Export to CSV failed

I’m trying to export some message as CSV with the export function, (Graylog version 4.1.2), regardless of the browser i’m using, I end up with empty csv even for small request.

I also tried APÏ calls https://<url_base>:9000/api/views/export/ and got HTTP 200 Ok but empty body response

OS Information: RedHat 8.4

my problem is similar to Export to CSV failed - needs authorization? - #6 by gsmith but solutions provided don’t work for me

How can I export sucessfully?

Many thanks in advance

Hello && Welcome

When you execute the Export function does it look like this?

Can you show how/where your using this Export function?

Added info


It looks like this

then i have a pop-up

And finally they ask me where to save the file and when i click save download end up instantly with empty csv


Have you tried TAIL’ing your Graylog log file (server.log) when executing your CSV a download? This might help if there are any issues.

There is nothing in the log whatever the level of logging


Before I start listing troubleshoot tips, can I ask what have you done so far to resolve this issue? I’m unable to reproduce this issue in my lab so more information you could give us would be appreciated.

For now we have in order:

  • Try with Chrome, Internet Explorer, Edge, Firefox
  • Upgrade to graylog 4.2.2
  • Upgrade to Elasticsearch 7.16.1 (originally 7.12)
  • Try increasing RAM in java arguments on startup
  • Try increasing or decreasing number of CPU for process/input/output buffers
  • Trying different elasticsearch options variation (number of shard, logging level)
  • Try to manually rotate and recalculate index ranges

Honestly we are running out of ideas


Side note:

Seams you have something wrong with getting your data on file.

Have you tried exporting just a timestamp field?

Exporting just a timestamp ends wrong the same way.
We are considering rolling back to elasticsearch 7.10 to be supported properly.
Do you think this rollback is possible or we might loose data?


I do believe so, it is not going to end good.

So to sum it up it seams that you can download the file but there is nothing on the file. Not sure all what you have done but I don’t think its resources ( CPU, RAM, etc…). I’m leaning towards a configuration issue. To be honest I have never had that happen, unless when I downloaded CVS file that didn’t have the field or fields in those messages.

What I would have done was check all my Logs on that server for issues. Next, double check Date/Time and firewalls also Selinux/AppArmor.

Last, If you believe this maybe a bug you could open an issue here.

Hope that helps

We have solved the issue by simply adding more ressources CPUs and RAM to the VM running graylog, it seems that elasticsearch was simply in need of RAM and the VM was abusing the use of swap memory making elasticsearch to crash and preventing the export.

For those who read this topic in the future rollback to older version is NOT a good idea.
We tried to rollback to older version but elasticsearch index that have been created by latest version are unreadable by the old one resulting in loss of all data.

We are now running elasticsearch 7.16.1 with graylog 4.2.2 without problem so far.
Thanks everyone for the help!

1 Like

Nice, Thank you for the feed back :smiley:

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.