The following article describes how to export large sums of logs, log quantities greater than the first page of results, from the Alert Logic® user interface (UI) into .csv or .pdf files.
NOTE: The limit for this process is 200,000 lines for a .csv file and 20,000 lines for a .pdf file. Anything larger will need to be cut into smaller search queries.
To download more than the first page of log message results of a search query, you will need to create a Saved View.
- Within the Alert Logic UI, choose Log Manager from the drop-down menu at the top of the page.
- On the left-hand side of the page under Monitoring, choose Messages.
- Create the log search query, which can include desired dates, message types, tokens, and contexts. Once you're done creating the search query, click on the star icon to save the view.
- A form titled Add new Saved view will appear. Name your Saved view, select any applicable groups, and choose who to share the view with. Once you've completed the form, choose Create new view.
- To access your newly created saved view, click on the bookmark icon and find the view you just saved. You can type the name of the view into the search bar on the right-hand side of the page if necessary.
- Once you have found and clicked on your desired saved view, choose Add schedule.
- Under the Options section, you may check the Generate PDF box and Send documents as email attachments box associated with "When complete generate .csv and:".
NOTE: Checking the Generate PDF box will send you a .csv and a .pdf file when the report is run. Checking both the Generate PDF and Send documents as email attachments boxes will send you only the .pdf file, and you will need to manually download the .csv file within the Alert Logic UI.
- Under the Scheduling section, select the time frame in which to run the saved view. Your options for running the report include just once immediately, once at a later date and time of your choosing, and on a recurring basis of your choosing.
When your saved view report has been run, you will receive an email from the Alert Logic Notification service with the .csv and/or .pdf file attachments that you requested, as well as links to the files stored in the Alert logic UI.