After a successful saved-search run, the results can be found on the directory `$SPLUNK_HOME/var/run/splunk/dispatch/scheduler__...`
We know that the result of the search is named `results.csv.gz`
How do we read this in the OS level apps? Untarring it using `tar -xzvf` does not work.
It's not a tarball so tar won't help. It's just a CSV file compressed with gzip. You should be able to view it using gunzip -c results.csv.gz | more
View solution in original post