Is there a way to export large volume of raw data out of an index?
There seems to be a limit of 10000 lines. outputcsv seems to do it ok in csv format, but is there outputtext which allows u...
Is there a way to convert all the raw data of a particular index to a file.
We have ingested data from files to splunk. The rawdata of that index is over 500GB. We would like to convert the raw d...
...ow to do it correctly .
Second ,
I read the http://docs.splunk.com/Documentation/Splunk/5.0/SearchReference/Outputtext, but where to use the syntax of outputtext , command or others ?
--
b...
...ourcetype="blah" |reverse |outputtext usexml=false | rename _xml as raw | fields raw | fields - _* | outputcsv C:/Temp/results.txt
I get results but a message saying
Could not write to file 'C...
Hi, I have an issue with map command. The query is:
index=myindex field=value |stats count by host| map maxsearches=100 search="search index=myindex host=$host$|outputtext usexml=false |fields r...
Hello,
I have a dbxquery, that returns a table, where I am interested in one column, let us say c1.
Then in my search I have to unfortunately execute the map command, that wipes all the variable...
I have the following search:
|makeresults | eval trigger=0|eval decision=if(trigger==1,
[
| makeresults
|rename comment AS " *********************************** Set the list of hosts **********...
Hi,
i'm extracting data with the outputcsv command, but in the file there are not all the events returned by the search. I've already modified the value of maxresultrows in [restapi] stanza, are...
Greetings,
I am trying to output an IP address from a search to a script. My goal is to have the search call a script to block IP it finds. Below is my search and an example of its results.
M...