Search Exports under Kibana (10 million documents)

smm · June 5, 2025, 6:14am

Hi there,
in an elk stack with basic licence for now (version 8.17.x), I would like to export about 10 million syslog documents out of Kibana. Is there a better way then 'export as a csv file'? Or how can I config the environment to make this task easier?
Thanks for any input!!

dadoonet · June 5, 2025, 7:24am

You can use Logstash I think for this.
Otherwise, there are some community tools like

HTH

smm · June 5, 2025, 8:43am

Thanks! I also found this approach: Just using good old logstash.

input {
elasticsearch {
hosts => ["http://elasticsearch:9200"]
index => "syslog" # Replace with your index name
query => '{"query": {"match_all": {}}}'
size => 10000
scroll => "5m"
}
}

output {
csv {
path => "/usr/share/logstash/output/syslog_export.csv"
fields => ["@timestamp", "host", "message", "severity"] # Adjust to your syslog fields
}
}

Topic		Replies	Views
Elastic/Kibana data exportaion (over 1b hits) Elasticsearch	3	222	September 24, 2024
Export huge dataset (10+million entries) kibana / logstash? APM java , server	5	5075	September 14, 2020
Easiest way to export query results for importing to an independent elasticsearch instance Kibana	2	2695	September 19, 2019
Downloading large amount of logs as CSV using Kibana/Eland Kibana	9	7831	October 25, 2023
What is the correct approach to export xx mil of records from elastic using kibana Kibana	5	902	December 19, 2019

Search Exports under Kibana (10 million documents)

Related topics