Other Usage
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to Properly Read results.csv.gz From Dispatch

morethanyell
Builder
‎03-15-2022 11:43 AM

After a successful saved-search run, the results can be found on the directory `$SPLUNK_HOME/var/run/splunk/dispatch/scheduler__...` 

We know that the result of the search is named `results.csv.gz` 

How do we read this in the OS level apps? Untarring it using `tar -xzvf` does not work.

 

Thanks

Labels (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎03-15-2022 01:40 PM

It's not a tarball so tar won't help.  It's just a CSV file compressed with gzip.  You should be able to view it using gunzip -c results.csv.gz | more

---
If this reply helps you, Karma would be appreciated.

View solution in original post

Reply
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎03-15-2022 01:40 PM

It's not a tarball so tar won't help.  It's just a CSV file compressed with gzip.  You should be able to view it using gunzip -c results.csv.gz | more

---
If this reply helps you, Karma would be appreciated.
Reply
Get Updates on the Splunk Community!

SOC Modernization: How Automation and Splunk SOAR are Shaping the Next-Gen Security ...

Security automation is no longer a luxury but a necessity. Join us to learn how Splunk ES and SOAR empower ...

Ask It, Fix It: Faster Investigations with AI Assistant in Observability Cloud

  Join us in this Tech Talk and learn about the recently launched AI Assistant in Observability Cloud. With ...

Index This | How many sides does a circle have?

  March 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...
Top