Saving reports as csv
Updated: 14 Aug 2010 | 1 comment
I was wondering if it was possible to create a report and save the data in csv format.
I can do this in an individual query by clicking 'Export to CSV', but I would like to automate the output of a query so I can then manipulate the data in Excel. Thanks.
Discussion Filed Under:
Comments
Hi Slava00, you can use
Hi Slava00,
you can use simsar tool.
Example:
java -jar /opt/Symantec/simserver/lib/simsar.jar -a /eventarchive/ssim-datastore/2010/01/ -q 'product_id = 8009' -C /etc/ssim/definition/oracle-test.txt -c -S "|" > /eventarchive/ssim-datastore/work/oracle-01.txt
[root@ssimpha work]# java -jar /opt/Symantec/simserver/lib/simsar.jar
Archive home folder is required.
Symantec Security Events Archive v3.00.0043
Copyright (c) 2006-2009 Symantec Corporation. All rights reserved.
Usage: java [Java options] -jar simsar.jar [options]
Command line options:
-h Print this help message and exit.
-V Be extra verbose; shows more information about actions
program is taking.
-a <archive> Input archive folder (required).
-o <folder> Specify where to place generated output archive.
-i <file> Specify alternate indexed event fields file.
-r <file> Redirect stdout to a file.
-m <size> Specify maximum output archive file (.sar) size in MB
Valid range: 1 to 2000, default = 250MB.
-s Specify archive start time (format: MM/dd/yy HH:mm:ss z)
e.g. '09/13/06 19:18:00 PST'.
-e Specify archive end time (format: MM/dd/yy HH:mm:ss z)
e.g. '09/14/06 12:24:05 PST'.
-v <level> Specify verbose level for events printed on stdout.
0 - raw event field only
1 - all event fields (default)
-t Create event-time index (.edx) file(s).
-E Enable event-time search.
-c Specify comma separated values (csv) output.
-S <separator> Specify field separator for events printed on stdout.
For example:
"n" - new line (default)
"t" - tab
"," - comma
";" - semicolon
"|" - vertical bar
-C <file> Specify Columns (fields) for events printed on stdout.
If not specified then all fields are exported.
-N <N> Specify the number of events to export.
-q Specify boolean search expression (query). Supported
operations:
logical: & and |
relational: <, <=, >, >=, =, !=, ~ (like),
!~ (not-like)
Comparisons can be made against string or integer
literals only. All string literals must be put inside
double quotes ("). The 'null' literal is reserved
keyword that can be used to determine whether a value
is null.
Examples:
Find and print events where the <machine> field contains 'test':
java -jar simsar.jar -a /eventarchive/default/2008/02 -q 'machine ~ "test"'
Export the first 100 events to a CSV file:
java -jar simsar.jar -a /eventarchive -N 100 -c -S "," -r events.csv
Create a new archive with events where destination_ip field is equal to
192.168.1.1 and destination_port is equal to 80 or 8080:
java -jar simsar.jar -a /eventarchive/default -o /tmp/archive -q 'destination_ip ="192.168.1.1" & (destination_port = 80 | destination_port = 8080)'
Print raw event data of the events where destination_ip field is equal to
192.168.1.1 and destination_port is less or equal to 1024:
java -jar simsar.jar -a /eventarchive/default -q 'destination_ip ="192.168.1.1" & destination_port <= 1024' -v 0
Notes:
For best performance use the following Java options:
-server -Xmx512m -XX:+UseConcMarkSweepGC
Would you like to reply?
Login or Register to post your comment.