Yea a use case would be nice to have. The problem with constantly updating a csv is you're constantly changing the search knowledge bundle, and I'm not entirely sure what that would do to your environment. A better approach might involve summary indexing, kvstore, or data model + acceleration at the end of the day. I would think constantly outputting a csv would be the last thing you'd want to do.

Here is the situation :
I have a dashboard with 20 panels, each panel do different things.
- it must get the 24hrs worth of data (12,000+ data per 24hrs)
- It must be in real time( every 5-30 seconds if possible) since it was using a time chart
- must work smoothly as possible

Now here's my concern:
- If I use a data model + acceleration/ summary indexing: would it gather new data less than a minute ago?

Why did i use outputcsv ?
- I create a saved search that outputcsv file every minute ( that the shortest chron I think ), I kind of lost of option that why I choose it.

What is the best way to handle this kind of situation?