I have a savedsearch that needs to run and output a physical file, which a file name that contains a variable with the date in a particular format. I have the search, which works great... The issue I have is with where the outputcsv command puts the csv file that is generated (SPLUNK_HOME\var\run\splunk
). I need to move this to either SPLUNK_HOME\apps\app_name\lookups
or completely out of the Splunk directory, which will be the end result anyway.
I need to know the name of the *.py file in Splunk that contains the script for the outputcsv subroutine OR the name of the file that contains the output directory for the outputcsv subroutine. I can handle it from there, I have just not been successful in locating this python script.
Would Outputlookup work better than outputcsv ?
(or you can extend splunk with your own output -cmd that lets you specify directory & filename, and creates a huge security issue too 🙂
I appreciate that... Any luck as of yet?
Would Outputlookup work better than outputcsv ?
(or you can extend splunk with your own output -cmd that lets you specify directory & filename, and creates a huge security issue too 🙂
Until we figure out exactly where this script lives, we have a PowerShell script running on a regular basis to move the files from the app folder to a shared folder that has been setup.
It may not BE a script, it could be built-in. I'll dig.