I have oracle event logs feeding into Elasticsearch. All is great, except the oracle admins have times where they want to view the whole oracle log file, not just a single event. Has anyone exported the data out of elasticsearch and back into a log format?
Hi lhorsky1,
I have not seen that, but here are some options:
- Assuming you are using kibana. The admin could set a filter on the
pathfield to see all the events from this file. - It should be possible with logstash, using elasticsearch input and file output. But the resulting file might not be exactly the same as it was before processing it (e.g. if you droped fields, mutated fields etc.).
Personally I would recommend having a look at the original file, directly on the server, as this is unmodified.
Cheers,
Jakob