4

We use logz.io/#/dashboard/kibana to monitor our logs. My filter results in 8304 hits. I want to export them as a CSV for further analysis. When I click on export (next to New, Save, Open, Share, and Auto-refresh) I only get the first 500 hits.

Leevi L
  • 1,538
  • 2
  • 13
  • 28

1 Answers1

4

Upd. According to response to a similar question, the increasing the value of discover:sampleSize option will help here: downloaded CSVs should contain more rows.

However, in his response the member of Elastic team suggests pulling required data by querying Elasticsearch directly should be preferred.

Try exporting from Elasticsearch directly.

Consider example from this answer to "Is there any way in Elasticsearch to get results as CSV file in curl api?" question.

Alternatively, use a tool called elasticsearch-dump. Getting a csv with logs becomes a two steps process:

  1. First, dump contents of desired index/query into a json file:

    elasticdump \
  --input=http://production.es.com:9200/my_index \
  --output=query.json \
  --searchBody='{"query":{"term":{"username": "admin"}}}'

  2. Turn json file into csv file (more on this in "Export JSON to CSV with Headers using JQ") using jq command line utility.

Alternatively, check out this script to dump ES index in csv format.

oldhomemovie
  • 14,621
  • 13
  • 64
  • 99
  • Ok. Surprised though that since the export button exists in the UI, I can not specify that I want all instead of the first 500. – Leevi L Jul 15 '19 at 08:52
  • 1
    @LeeviL seems like it's possible to download the desired CSV by adjusting a config value in Kibana. I've updated the answer. – oldhomemovie Jul 16 '19 at 08:52