Reporting

How to secure copy (SCP) saved search results on ServerA to ServerB?

tkwaller
Builder

Hello

I am trying to figure out how I can do this:
I have a saved search that runs on server A and I want to secure copy (scp) those results to server B. How can I accomplish this? I know that I can have a script execute after the search is run, but all I want to do is simply scp the results from one folder to a different folder on a different server.

Any ideas on how I can do this?

Thanks for the assistance!

Tags (2)
1 Solution

fdi01
Motivator

Syntaxe to use SCPcommand(first install SSH on ServerA and ServerB).

to Copy an file from serveurA to serveurB:
> scp LoginA@ServerA:pathA/file_nameA LoginB@ServerB:pathB/file_nameB

to Copy an file from curent directory to another server directory :
> scp File login@server:path

to Copy an directory , with these sub-directory, to an sever directory :

> scp -r directory login@server:path

in you case you can copy your saved_search directory try like this:

> scp -r your_login_nameA@serverA.com:/etc/splunk/.../saved_search_nameA/  your_login_nameB@serverB.com:/etc/splunk/.../saved_search_nameB/

or to copy saved_search file:

> scp  your_login_nameA@serverA.com:/etc/splunk/.../saved_search_file  your_login_nameB@serverB.com:/etc/splunk/.../saved_search_directory/

View solution in original post

fdi01
Motivator

Syntaxe to use SCPcommand(first install SSH on ServerA and ServerB).

to Copy an file from serveurA to serveurB:
> scp LoginA@ServerA:pathA/file_nameA LoginB@ServerB:pathB/file_nameB

to Copy an file from curent directory to another server directory :
> scp File login@server:path

to Copy an directory , with these sub-directory, to an sever directory :

> scp -r directory login@server:path

in you case you can copy your saved_search directory try like this:

> scp -r your_login_nameA@serverA.com:/etc/splunk/.../saved_search_nameA/  your_login_nameB@serverB.com:/etc/splunk/.../saved_search_nameB/

or to copy saved_search file:

> scp  your_login_nameA@serverA.com:/etc/splunk/.../saved_search_file  your_login_nameB@serverB.com:/etc/splunk/.../saved_search_directory/

tkwaller
Builder

Worked great. Now do you know how this could be automated?

0 Karma

hemendralodhi
Contributor

Run a cron script on server where reports are saved. Make sure to use cron internal which send report after report search schedule.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...