Hello
I am trying to figure out how I can do this:
I have a saved search that runs on server A and I want to secure copy (scp) those results to server B. How can I accomplish this? I know that I can have a script execute after the search is run, but all I want to do is simply scp the results from one folder to a different folder on a different server.
Any ideas on how I can do this?
Thanks for the assistance!
Syntaxe to use SCPcommand(first install SSH on ServerA and ServerB).
to Copy an file from serveurA to serveurB:
> scp LoginA@ServerA:pathA/file_nameA LoginB@ServerB:pathB/file_nameB
to Copy an file from curent directory to another server directory :
> scp File login@server:path
to Copy an directory , with these sub-directory, to an sever directory :
> scp -r directory login@server:path
in you case you can copy your saved_search directory try like this:
> scp -r your_login_nameA@serverA.com:/etc/splunk/.../saved_search_nameA/ your_login_nameB@serverB.com:/etc/splunk/.../saved_search_nameB/
or to copy saved_search file:
> scp your_login_nameA@serverA.com:/etc/splunk/.../saved_search_file your_login_nameB@serverB.com:/etc/splunk/.../saved_search_directory/
Syntaxe to use SCPcommand(first install SSH on ServerA and ServerB).
to Copy an file from serveurA to serveurB:
> scp LoginA@ServerA:pathA/file_nameA LoginB@ServerB:pathB/file_nameB
to Copy an file from curent directory to another server directory :
> scp File login@server:path
to Copy an directory , with these sub-directory, to an sever directory :
> scp -r directory login@server:path
in you case you can copy your saved_search directory try like this:
> scp -r your_login_nameA@serverA.com:/etc/splunk/.../saved_search_nameA/ your_login_nameB@serverB.com:/etc/splunk/.../saved_search_nameB/
or to copy saved_search file:
> scp your_login_nameA@serverA.com:/etc/splunk/.../saved_search_file your_login_nameB@serverB.com:/etc/splunk/.../saved_search_directory/
Worked great. Now do you know how this could be automated?
Run a cron script on server where reports are saved. Make sure to use cron internal which send report after report search schedule.