Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Export unlimited results from CLI search - not working

Branden
Builder
‎01-26-2022 11:54 AM

Hi. I am running a Splunk query from the CLI and would like to export the results as rawdata to a file.  When I specify a value in maxout, it honors that number and exports the correct number of events. However, I want all of the events - unlimited. So I set maxout to 0, per the documentation. When I do this, it exports nothing. The search just sits there forever, exporting nothing. Even if it's a quick and simple search. 

Here is my query:

splunk search "index=ldap earliest=01/24/2022:00:00:01 latest=01/25/2022:23:59:00" -output rawdata -maxout 0 > /mnt/splunk-backups/test/ldap-raw-test.log

 I want all events to be outputted as rawdata to the specified file.

Am I missing something?

We are running Splunk Enterprise 8.1.4.

Thanks in advance!

Labels (1)
Labels
Tags (3)
0 Karma
Reply
Get Updates on the Splunk Community!

Devesh Logendran, Splunk, and the Singapore Cyber Conquest

At this year’s Splunk University, I had the privilege of chatting with Devesh Logendran, one of the winners in ...

There's No Place Like Chrome and the Splunk Platform

WATCH NOW!Malware. Risky Extensions. Data Exfiltration. End-users are increasingly reliant on browsers to ...

Customer Experience | Join the Customer Advisory Board!

Are you ready to take your Splunk journey to the next level? 🚀 We invite you to join our elite squad ...