How do I specify the permissions of the .csv file when using outputcsv

New Member

I currently have a scheduled search that generates a .csv report using the outputcsv command at the end of the search. Im currently running Splunk on a Linux server and I notice the owner of the .csv file is "nobody" and when I try to open the file I get a "permission denied" Is there any way to allow Splunk to generate the file and provide read access to everyone when the file is generated?

Tags (2)
0 Karma



I don't believe Splunk will do this natively. Its job is not filesystem management. It does have granular RBAC (Role-based Access Controls) that can be applied inside of Splunk; however, I don't know of anything that would allow you to manipulate the results once it got to the filesystem.

You can do this outside of Splunk if you want, by having your savedsearch trigger a shell script upon successful completion that would chown/chmod the files/directory that Splunk wrote the results to. You can read more about it here:



0 Karma