@David Cavuto may have something in the works for the future. At present, you can use the approach outlined here: https://cribl.io/blog/exporting-splunk-data/ . Disclaimer: I wrote it and it's technically open-sourced (not officially supported by Cribl). You will need to thaw your buckets before using the tool.