Export saved search data to csv from command line

Hi,
I saw this topic entry: Graylog 2.3.1 - Export to CSV via API Call now closed and wondered if there is now a solution for it as I have the same requirement.

I am using this command:

curl -u user:pwd -H ‘Accept: text/csv’ -X GET ‘http://:9000/search?saved=5c3c8b7986fc7c3f9fb675a4&width=1903&rangetype=relative&fields=%2Cfw_action%2Cfw_categoryname%2Cfw_url%2Cfw_user&relative=604800&q=fw_action%20%3D%20block%20%26%26%20_exists_%3Afw_user’

but so far I only seem to get a page 404 error so making less progress than my predecessor. Also more a problem for once it is working, but I also don’t seem able to give roles or users access to the search menu option or to saved searches and so presume from this that the credentials would need to be those of our admin account.

Any help in getting this to work or alternative solutions for automating export of CSV data would be much appreciated.

Thanks,
Martin

Is it a typo or otherwise intentionally omitted that you don’t have a hostname (maybe localhost or 127.0.0.1) in your copy/pasted command?

or just hide his/her IP…

@martinwoodger
only admins have acces to search menu. You can give rights on streams, eg. all messages.

Do you really want to use saved search? You can use the keywords in the CLI export also. OK, it is a workaround, but maybe could work.

Hi sorry I meant to put in a generic “servername” so removed it but then forgot. i am using IP address when I run the command.

I’m quite new to graylog, but with saved search I found it was easier to produce the output I needed. I will take another look at streams on your advice, thanks.

I now have my blocked web request data streaming to a csv output using a csv export plugin on github. So thanks for the direction and thanks to R Westmoreland for this plugin: https://github.com/rswestmoreland/graylog-delimited-file-output-plugin

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.