input {
elasticsearch {
hosts => ["host1:9200", "host2:9200"]
index => "index-2020"
user => "elastic"
password => "xxxx"
}
}
filter {
mutate { remove_field => ["field1","field2","@timestamp","@version"] }
}
output {
csv {
fields => [ "myfield1","myfield2","myfield3" ]
csv_options => { "col_sep" => "," }
path => "/data01/csv_files/test.csv"
}
stdout { codec => rubydebug }
}
Pretty much same what previous use said
https://discuss.elastic.co/t/how-to-export-csv-in-kibana-7-5-with-more-then-1-million-row/214526/4