You can use the dump search command to export large collections of events onto a local disk. You can use this command with the CLI, Splunk SDK, and Splunk Web.

The basic syntax of the dump command is:

 dump basefilename=<string> [rollsize=<number>] [compress=<number>] [format=<string>] [fields=<comma-delimited-string>] 

The <format> is the data format of the dump file that you are creating. Your format options are raw, csv, tsv,xml, and json.

For search examples and full explanations of the required and optional arguments, see the dump command in the Search Reference.