See Also
A Logger Appliance can export events to various sources. Events that match the current query can be exported locally, to a NFS mount, a CIFS mount, as a file .
Events from a Software Logger can be exported locally to the Logger (to the
<install_dir>/data/logger<install_dir>/data/logger directory can be mounted to an NFS or CIFS.
Events can be exported in Comma-Separated Values (CSV) format for easy processing by external applications or as a PDF file for generating a quick report. A PDF report includes a table of search results and charts (if generated). Both raw (unstructured data) and CEF events (structured data) can be included in the PDF exported report.
Events in Common Event Format (CEF) have more columns defined, making the data more useful, but non-CEF events can be exported as well, if desired. The user can control which fields are exported.
Exports can be scheduled to run regularly by creating a Saved Search Job. First, a Saved Search is created, either manually or by saving a query on the Analyze page. A Saved Search can be based on an existing filter. A Saved Search Job combines one or more Saved Searches and a schedule with export options.
The following topics provide more information about exporting events: