How can i easily export Kibana search results to CSV/Excel file? Well, that is an easy thing to do! Follow through this guide to learn how to export Kibana search results to CSV/Excel file. Kibana provides an awesome way to visualize and explore your Elasticsearch data. Additionally, it can enable you to export saved searches result, metrics and raw documents of your analysis into a CSV file. This comes in handy if you want to share the report of your analysis to someone else who might not have access to Kibana dashboard.
Table of Contents
Exporting Kibana Search Results to CSV/Excel file
Grant User Access to Reporting Feature in Kibana
Before you can proceed, ensure that at least you have read access to the specific index you want to export the search results from.
Similarly, ensure that you have access to reporting on Kibana as extensively described here.
Perform a Search on Kibana
Next, navigate to Kibana Discover and select an index from which you want to search your specific events from and adjust your search time range accordingly.
Run your search query to filter specific events. For example, let’s perform a failed SSH authentication event search;
event.category: "authentication" AND event.action: "ssh_login" AND event.outcome: "failure"
As you can see, for the time range of last 30 days, I got 116 hits;
Next, you can choose to export the events the way they are, if you are sharing them to a technical person, otherwise, it is good to select specifics of the events, (if any) so you can export a more clean report.
For my SSH authentication events, we have quite a number of fields that might be of interest such as the source address, destination, username, time, event activity, method of authentication and event result. You can choose to display those specific fields;
You can hit the Save button at the top left menu to save your search query.
Export Kibana Search Results to CSV/Excel file
Once you have searched and filtered your events on Kibana, you can now go ahead and export the results to CSV/excel.
Note the the default size of CSV supported for export by default is 10mb. If you are exporting huge search results that could possibly go beyond 10mb, then you might need to adjust the value of xpack.reporting.csv.maxSizeBytes
on Kibana as well the http.max_content_length
setting in Elasticsearch. While doing this, take into consideration the amount of system resources, especially RAM, assigned to your server. This is so as to ensure that the performance of Kibana and your Elasticsearch cluster is not negatively affected.
Assuming all is good, click the Share button on the Discover top menu options (with your search filter and results still on), and click CSV Reports.
Next, click Generate CSV. Note that depending on the size of your search it can take sometime to generate.
When report generation is complete, you will be notified on Kibana dashboard to check and download it.
Similarly, you can track the report generation progress in Stack Management > Alerts and Insights > Reporting section.
Download Kibana Search Results in CSV Format
As you can see above, the report is now ready and available for download.
Under Actions, there are two options; Download and View additional information about the report.
Click the down facing arrow to download your report to your system, in CSV format.
Open Kibana Search Results CSV on Excel
You should now be able to read the CSV export of your results using any Excel software.
See my LibreOffice Calc;
Awesome, isn’t it? You can share the report with the “management” now!
Other Tutorials
How to Copy Kibana Dashboard to Another Kibana Space