Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to write splunk output in csv file using python code?

harshal_chakran
Builder
‎12-16-2013 11:10 PM

Hi,

I have created an application using Django Binding, where I have a code in Python in which wrote a search query whose output am willing to save in csv file.
Following is my code:

kwargs_normalsearch = {"exec_mode": "normal"}

searchquery_normal = 'search * |search sourcetype.....'

job = service.jobs.create(searchquery_normal, **kwargs_normalsearch)

for result in results.ResultsReader(job.results()):

c = csv.writer(open("C:/NewFile.csv", "wb"))

c.writerow([result])

When I open the NewFile, it shows output as :

OrderedDict([('Parameter', '221')])

what I want is to show,'Parameter ' as heading and '221' as row value in csv file. Can I even fetch this values from it in order to use it for another purpose.
Please Help...!!!

Tags (4)
Reply
1 Solution
Solved! Jump to solution
Solution

Damien_Dallimor
Ultra Champion
‎12-17-2013 03:08 AM

Here is a simple code example , expand on it as necessary , but it returns the search results in CSV format and dumps to a file.

args = {'host':'somehost','port':8089,'username':'admin','password':'foobar'}
service = Service(**args)
service.login()   

job = service.jobs.create('search index=_internal | head 5', **{"exec_mode": "blocking"})
search_results = job.results(**{"output_mode": "csv"})

f = open("/Users/scoobydoo/NewFile.csv", 'w')

f.write(search_results.read())

View solution in original post

Reply
Solved! Jump to solution
Solution

Damien_Dallimor
Ultra Champion
‎12-17-2013 03:08 AM

Here is a simple code example , expand on it as necessary , but it returns the search results in CSV format and dumps to a file.

args = {'host':'somehost','port':8089,'username':'admin','password':'foobar'}
service = Service(**args)
service.login()   

job = service.jobs.create('search index=_internal | head 5', **{"exec_mode": "blocking"})
search_results = job.results(**{"output_mode": "csv"})

f = open("/Users/scoobydoo/NewFile.csv", 'w')

f.write(search_results.read())
Reply
Solved! Jump to solution

chi
Observer
‎08-06-2020 01:07 PM

I have executed the python query have the results.

The binding response reader results are in bytes and getting the TypeError while writing to CSV

Requesting help to export the search results to a CSV file.

Quick response is highly appreciated.

Thank you

0 Karma
Reply
Solved! Jump to solution

raghav130593
Explorer
‎01-27-2017 02:13 PM

I had a question regarding output_mode for export search. In the export search, there's no search job created and the results are streamed. I wasn't able to find anything conclusive regarding setting output_mode of an export search to 'CSV'. I wanted to know how is it done?

0 Karma
Reply
Solved! Jump to solution

harshal_chakran
Builder
‎12-18-2013 01:14 AM

Thanks Damien,

There is one more question in my mind.Is it possible that I can extract the values from search result , assign it to different variables and perform some arithmetic operations on it before saving it in csv file.??

0 Karma
Reply
Solved! Jump to solution

martindurant
New Member
‎01-21-2015 11:48 AM

How about numpy.loadtxt(search_results, delimiter=',') ?

0 Karma
Reply
Get Updates on the Splunk Community!

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...

Updated Team Landing Page in Splunk Observability

We’re making some changes to the team landing page in Splunk Observability, based on your feedback. The ...

New! Splunk Observability Search Enhancements for Splunk APM Services/Traces and ...

Regardless of where you are in Splunk Observability, you can search for relevant APM targets including service ...