Hi,
I have uploaded some data files to Splunk for analysis. Those files are no longer available on my server.
Is it possible to download those data files from splunk ?
Regards
Ankit
The data should be available, but depending on how it was ingested, it may not be exactly the same as the original file.
Do a search for source="<my datafile>"
to locate the data. You can then use the Export feature to save the results as raw events on your PC.
You can specify the search command and then pipe it to the csv output. Example:
index=syslog | head 10 | outputcsv rawsyslog.csv
This will save the first 10 records in the syslog index to the rawsyslog.csv file (CSV format) in $SPLUNK_HOME/var/run/splunk.
You can also run the splunk search from command line and export the data. This is probably the best option.
For example, the command below will retrieve the first 10 records from the syslog index and save it to a file called rawsyslog.txt. You will have to adjust your search command accordingly.
C:\Program Files\Splunk\bin>splunk search "index=syslog | head 10" -preview 0 -maxout 0 -output rawdata > rawsyslog.txt
The data should be available, but depending on how it was ingested, it may not be exactly the same as the original file.
Do a search for source="<my datafile>"
to locate the data. You can then use the Export feature to save the results as raw events on your PC.