Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How can I export the events that are the result of a search?

steveirogers
Communicator
‎10-11-2010 02:33 PM

How can I export the results of a search? I run a search and I get 922 events. I would like to export (or produce a report) of those results. However, when I try to build a report, I just get the count of the events - not the events themselves? I have tried searching the manual and the knowledge base without success.

Thanks.

Tags (3)
Reply

Genti
Splunk Employee
Splunk Employee
‎10-11-2010 04:50 PM

Multiple choices here Steve, from your search dashboard you can:
- Actions:Save results - for later viewing through Jobs manager page
- Actions:Export results - for exporting to .csv or other available formats
- Actions:Build report... - to build a report of the data. By default the report gets created as | timechourt count if you would like something different, then click on "Define Data using search language"
- Actions:Save search - if you want this to be an automated search. You can have it send you an email alert as well as a csv/pdf of the results.

More on the above in the Users Manual pages..

Reply

Brian_Osburn
Builder
‎10-11-2010 04:00 PM

Can you give an example of the search you are using?

0 Karma
Reply
Get Updates on the Splunk Community!

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Accelerating Observability as Code with the Splunk AI Assistant

We’ve seen in previous posts what Observability as Code (OaC) is and how it’s now essential for managing ...