Solved: Error in outputcsv command: could not write to fil...

dbryan · ‎04-08-2013

When I run:

search * | head 10 | /home/splunk/test/aaa.csv

I see this error:

Could not write to file '/home/splunk/test/aaa.csv

More info:

Splunk is running as the owner of the directory
the owner has read and write permissions
the directory is on the same filesystem as $SPLUNK_HOME

Anyone have any idea what this could be?

gkanapathy · ‎04-09-2013

Outputcsv will only write files to splunk's var/run/splunk directory, for security reasons. It will not write to arbitrary file system locations. You could, I believe, create a symlink (or hard link) to a directory under there and write to that location however.

View solution in original post

gkanapathy · ‎04-09-2013

Outputcsv will only write files to splunk's var/run/splunk directory, for security reasons. It will not write to arbitrary file system locations. You could, I believe, create a symlink (or hard link) to a directory under there and write to that location however.

stephenho · ‎04-08-2013

Have you created the csv lookup file under
manager -> lookups -> lookup table files -> new ?

Also, I think your syntax is wrong, and what you actually want to type is

search * |head 10| outputcsv csvfilename.csv

csvfilename.csv being the name of the file you created in the first step.

See if that works for you.

dbryan · ‎04-08-2013

Indeed, I meant to have outputcsv there.

outputcsv doesn't require a lookup table to be created though. I think you're thinking of outputlookup.

It works if I give it a relative path like "filename.csv", but not an absolute path. I'm trying to automate delivery of reports to a shared drive.

Error in outputcsv command: could not write to file

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms