Reporting

pushing splunk results automatically

riderofyamaha
Explorer

I have a question regarding having specific splunk data that is automatically searched for exported to a different database automatically. not much information i know, but i cant think of how else to ask, thanks for your input

Tags (1)
1 Solution

hulahoop
Splunk Employee
Splunk Employee

I can think of 3 ways to accomplish this:

  1. Scripted Alert - setup a schedule search which kicks off a script to write the results of the search to a database. Splunk will schedule and execute the search, pass the search results to the script, and the script will handle the DB connection and write. This would be completely automated. How to create a scripted alert.

  2. Custom Search Command - create a Splunk search command which can be used inline on the search bar with any search. Use the search command just like you would the fields, top, stats commands. For example, your search would call this new command like this: ... | export2DB. This calls a python script on the backend to handle the actual DB connection and writes. How to create a custom search command.

  3. Event-Level Workflow - add an option in the event drop-down menu to write the event to the DB. This is similar to the first 2 options, but operates on a per-event basis rather than the entire result set. How to create a workflow action.

I hope this gives you some options. Let us know how you proceed.

View solution in original post

riderofyamaha
Explorer

thank you, very helpfull

0 Karma

Lowell
Super Champion

You may want to check SplunkMSE. See the Splunk MySQL Storage Engine blog entry for additional info.

0 Karma

hulahoop
Splunk Employee
Splunk Employee

I can think of 3 ways to accomplish this:

  1. Scripted Alert - setup a schedule search which kicks off a script to write the results of the search to a database. Splunk will schedule and execute the search, pass the search results to the script, and the script will handle the DB connection and write. This would be completely automated. How to create a scripted alert.

  2. Custom Search Command - create a Splunk search command which can be used inline on the search bar with any search. Use the search command just like you would the fields, top, stats commands. For example, your search would call this new command like this: ... | export2DB. This calls a python script on the backend to handle the actual DB connection and writes. How to create a custom search command.

  3. Event-Level Workflow - add an option in the event drop-down menu to write the event to the DB. This is similar to the first 2 options, but operates on a per-event basis rather than the entire result set. How to create a workflow action.

I hope this gives you some options. Let us know how you proceed.

Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...