Hi All,
I have a user use-case which is to generate an csv file (we used | outputcsv
) and the file got generated in /app/splunk/rel/var/run/splunk/csv/filename.csv
. This file needs to be moved into a shared path like \location\of\shared\path
Is there a script to copy file from unix server to a shared drive, if there is any please do share. If it is not possible to copy to shared path please do let me know. I'm thinking of using it as alert action as script to call a script to copy once the .csv file gets generated.
Any suggestions!
Hi - I have the same need. Have you figured out how to make it work? Please share.
Thanks,
Try to make apps.
In apps, outputlookup
make csv at $SPLUNK_HOME/etc/apps/appsname/lookups.
directory permition could be modified,I guess.
As the documentation says, the outputcsv
command will only write files in the one location. This is protect your system from rogue queries. If you need the CSV file in another location then you'll need to either create a shell script triggered by cron or a Splunk external command appended to your query (... | outputcsv filename.csv | script moveCSV
). See "About writing custom search commands" at https://docs.splunk.com/Documentation/Splunk/7.3.0/Search/Aboutcustomsearchcommands.