Splunk Tutorial
Selected Reading
- Splunk - Discussion
- Splunk - Useful Resources
- Splunk - Quick Guide
- Splunk - Stats Command
- Splunk - Top Command
- Splunk - Sort Command
- Splunk - Monitoring Files
- Splunk - Custom Chart
- Splunk - Removing Data
- Splunk - Apps
- Splunk - Tags
- Splunk - Calculated Fields
- Splunk - Managing Indexes
- Splunk - Sparklines
- Splunk - Overlay chart
- Splunk - Basic Chart
- Splunk - Event Types
- Splunk - Search Macros
- Splunk - Subseraching
- Splunk - Knowledge Management
- Splunk - Schedules and Alerts
- Splunk - Lookups
- Splunk - Pivot & Datasets
- Splunk - Dashboards
- Splunk - Reports
- Splunk - Transforming commands
- Splunk - Search Optimization
- Splunk - Search Language
- Splunk - Sharing and Exporting
- Splunk - Time Range Search
- Splunk - Field Searching
- Splunk - Basic Searching
- Splunk - Source Types
- Splunk - Data Ingestion
- Splunk - Interfaces
- Splunk - Environment
- Splunk - Overview
- Splunk - Home
Selected Reading
- Who is Who
- Computer Glossary
- HR Interview Questions
- Effective Resume Writing
- Questions and Answers
- UPSC IAS Exams Notes
Splunk - Sharing and Exporting
Splunk - Sharing Exporting
When you run a search query, the result is stored as a job in the Splunk server. While this job was created by one specific user, it can be shared across with other users so that they can start using this result set without the necessity of building the query for it again. The results can also be exported and saved as files which can be shared with users who do not use Splunk.
Sharing the Search Result
Once a query has run successfully, we can see a small upward arrow in the middle right of the web page. Cpcking on this icon gives a URL where the query and the result can be accessed. There is a need to grant permission to the users who will be using this pnk. Permission is granted through the Splunk administration interface.
Finding the Saved Results
The jobs that are saved to be used by all users with appropriate permissions can be located by looking for the jobs pnk under the activity menu in the top right bar of the Splunk interface. In the below image, we cpck on the highpghted pnk named jobs to find the saved jobs.
After the above pnk is cpcked, we get the pst of all the saved jobs as shown below. He, we have to note that there is an expiry date post where the saved job will automatically get removed from Splunk. You can adjust this date by selecting the job and cpcking on Edit selected and then choosing Extend Expiration.
Exporting the Search Result
We can also export the results of a search into a file. The three different formats available for export are: CSV, XML and JSON. Cpcking on the Export button after choosing the formats downloads the file from the local browser into the local system. This is explained in the below image −
Advertisements