Reporting

How to send search reports to a network share

PaulJGreene
Explorer

A previous splunk admin had some daily search reports in PDF format coming from the splunk server (version 6.6.4 running on Windows 2012) being sent to a remote NFS file share on a Linux file server.
The NFS file share was moved to a different host, which broke sending the daily reports.
Fixing it should be easy - just edit the script that's sending the reports to the NFS share and point to the new host, but I'm pretty new to splunk and can't figure out where such a configuration might be.
Where would the normal location be for such a script to reside? Or, how would that be configured within the Splunk GUI console?
Thanks in advance

0 Karma
1 Solution

PaulJGreene
Explorer

Oh, I finally figured it out. The previous admin had configured scripts on the remote share to pull the reports from the Splunk server - the Splunk server wasn't pushing the reports to the NFS share.

Thank you to richgalloway for the response

View solution in original post

0 Karma

PaulJGreene
Explorer

Oh, I finally figured it out. The previous admin had configured scripts on the remote share to pull the reports from the Splunk server - the Splunk server wasn't pushing the reports to the NFS share.

Thank you to richgalloway for the response

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Go to Settings->Searches, reports, and alerts and look for the report name. Edit the report query to see where the results are saved. Create a new NFS mount point at that location.

---
If this reply helps you, Karma would be appreciated.
0 Karma

PaulJGreene
Explorer

I don't see any field where you enter an NFS mount. Do you specify a destination where you want the report to go at the end of the query string (as I've seen mentioned in some other related posts?)
Because this splunk server is running on Windows and doesn't have a native NFS client, does the splunk application handle the NFS communication?

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...