How to get SharePoint excel files in to Splunk?

kiran331 · ‎12-12-2016

Hi

What is the best practice to get the SharePoint excel files, which will be added every week to get in to Splunk as lookups?

nabeel652 · ‎12-19-2016

The best way is to pull the SharePoint list through a PowerShell Script and ingest in Splunk and schedule it through your heavy/light forwarder. Send the XML query that will look like this:
-- snip
< List>
< Query>
< Where>
< And>
< Geq>
< FieldRef Name='EventDate'/>
< Value Type='DateTime'>
< Today/>
< /Value>
< /Geq>
< Leq>
< FieldRef Name='EventDate'/>
< Value Type='DateTime'>
< Today OffsetDays='+30'/>
< /Value>
< /Leq>
< /And>
< /Where>
< /Query>
< /List>
-- endsnip

Use GetSPList command in Powershell to send the query and receive the results. You may need to install SPClient_x64 or SPClient_x86 based on your system. Cheers

user1 · ‎11-10-2022

Hi, I am a novice user and I need my dashboard to take the data from an excel that is in sharepoint, could you send a sample script? What are the steps to incluye it in splunk?

Thank you very much

How to get SharePoint excel files in to Splunk?

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms