Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How can I export the events that are the result of a search?

steveirogers
Communicator
‎10-11-2010 02:33 PM

How can I export the results of a search? I run a search and I get 922 events. I would like to export (or produce a report) of those results. However, when I try to build a report, I just get the count of the events - not the events themselves? I have tried searching the manual and the knowledge base without success.

Thanks.

Tags (3)
Reply

Genti
Splunk Employee
Splunk Employee
‎10-11-2010 04:50 PM

Multiple choices here Steve, from your search dashboard you can:
- Actions:Save results - for later viewing through Jobs manager page
- Actions:Export results - for exporting to .csv or other available formats
- Actions:Build report... - to build a report of the data. By default the report gets created as | timechourt count if you would like something different, then click on "Define Data using search language"
- Actions:Save search - if you want this to be an automated search. You can have it send you an email alert as well as a csv/pdf of the results.

More on the above in the Users Manual pages..

Reply

Brian_Osburn
Builder
‎10-11-2010 04:00 PM

Can you give an example of the search you are using?

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...