hi,
I have a script that uses this code http://splunk-base.splunk.com/answers/45794/want-to-forward-contents-of-stdin-to-my-script
but output is in csv format, is there a way to get the raw data instead?
* | table _raw | outputcsv mysearch
This will output the results to $SPLUNK_HOME/var/run/splunk/mysearch.csv with just pure raw data in it.