Hi,
the outputcsv command seems to work, but when I investigate data, I notice that there are not all the events returned in Splunk from the search. The problem is that the search returns all my events, but they are not written in the csv,
My search is:
index=wineventlog host=host1 OR host=host2 OR host=host3 OR host=host4 |stats count by host| map maxsearches=100 search="search index=wineventlog sourcetype="WinEventLog:Security" host=$host$|sort - _time| outputtext usexml=false |fields raw| fields - _time, xml| outputcsv $host$.txt"
... View more