Logger export

Is there any way to export bigger search results then 1 000 000?

  • Depending on your needs there are other options of exporting data from Logger.

    Scheduled Search

    Exporting a smaller data set every hour automatically.

    The exported data can be processed in nice handy chunks afterwards.

    (I use a cron job to zip the csv's and do monthly offline statistics)

    Forwarder

    Configuring a forwarder sends the data of a query directly to your target system as data flows in.

    (I use a custom syslog receiver to process the data in CEF format, but a standard syslog server will do fine.)

    Logger API

    Using the Logger API ​ you can automate search exports to retrieve

    multiple smaller searches.

    some ideas