I currently have a scheduled search that generates a .csv report using the outputcsv command at the end of the search. Im currently running Splunk on a Linux server and I notice the owner of the .csv file is "nobody" and when I try to open the file I get a "permission denied" Is there any way to allow Splunk to generate the file and provide read access to everyone when the file is generated?
I don't believe Splunk will do this natively. Its job is not filesystem management. It does have granular RBAC (Role-based Access Controls) that can be applied inside of Splunk; however, I don't know of anything that would allow you to manipulate the results once it got to the filesystem.