Re: CSV default output directiry

christantoy · ‎01-22-2013

Hi Ninjas

I would like to know if it possible to change the default csv file output directory below

Results written to file '/splunks/9000/splunk/var/run/splunk/mysearch.csv'

if is possible can you share it to me on how to? I read some others documents but no luck..

and the purpose of changing the default directory because i want to monitory my csv file outputs and to be send it to another server/client using custom scripts.

-----------00000-----------------
Regards and Thanks in Advance
Splunk Ninja From Philippines!

Damien_Dallimor · ‎01-22-2013

If I were you I would consider performing the export from your custom script using Splunk's REST API.You can then export the results in csv format directly into your custom script for processing.A much simpler and more elegant architecture.

We have several language SDK's that make is easier to use the REST API also.

There are many examples available of how to perform the export , for example , here is a python example for exporting to a file.

christantoy · ‎01-22-2013

Thank you.

hmm this one is tough for me for a newbie... maybe i need to read it first.

btw this is my case

i have a search to create a .csv format after that i need to send the .csv file via script.

CSV default output directiry

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

SplunkTrust Application Period is Officially OPEN!

Join the Conversation