- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Can we save the search result in SPLUNK SERVER?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have a command on splunk server i.e..
" /splunk search ' .. | stats dc(f_name)' -uri "
I have save the result of this in a file, can I do it?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, you can either use the outputlookup or the outputcsv commands.
There are other alternatives too, but those are the ones you can run from the search gui.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
try like :
" ./splunk search ' .. | stats dc(f_name) | outputcsv file_name' -uri "
The file_name.csv file should be located in $SPLUNK_HOME/var/run/splunk. Directory.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
this search is for "Splunk link".
But I need to do in the server itself, by using SPLUNK command?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, you can either use the outputlookup or the outputcsv commands.
There are other alternatives too, but those are the ones you can run from the search gui.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, did this work for you?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, I'm a bit confused about your comments.
In summary, if you want to run your command and save the results to disk from the Splunk server:
./splunk search 'yoursearch | stats dc(f_name)' > yourfilename.txt
If you want to run it from the Splunk GUI:
yoursearch | stats dc(f_name) | outputcsv yourfilename.csv
If none of those two work for you please provide more information.
Thanks,
J
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Both are working fine .
Thanks for the help.
Kind Grass,
Gaurav Pant
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@javiergn .
by the above query I will get the distinct count of field., but with this I also want the current date. Can this be done with this query only?
Ex:- RESULT should be:
dc(f_name) date
100 10th JAN, 2016
can you please help me in this?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sure, something like this should do the trick:
yoursearch
| timechart span=1d dc(f_name)
If you want to group by week, month, etc simply play with the span values
Introducing the Splunk Community Dashboard Challenge!
Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...
Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...
