Export to CSV failed

Graylog Central (peer support)
1

I’m trying to export some message as CSV with the export function, (Graylog version 4.1.2), regardless of the browser i’m using, I end up with empty csv even for small request.

I also tried APÏ calls https://<url_base>:9000/api/views/export/ and got HTTP 200 Ok but empty body response

OS Information: RedHat 8.4

my problem is similar to Export to CSV failed - needs authorization? - #6 by gsmith but solutions provided don’t work for me

How can I export sucessfully?

Many thanks in advance

2

Hello && Welcome

When you execute the Export function does it look like this?

image
image1200×519 61.5 KB

Can you show how/where your using this Export function?

Added info

https://docs.graylog.org/docs/csv-export

3

Hello,
It looks like this

export
export1834×542 86.5 KB

then i have a pop-up

And finally they ask me where to save the file and when i click save download end up instantly with empty csv

4

Hello,

Have you tried TAIL’ing your Graylog log file (server.log) when executing your CSV a download? This might help if there are any issues.

5

There is nothing in the log whatever the level of logging

6

Hello,

Before I start listing troubleshoot tips, can I ask what have you done so far to resolve this issue? I’m unable to reproduce this issue in my lab so more information you could give us would be appreciated.

7

Hello,
For now we have in order:

  • Try with Chrome, Internet Explorer, Edge, Firefox
  • Upgrade to graylog 4.2.2
  • Upgrade to Elasticsearch 7.16.1 (originally 7.12)
  • Try increasing RAM in java arguments on startup
  • Try increasing or decreasing number of CPU for process/input/output buffers
  • Trying different elasticsearch options variation (number of shard, logging level)
  • Try to manually rotate and recalculate index ranges

Honestly we are running out of ideas

8

Hello,

Side note:

image
image1685×732 63.6 KB

Seams you have something wrong with getting your data on file.

Have you tried exporting just a timestamp field?

9

Hello,
Exporting just a timestamp ends wrong the same way.
We are considering rolling back to elasticsearch 7.10 to be supported properly.
Do you think this rollback is possible or we might loose data?

10

Hello,

I do believe so, it is not going to end good.

So to sum it up it seams that you can download the file but there is nothing on the file. Not sure all what you have done but I don’t think its resources ( CPU, RAM, etc…). I’m leaning towards a configuration issue. To be honest I have never had that happen, unless when I downloaded CVS file that didn’t have the field or fields in those messages.

What I would have done was check all my Logs on that server for issues. Next, double check Date/Time and firewalls also Selinux/AppArmor.

Last, If you believe this maybe a bug you could open an issue here.

Hope that helps

11

Hello
We have solved the issue by simply adding more ressources CPUs and RAM to the VM running graylog, it seems that elasticsearch was simply in need of RAM and the VM was abusing the use of swap memory making elasticsearch to crash and preventing the export.

For those who read this topic in the future rollback to older version is NOT a good idea.
We tried to rollback to older version but elasticsearch index that have been created by latest version are unreadable by the old one resulting in loss of all data.

We are now running elasticsearch 7.16.1 with graylog 4.2.2 without problem so far.
Thanks everyone for the help!

1 Like
12

@ajd
Nice, Thank you for the feed back :smiley:

13

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.