I am exploring some options for exporting data into text file from Splunk. I have a scheduled saved search which produces results like below in statistical table format. I need this to be written to a .txt file. Results written need to be appended to existing txt file.
count index sourcetype time results
0 A B 04/05/2022 00:00:00 Success exceeds Failures
you would need to format the output
<your search> | table count index sourcetype time results | eval _raw = mvzip(mvzip(mvzip(mvzip(count, index, " "), sourcetype, " "),time, " "),results, " ") | outputtext usexml=false | rename _xml as raw | fields raw | fields - _* | outputcsv append=t results.txt
I do not think you can change the path explicitly in SPL
however, you can write cron jobs to move the file on OS level.