How to use the outputcsv command - Security Business -Macnica

Security business menu

Security business
HOME

To be elected
cause

Service

Handling Manufacturer

Examples/reports/
Blog/Glossary

Seminar/
video on demand

TOP

Products/Services

Specifications/Technical Information

Specifications/Technical Information

solution

solution

User stories

support

Seminar content

Evaluation machine application/FAQ

Application for evaluation machine
- Splunk Evaluation Download
FAQ

Document request

inquiry

Event/Seminar

video on demand

How to use the outputcsv command

release date: 2015-06-01

last updated: 2025-04-16

version: Splunk Enterprise 9.4.0

Overview: How to use the outputcsv command

Reference information

content

Search result output

In Splunk, the results of searches performed on SplunkWeb can be output in CSV format to $SPLUNK_HOME/var/run/splunk/csv on the Splunk server.

* Path information of $SPLUNK_HOME (for default installation)
Linux OS: /opt/splunk
Windows OS: C:\Program Files\Splunk

output method

Use the outputcsv command to output search results.

Using the outputcsv command, it is possible to save raw data and statistical information obtained from splunk search results in CSV format on the server.

how to use

| outputcsv <保存するファイル名>.csv

Example of use

index=_internal | head 10 | table host,source | outputcsv test.csv

Executing the above command will output a file called test.csv.

*The outputcsv command is designated as a high-risk command, so a warning is output when it is executed. When a warning is output, you can select the next action from "Cancel," "Execute," or "Investigate," and if you select "Execute," the command will be executed as is. For more information, please refer to the official Splunk documentation below.

https://docs.splunk.com/Documentation/Splunk/9.4.0/Security/SPLsafeguards

How to check output results on SplunkWeb

The CSV file output by the above procedure can be viewed by using the inputcsv command on SplunkWeb.