The following article describes how to export large sums of logs, i.e. log quantities greater than the first page of results, from the Alert Logic® console into .csv or .pdf files.
Note: The limit for this process is 200,000 lines for a .csv file and 20,000 lines for a .pdf file. Anything larger will need to be cut into smaller search queries.
To download more than the first page of log message results of a search query, you will need to create a Saved View.
- Within the Alert Logic console, click Search in the main menu.
- Click Log Messages in the submenu.
- Create the log search query, which can include desired dates, message types, tokens, and contexts. Once you're done creating the search query, click on the star icon to save the view.
- A form titled Add new Saved view displays. Name your Saved view, select any applicable groups, and choose who to share the view with. Once you've completed the form, click Create new view.
- To access your newly created saved view, click on the bookmark icon and find the view you just saved. You can type the name of the view into the search bar on the right-hand side of the page if necessary.
- Once you have found and clicked on your desired saved view, click Add schedule.
- Under the Options section, select the Generate PDF check box and/or the Send documents as email attachments check box associated with "When complete generate .csv and:" as needed.
- If neither check box is selected, a .csv file is generated when the report is run and can be accessed by clicking the Show schedules list option for your saved view. (This option is shown in the image above.
- If only the Generate PDF check box is selected, both a .csv file and a .pdf file are generated when the report is run. These files can also be accessed by clicking the Show schedules list option.
- If both the Generate PDF check box and the Send documents as email attachments check box are selected, both a .csv file and a .pdf file are generated when the report is run, and both files are sent to you as attachments in an email notification.
- Under the Scheduling section, select the time frame in which to run the saved view. Your options for running the report include just once immediately, once at a later date and time of your choosing, or on a recurring basis of your choosing.
- Click Add new schedule to schedule your saved view report to be run.
When your saved view report has been run, you will receive an email from the Alert Logic Notification service with the .csv and/or .pdf file attachments that you requested, as well as links to the files stored in the Alert Logic console.