We have a few reports running in Splunk for stats count of a certain type of events. We are successfully generating a txt file using | outputcsv results.txt but this file is created in a var/run/splunk, whereas we need this file to be pushed to a remote server where it can further travel to fulfill its purpose.
Splunk has no default command to have the results sent to a remote location. You can use either of the below two approaches :
Create a python script which will take a file as input and scp to remote location. Now add this script as a command (i.e securecopy)in Splunk by making entries in commands.conf and authorize.conf . Use this is command after your search string |securecopy results.txt
Create a cron which continuously poll for any new *.txt created recently and will scp to remote location.