Reporting

How to Properly Read results.csv.gz From Dispatch

morethanyell
Builder

After a successful saved-search run, the results can be found on the directory `$SPLUNK_HOME/var/run/splunk/dispatch/scheduler__...` 

We know that the result of the search is named `results.csv.gz` 

How do we read this in the OS level apps? Untarring it using `tar -xzvf` does not work.

 

Thanks

Labels (2)
0 Karma
1 Solution

richgalloway
SplunkTrust
SplunkTrust

It's not a tarball so tar won't help.  It's just a CSV file compressed with gzip.  You should be able to view it using gunzip -c results.csv.gz | more

---
If this reply helps you, an upvote would be appreciated.

View solution in original post

richgalloway
SplunkTrust
SplunkTrust

It's not a tarball so tar won't help.  It's just a CSV file compressed with gzip.  You should be able to view it using gunzip -c results.csv.gz | more

---
If this reply helps you, an upvote would be appreciated.
Get Updates on the Splunk Community!

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...

Reminder! Splunk Love Promo: $25 Visa Gift Card for Your Honest SOAR Review With ...

We recently launched our first Splunk Love Special, and it's gone phenomenally well, so we're doing it again, ...