Export search results overview

This topic tells you how to export search results and forward data to third-party systems.

What are the available export methods?

You can export data using the following methods:

• Splunk Web
• The command line interface (CLI) (not available to Splunk Cloud subscribers)
• Splunk Software Development Kits (SDK)
• Representational State Transfer (REST)
• The dump command
• Forward data to 3rd party systems

Splunk apps

• Deploy and Use Splunk App for CEF
• Deploy and Use Splunk DB Connect
• Hadoop Connect
• Install and Use Splunk ODBC Driver with Microsoft Excel
• Install and Use Splunk ODBC Driver with MicroStrategy
• Install and Use Splunk ODBC Driver with Tableau

Export options

The export method you choose depends on the data volumes involved and your level of interactivity. For example, a single on-demand search export through Splunk Web might be appropriate for a low-volume export. Alternatively, if you want to set up a higher-volume, scheduled export, the SDK and REST options work best.

For large exports, the most stable method of search data retrieval is the Command Line Interface (CLI). From the CLI, you can tailor your search to external applications using the various Splunk SDKs. The REST API works from the CLI as well, but is recommended only for internal use.

In terms of level of expertise, the Splunk Web and CLI methods are significantly more accessible than the SDKs and REST API, which require previous experience working with software development kits or REST API endpoints.

Supported export formats

You can export your data to the following formats:

• Raw Events
• CSV
• JSON
• XML