Export logs from OpenSearch Dashboards to CSV

Available since 2.23.0 (12.7.0 and 11.7.0)

This section describes how to export logs from the OpenSearch Dashboards navigation panel to the CSV format.

Caution

The log limit is set 10 000 rows, and it does not take into account the resulted file size.

Note

The following instruction describes how to export all logs from the opensearch-master-0 node of an OpenSearch cluster.

To export logs from the OpenSearch Dashboards navigation panel to CSV:

1. Log in to the OpenSearch Dashboards web UI as described in Access StackLight web UIs.

2. Navigate to the Discover page.

3. In the left navigation panel, select the required log index pattern from the top drop-down menu. For example, system* for system logs and audit* for audit logs.

4. In the middle top menu, click Add filter and add the required filters. For example:

   • event.provider matches the opensearch-master logger

   • orchestrator.pod matches the opensearch-master-0 node name

5. In Search field names, search for required fields to be present in the resulting CSV file. For example:

   • orchestrator.pod for opensearch-master-0

   • message for the log message

6. In the right top menu:

   1. Click Save to save the filter after naming it.

   2. Click Reporting > Generate CSV.

   When the report generation completes, download the file depending on your browser settings.