Skip to main content
Skip table of contents

Export Log Sources

You must be logged in as an Administrator to take this action.

You can export logs from Investigator, Tail, or Personal Dashboard search results.

  1. Run a search so you get a search results grid.
  2. Do one of the following:
    • To export all logs, you do not have to select any logs.

    • To export selected logs, select the check box in the first row of the logs you want.

      To select adjacent rows, hold down the Shift key as you click the first and last log selection box. To select non-adjacent rows, hold down the Ctrl key as you click each selection box.

  3. Right-click the selection and click Export All Logs or Export Selected Logs.
    The LogRhythm Log Exporter appears.
  4. In the Export Types section, select one of the following:
    • Email. The logs to become an email attachment
    • File. The default
  5. Select an Export Format:
    • Comma Delimited. Output = LogRhythm_Export_YYYYMMDD_HHMMSS.csv, suitable for use in Microsoft Excel. This is the default.
    • Tab Delimited. Output = LogRhythm_Export_YYYYMMDD_HHMMSS.txt.

    LogRhythm applies these standard formats to both Comma and Tab delimiters in exported log files.

    ValuesDescription
    Date

    Exported with no regional format using modified ISO 8601 Date Format:
    - Date format is: YYYY-MM-DD xxExample: 2010-09-07

    - Time format is: hh:mm:ss [AM|PM] xxExample: 11:31:22 AM

    Rather than the ISO standard 24 clock + time zone indicator, LogRhythm uses an AM|PM designation.

    String Values

    All string values are enclosed with double quotes.

    Double quotes contained in string fields are replaced with single quotes; this includes the raw log message.

    Decimal

    Exported without using the regional setting formatting set from
    My Preferences.

    Comma separators are not included.

    9 digits right of the decimal are supported with the format #0.#########Example: 1000.343323454

    Integer

    Exported with no regional formatting and no commas separators.
    Examples:
    - Log Count format is 10 or 1000 or 10000
    - Priority format is 4 or 45 or 100

    Bytes

    Bytes are exported as Kilobytes in the format: #0.000

    Example: 0.234 or 1.234 or 12.234

    Location Names

    Commas in location names are replaced with colons:

    Example:

    “Boulder, Colorado, Unites States” is exported as
    “Boulder: Colorado: United States”

    Multi-line Log Messages

    Newline is handled via the following:
    - ASCII Code 10 (Line Feed) is replaced by the string \n
    - ASCII Code 13 (Carriage Return) is replaced by the string \r

  6. Click Next.

  7. Select the fields you want to include in the export. Selecting a field allows you to view a description.

    Normal Date Options:

    • Aggregate logs have FirstNormal Date and Last Normal Date options with dates / times that exclude seconds. Example: 7/6/2010 1:41 PM
    • Detail logs have Normal Date and Last Normal Date options with dates / times that include seconds. Example: 7/6/2010 1:41:26 PM


    The order the selected fields are listed here will be their order in the export file.

  8. To change the list order, select a field and click the Move Field Up or Move Field Down buttons.
  9. To use the field names as the first row of the export, specify a time zone or accept the default, which is the current operating system time zone.
  10. (Optional) Select the Include header row box if you want .
  11. Click OK.
    The earlier selection of Export Type (file or email attachment) determines the next window that appears.
    • If you selected Export Type = File:
      1. Enter the path and file name for the exported logs.
      2. Click Save.
      3. On the message that tells you how many logs were successfully exported, click OK.
        The export is complete and you return to the search results page.
    • If you selected Export Type = Email:
      1. Complete the information in the Email Client window:
        If Microsoft Outlook is installed it is the default Email Client, otherwise it is not enabled. When Outlook is selected, the remaining fields are disabled.
        • If you selected SMTP, the remaining fields are enabled for entry. Required fields are:
          • Email, To:
          • Email, From:
          • SMTP Connection Configuration, Server. When the information is available, this field is pre-populated from the Platform Manager Properties.
          Click OK.
          On the message that tells you how many logs were successfully exported, click OK. The export is complete and you return to the search results page.
        • If you selected Outlook, an email message is created with the exported logs as an attachment. The message appears in your task bar.
          1. Complete the appropriate delivery information.
          2. Click Send.
            You return to the Search Results window.
        • If you selected SMTP, a progress bar appears. When the message is sent, the window closes and you return to the search results window.
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close