How to export search results into a text file usin...

mbasharat · ‎04-05-2022

Hi,

I am exploring some options for exporting data into text file from Splunk. I have a scheduled saved search which produces results like below in statistical table format. I need this to be written to a .txt file. Results written need to be appended to existing txt file.

count index sourcetype time results

0 A B 04/05/2022 00:00:00 Success exceeds Failures

Thanks in-advance!!!!!!

mayurr98 · ‎04-05-2022

see if this helps !

https://community.splunk.com/t5/Splunk-Search/Export-results-to-txt/m-p/105583

mbasharat · ‎04-05-2022

I tried but thats for raw. I tried using it for stats table and it did not generate anything in specified directory.

mayurr98 · ‎04-05-2022

you would need to format the output

<your search>
| table count index sourcetype time results 
| eval _raw = mvzip(mvzip(mvzip(mvzip(count, index, " "), sourcetype, " "),time, " "),results, " ")
| outputtext usexml=false | rename _xml as raw | fields raw | fields - _* | outputcsv append=t results.txt

mbasharat · ‎04-05-2022

Quick Q. The file frim savedsearch will be written on SH correct? We have SH cluster. Also, can path be defined at SPL level? Thanks.

mayurr98 · ‎04-06-2022

I do not think you can change the path explicitly in SPL

https://community.splunk.com/t5/Getting-Data-In/How-to-change-the-location-a-saved-search-outputs-a-...

however, you can write cron jobs to move the file on OS level.

mbasharat · ‎04-05-2022

Understood. Testing it for output. Will update shortly. Thank you.

How to export search results into a text file using search

eval

other

stats

table

How to Monitor Google Kubernetes Engine (GKE)

Index This | How can you make 45 using only 4?

Splunk Education Goes to Washington | Splunk GovSummit 2024