Methods to export reports

rlautman · ‎04-10-2013

I am looking into the different methods that can be used to extract reports from Splunk - I have recently had a request from a team for whom I create a daily report on Splunk and mail to them. They are now asking that this report be automated (I have asked a question regarding this here) and that this automated report be forwarded to them to be used in an Information Tool via one of the following 3 methods:

Use a webservice to retrieve the report and place it in their tool
Send the report to a Sharepoint site for them to retrieve the information from
Send the report to a SQL server

Are these methods of extraction possible with Splunk? Or is there another method that anyone could suggest?

jonuwz · ‎04-10-2013

Not out the box.

There's 2 options.

run a script when the saved search runs. One of the arguments is the location of the file that contains the results. Parse it, then send the results to wherever.
Write it all in python / java - there are SDKs that allow you to get data out of splunk. So you could periodically run this script / program to populate the other tool without relying on splunk to do the scheduling.

jonuwz · ‎04-10-2013

sdk overviews

rlautman · ‎04-10-2013

Great, thanks for the tips - could you recommend some SDKs so I can take a look?

Methods to export reports

Join Us at the Builder Bar at .conf24 – Empowering Innovation and Collaboration

Combine Multiline Logs into a Single Event with SOCK - a Guide for Advanced Users

Everything Community at .conf24!