Splunk Search

Is it possible in Splunk to trigger a search, generate a report, and email it or save the report in some location?

smolcj
Builder

Hi Team,

I would like to know if it is possible in Splunk to trigger a search (with regular expressions), generate the report, and return it through an email / save in some location ??

We are doing a POC to know if we can integrate Splunk to our support ticket system (we use Salesforce for raising ticket and interacting with customers).

Let me know your thoughts.
Thanks in advance.

Tags (3)
0 Karma

woodcock
Esteemed Legend

If you are going the email route, then it is exceedingly straight-forward as @jimodonald says. If you need an automatic ftp-based solution, then first decide on a naming convention for your files (e.g. "MySillyFiles-YYYY-MM-DD.csv"). Then setup a cron job on your Search Head to look for files in $SPLUNK_HOME/var/run/splunk/ and transfer them to your share (deleting them afterwards). Lastly, setup a saved search to generate the report data and end the search command with | outputcsv.

0 Karma

smolcj
Builder

Hi woodcock,
i see splunk 6 also we cannot use pdf option for advanced xml. I have created views with advanced xml and need to generate pdf of the entire view.

I am searching in side view utils, if that have any improvisation that can help me.

Thank you

0 Karma

woodcock
Esteemed Legend

This is a completely different question so you should ask a new question for this. Additionally, you should "Accept" an answer under this question to close it off, since the original question was answered adequately.

0 Karma

jimodonald
Contributor

Scheduling reports and having the report emailed is well documented in the Reporting Manual. Please reference it here: http://docs.splunk.com/Documentation/Splunk/6.2.3/Report/Schedulereports

I am not aware of a simple method to save the PDF to a specific location. I'm sure it is possible, but I've not come across that need yet.

0 Karma

smolcj
Builder

Hi jim

Thank you for answering.
I see pdf will be a better option for me than csv as i have colorful bar chart dashboards in my view.

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...