Export data using Splunk Web

You can export the event data from a search, report, or pivot job to various formats. You can then archive the file, or use the file with a third-party charting application.

Permission requirements for accessing Splunk event logs

To access Splunk event logs, you need to be one of the following:

• admin
• super

Exporting Logs

• Start from the home screen

  

• From the home screen enter the event data you want to export and the date from which you want to export from

  • Enter a Date and enter a date range that covers 30 days and click Apply

    

• After you run a search, report, or pivot, click the Export button. The Export button is one of the Search action buttons.

  

• Use the Export Results window to specify the format and name for your export file:

  

  • Click Format and select the format that you want the search results to be exported in.
  • Optional. In the File Name field, you can type a name for the export file where the event data will be stored. If you do not specify a file name, a file is created using the search job ID as the file name. The search job ID is the UNIX time when the search was run. For example 1463687468_7.csv.
  • Optional. In the Number of Results field, you can specify the number of results that you want to export. If you do not specify a number, all of the events are exported. For example, if you specify 500 in the Number of Results field, only the first 500 results returned from your search are exported.

• Click Export to save the job events in the export file.