Open topic with navigation

Exporting Search Results

To export the results of your search:

1. Run a search query from the Search page.
2. Click the Export Results icon above the histogram.
3. Select the appropriate export option:

Export Type	Description	Details Required
Save to local disk	Saves the file in a local system from which you access Logger or a browser for viewing or saving.	File Format Select Fields Include Event Total Include only CEF Events Rerun Query
Export to remote location (Appliance)	Saves the file in a remote location. On a Logger Appliance, the file is written to an NFS mount, or a CIFS mount.. Note: Make sure to configure a remote file system prior exporting results in your appliance. For more information, see Remote File Systems.	Remote Location File Format Select Fields Include Event Total Include only CEF Events Rerun Query
Save to Logger	Saves the file in Logger. To view the saved files in Logger, go to Configuration > Search > Saved Search Files.	Export File Name File Format Select Fields Include Event Total Include only CEF Events Rerun Query

4. Based on the export option, select or add the following details:

Details required	Description
File Format	Select CSV to produce a comma-separated values file. You can also export a file containing search results in charts. OR Select PDF to produce a report-style PDF that contains the search results in tables and charts. Tip: Charts are only included if the search query contains an operator that creates charts, such as chart, top, and so on.
Export file name	Specify the name of the file. If the file name already exists and the overwrite box is not checked, an error is generated. If the Overwrite box is checked, the existing file is overwritten.
Select Fields	Specify the fields to be included in the exported file. Select Fieldset Table to drag and drop to the Selected Fields column. Select Fieldset Text to write down the fieldsets. To select all the fields, check the all fields box. To export fields created as a result of rex, extract, rename, or eval operators, or field created when a parser is applied to an event, ensure that *user is selected in the Fields list. Note: Export meta data fields along with other fields. Exporting only the meta data fields ( Event Time, device and Logger) is not supported by Logger.
Title (for PDF only)	Enter a meaningful name that appears on top of the PDF file. Make sure to select the All Fields option for this option to appear. If no title is specified, search result will be named as “Untitled”.
Chart Type (for PDF only)	Select the type of chart to include in the PDF file. You can select from: Column, Bar, Donut, Area, Line, Stacked Column, Stacked Bar. Note: If the Chart Type is different from the chart displayed on the Search Results screen, the value selected for this option overrides the one shown in the screen.
Chart Result Limit (for PDF only)	Specify the number of unique values to plot. Default: 10 If the configured Chart Result Limit is less than the number of unique values for a query, the top values equal to the Chart Result Limit are plotted.
Include Event Total	Select to include the total number of events in the exported search results.
Include only CEF Events	Select to include CEF events in the exported search results.
Rerun query	Select to rerun the query before exporting the search results.

5. Click Export. To exit the operation, click Cancel.

To view the export results status (query, timeline, events scanned, and progress), go to the section based on the option you selected.

• Save to Local Disk: Click on download results.
• Save to Logger: Click on Saved Search Files.
• Export to Remove Location: In the NFS drop down, click the NFS in which the results were saved. You will be redirected to the VM which later needs to be accessed.

See Also