Splunk Search

Is it possible in Splunk to trigger a search, generate a report, and email it or save the report in some location?

Builder

Hi Team,

I would like to know if it is possible in Splunk to trigger a search (with regular expressions), generate the report, and return it through an email / save in some location ??

We are doing a POC to know if we can integrate Splunk to our support ticket system (we use Salesforce for raising ticket and interacting with customers).

Let me know your thoughts.
Thanks in advance.

Tags (3)
0 Karma

Esteemed Legend

If you are going the email route, then it is exceedingly straight-forward as @jimodonald says. If you need an automatic ftp-based solution, then first decide on a naming convention for your files (e.g. "MySillyFiles-YYYY-MM-DD.csv"). Then setup a cron job on your Search Head to look for files in $SPLUNK_HOME/var/run/splunk/ and transfer them to your share (deleting them afterwards). Lastly, setup a saved search to generate the report data and end the search command with | outputcsv.

0 Karma

Builder

Hi woodcock,
i see splunk 6 also we cannot use pdf option for advanced xml. I have created views with advanced xml and need to generate pdf of the entire view.

I am searching in side view utils, if that have any improvisation that can help me.

Thank you

0 Karma

Esteemed Legend

This is a completely different question so you should ask a new question for this. Additionally, you should "Accept" an answer under this question to close it off, since the original question was answered adequately.

0 Karma

Contributor

Scheduling reports and having the report emailed is well documented in the Reporting Manual. Please reference it here: http://docs.splunk.com/Documentation/Splunk/6.2.3/Report/Schedulereports

I am not aware of a simple method to save the PDF to a specific location. I'm sure it is possible, but I've not come across that need yet.

0 Karma

Builder

Hi jim

Thank you for answering.
I see pdf will be a better option for me than csv as i have colorful bar chart dashboards in my view.

0 Karma