Exporting Data

With Splunk web-platform access, data can be extracted in a number of ways. Results from search queries, dashboard panels, reports, and datasets can all be exported for use in external systems.

Note: Before exporting results, you might want to try analyzing them directly within Splunk Enterprise.

Check out the Splunk Quick Reference Guide

Exporting Search Results

Search Results can be exported in multiple ways. For detailed documentation please visit Splunk’s Export Search Results page. Results can quickly be formatted into CSV, JSON, & XML files.

Perhaps the best place to start is showing a step-by-step method for exporting search results. For this example, we will be attempting to create a CSV file with the average price for BTC on Coinbase for the USD/BTC market every 10 minutes for the last 24 hours. This example is being run on Dec 16th, 2019.

  1. Create your search query.
    index="financial" sourcetype="ohlcv" symbol="BTC" base="USD" market_venue="COINBASE"
| fields _time open high low close
| eval typical_price=(open+high+low+close)/4
| timechart span=10m avg(typical_price)
  2. Run your search and review the results. Select the Export Icon.

  1. Choose your file format and name. Limit the number of results, or leave this field blank to download all results.

  1. Select “Export” and choose the file download location.

  1. Navigate to the file and open with your software.

Exporting Individual Dashboard Panels

  1. Choose a dashboard panel you want to export statistics from.
  2. To export a dashboard panel, you can follow the exact same steps we used for exporting search results in two different ways:
    • Select the Export Icon and continue from step #3 in “Exporting Search Results” - This is the faster method.
    • Open the panel in a search using the magnifying glass icon. Follow from step #2 in “Exporting Search Results” - This method allows you to review the results before exporting.

Printing PDF reports

Splunk Documentation for generating PDF reports/dashboards: https://docs.splunk.com/Documentation/Splunk/7.3.0/Report/GeneratePDFsofyourreportsanddashboards