product
service
- Simple Security Consulting [Consulting]
- Splunk SOAR Automation Assessment Service [Consulting]
- Dashboard/SPL Creation Pack [Implementation/Building Support]
- Version upgrade service [implementation and construction support]
- Splunk Premium Apps construction support service [implementation and construction support]
- Splunk Security Log Analysis Start Package [Original App/Service]
- Splunk × CrowdStrike Falcon Insight, Macnica Original App [Original App/Service]
- Government uniform standard compatible App [Original App/Service]
- Smart Security Monitoring App [Original App/Service]
- Splunk × LANSCOPE Original App [Original App/Service]
- Security Monitoring App for Box [Original App/Service]
- Cloud Security Monitoring App [Original App/Service]
- SIEM Operation Monitoring Service [Original App/Service]
- List of services
- Macnica Premium Support for Splunk (utilization support, version upgrade monitoring)
- Macnica Premium Support for Splunk Skill Up Package
Specifications/Technical Information
Application for evaluation machine
- FAQ
How to output search results in CSV format in Splunk server
- release date
- 2015-06-01
- last updated
- 2017-12-01
- version
- Splunk Enterprise 6.6.3
- Overview
- How to output search results in CSV format in Splunk server
- Reference information
- content
-
Search result output
Splunk can output the results of searches executed on SplunkWeb in CSV format under $SPLUNK_HOME/var/run/splunk in the Splunk server.
* Path information of $SPLUNK_HOME (for default installation)
Linux OS: /opt/splunkWindows OS: C:\Program Files\Splunkoutput method
Use the outputcsv command to output search results.
Using the outputcsv command, it is possible to save raw data and statistical information obtained from splunk search results in CSV format on the server.
how to use
| outputcsv <保存するファイル名>.csvExample of use
index=_internal | head 10 | table host,source | outputcsv test.csvExecuting the above command will output a file called test.csv.
Destination
The destination directory for saving the output csv file differs for each version.
Please note that there is no way to change the save destination of the csv file other than changing the version.
Output destination: Under $SPLUNK_HOME/var/run/splunk
Target version: 5.0.0 to 5.0.14
6.0.0 to 6.3.3
Output destination: Under $SPLUNK_HOME/var/run/splunk/csv
Target version: 5.0.15~
6.3.4~, 6.4.0~How to check output results on SplunkWeb
The CSV file output by the above procedure can be viewed by using the inputcsv command on SplunkWeb.
- Example of using the inputcsv command
Command example
| inputcsv test.csvBy executing the above command, it is possible to display the contents of the test.csv file on the screen.
that's all
In charge of Macnica Splunk Co., Ltd.
- TEL:045-476-2010
- E-mail:splunk-sales@macnica.co.jp
Mon-Fri 8:45-17:30
