I using the following command to retrieve a particular macro search result.
curl -k -u admin:admin https:// :8089/services/search/jobs/export --data search="search `network_macro(index_name,report_name,server_name,1h)`" -d output_mode=csv
Expected result:
"_time",ServerName,Freq,Bandwidth
"2013-06-03 06:00:00.000 UTC",server1,"74.730000",""
"2013-06-03 07:00:00.000 UTC",server2,"74.730000",""
But the actual result is :
"_time",ServerName,Freq
"2013-06-03 06:00:00.000 UTC",server1,"74.730000"
"2013-06-03 07:00:00.000 UTC",server2,"74.730000"
The column that have empty result has not been returned.
But it is worked well while using
search/jobs/{search_id}
search/jobs/{search_id}/results commands.
I am using Splunk 4.3.1 .
How can we get those empty result columns by using the search/jobs/export url.
... View more