS/admin/search/jobs/1423855196.339/results/ \
--get -d output_mode=json -d count=5
