Reporting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How can I export/list out all reports in splunk

mkgoh
Engager
‎02-11-2015 07:34 PM

I would like to export my current existing reports / alerts for record and backup purpose, or maybe import to another new splunk system.

Tags (1)
Reply

lmyrefelt
Builder
‎02-12-2015 01:06 AM

You are better of collecting them in something that is called an "App".
This is easily done in the Splunk-UI, "Apps-menu > Manage Apps > Create APP" . Give it a fitting name.

From the app menu you should now be able to find / see your app, go there and do your work inside this. Or move the already created reports, views etc into this new app. This is also easily done from within the Splunk-UI and accessible from the "Settings" menu.
This also makes it very easy to share the contents and or setup more detailed permissions on your work.

It also makes it super easy to distribute and to install the same app / content on any number of Splunk servers ... and if you create something awesome you can upload and share it in apps.splunk.com .

Good reading for you;
http://docs.splunk.com/Documentation/Splunk/6.2.1/SearchTutorial/Aboutsavingandsharingreports

http://docs.splunk.com/Documentation/Splunk/6.2.1/Knowledge/CurateSplunkknowledgewithManager

As already stated you can use the different API:s to access and list this information, however if you collect your creations within an app , it will be easily sharable , easily accessible and you can tighten permissions, deploy to whatever number of splunk servers you like.

0 Karma
Reply

acharlieh
Influencer
‎02-11-2015 08:30 PM

All saved searches, and other knowledge objects are written to various .conf files in the $SPLUNK_HOME$/etc directory. This list of configuration files and Overview of configuration files may be of interest to you as a starting point.

Additionally there are some REST endpoints, such as /servicesNS/-/-/saved/searches, and /servicesNS/-/-/directory among others that you may be interested in invoking in a programmatic manner (or with the |rest command in splunkweb as well.

0 Karma
Reply
Get Updates on the Splunk Community!

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...