Deployment Architecture

How to push a report result.txt file created in Splunk to a remote location?

Path Finder


We have a few reports running in Splunk for stats count of a certain type of events. We are successfully generating a txt file using | outputcsv results.txt but this file is created in a var/run/splunk, whereas we need this file to be pushed to a remote server where it can further travel to fulfill its purpose.

is there a way, please help


Tags (3)
0 Karma


Splunk has no default command to have the results sent to a remote location. You can use either of the below two approaches :

  1. Create a python script which will take a file as input and scp to remote location. Now add this script as a command (i.e securecopy)in Splunk by making entries in commands.conf and authorize.conf . Use this is command after your search string |securecopy results.txt

  2. Create a cron which continuously poll for any new *.txt created recently and will scp to remote location.

Get Updates on the Splunk Community!

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...

Observability Highlights | January 2023 Newsletter

 January 2023New Product Releases Splunk Network Explorer for Infrastructure MonitoringSplunk unveils Network ...