Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How can I export the events that are the result of a search?

steveirogers
Communicator
‎10-11-2010 02:33 PM

How can I export the results of a search? I run a search and I get 922 events. I would like to export (or produce a report) of those results. However, when I try to build a report, I just get the count of the events - not the events themselves? I have tried searching the manual and the knowledge base without success.

Thanks.

Tags (3)
Reply

Genti
Splunk Employee
Splunk Employee
‎10-11-2010 04:50 PM

Multiple choices here Steve, from your search dashboard you can:
- Actions:Save results - for later viewing through Jobs manager page
- Actions:Export results - for exporting to .csv or other available formats
- Actions:Build report... - to build a report of the data. By default the report gets created as | timechourt count if you would like something different, then click on "Define Data using search language"
- Actions:Save search - if you want this to be an automated search. You can have it send you an email alert as well as a csv/pdf of the results.

More on the above in the Users Manual pages..

Reply

Brian_Osburn
Builder
‎10-11-2010 04:00 PM

Can you give an example of the search you are using?

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...