Solved: outputcsv: can I tell it where to create the CSV

davesplunkmonky · ‎04-09-2010

instead of /var/run/splunk? I would like to stay away from having to point to or move the file in a script.

gkanapathy · ‎04-09-2010

There is not. You can create a script that is triggered after the search is done and the outputcsv has written the file and explicitly put it into a Splunk bin folder to do this, but you probably knew that.

Part of the reason is security related, to prevent search users from being able to have Splunk create files in arbitary locations.

View solution in original post

gkanapathy · ‎04-09-2010

There is not. You can create a script that is triggered after the search is done and the outputcsv has written the file and explicitly put it into a Splunk bin folder to do this, but you probably knew that.

Part of the reason is security related, to prevent search users from being able to have Splunk create files in arbitary locations.

outputcsv: can I tell it where to create the CSV

Splunk Classroom Chronicles: Training Tales and Testimonials (Episode 3)

Operationalizing TDIR: Building a More Resilient, Scalable SOC

Almost Too Eventful Assurance: Part 1

Are you a member of the Splunk Community?

outputcsv: can I tell it where to create the CSV

Splunk Classroom Chronicles: Training Tales and Testimonials (Episode 3)

Operationalizing TDIR: Building a More Resilient, Scalable SOC

Almost Too Eventful Assurance: Part 1