{"id":15993,"date":"2023-07-20T23:02:36","date_gmt":"2023-07-20T20:02:36","guid":{"rendered":"https:\/\/kifarunix.com\/?p=15993"},"modified":"2024-03-10T10:13:24","modified_gmt":"2024-03-10T07:13:24","slug":"export-kibana-search-results-to-csv-excel-file","status":"publish","type":"post","link":"https:\/\/kifarunix.com\/export-kibana-search-results-to-csv-excel-file\/","title":{"rendered":"Easily Export Kibana Search Results to CSV\/Excel file"},"content":{"rendered":"\n<p>How can i easily export Kibana search results to CSV\/Excel file? Well, that is an easy thing to do! Follow through this guide to learn how to export Kibana search results to CSV\/Excel file. Kibana provides an awesome way to visualize and explore your Elasticsearch data. Additionally, it can enable you to export saved searches result, metrics and raw documents of your analysis into a CSV file. This comes in handy if you want to share the <a href=\"https:\/\/www.elastic.co\/guide\/en\/kibana\/current\/reporting-getting-started.html#reporting-getting-started\" target=\"_blank\" rel=\"noreferrer noopener\">report of your analysis<\/a> to someone else who might not have access to Kibana dashboard.<\/p>\n\n\n\n<div class=\"wp-block-rank-math-toc-block\" id=\"rank-math-toc\"><h2>Table of Contents<\/h2><nav><ul><li><a href=\"#exporting-kibana-search-results-to-csv-excel-file\">Exporting Kibana Search Results to CSV\/Excel file<\/a><ul><li><a href=\"#grant-user-access-to-reporting-feature-in-kibana\">Grant User Access to Reporting Feature in Kibana<\/a><\/li><li><a href=\"#perform-a-search-on-kibana\">Perform a Search on Kibana<\/a><\/li><li><a href=\"#export-kibana-search-results-to-csv-excel-file\">Export Kibana Search Results to CSV\/Excel file<\/a><\/li><li><a href=\"#download-kibana-search-results-in-csv-format\">Download Kibana Search Results in CSV Format<\/a><\/li><li><a href=\"#open-kibana-search-results-csv-on-excel\">Open Kibana Search Results CSV on Excel<\/a><\/li><\/ul><\/li><li><a href=\"#other-tutorials\">Other Tutorials<\/a><\/li><\/ul><\/nav><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"exporting-kibana-search-results-to-csv-excel-file\">Exporting Kibana Search Results to CSV\/Excel file<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"grant-user-access-to-reporting-feature-in-kibana\">Grant User Access to Reporting Feature in Kibana<\/h3>\n\n\n\n<p>Before you can proceed, ensure that at least you have read access to the specific index you want to export the search results from.<\/p>\n\n\n\n<p>Similarly, ensure that you have access to reporting on Kibana as extensively described <a href=\"https:\/\/www.elastic.co\/guide\/en\/kibana\/current\/secure-reporting.html#grant-user-access\" target=\"_blank\" rel=\"noreferrer noopener\">here<\/a>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"perform-a-search-on-kibana\">Perform a Search on Kibana<\/h3>\n\n\n\n<p>Next, navigate to Kibana Discover and select an index from which you want to search your specific events from and adjust your search time range accordingly.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1464\" height=\"606\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/07\/adjust-search-time-range.png\" alt=\"\" class=\"wp-image-18017\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/07\/adjust-search-time-range.png?v=1689879362 1464w, https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/07\/adjust-search-time-range-768x318.png?v=1689879362 768w\" sizes=\"(max-width: 1464px) 100vw, 1464px\" \/><\/figure>\n\n\n\n<p>Run your search query to filter specific events. For example, let&#8217;s perform a failed SSH authentication event search;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>event.category: \"authentication\" AND event.action: \"ssh_login\" AND event.outcome: \"failure\"<\/code><\/pre>\n\n\n\n<p>As you can see, for the time range of last 30 days, I got 116 hits;<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1470\" height=\"718\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/07\/search-results-for-last-30-days.png\" alt=\"\" class=\"wp-image-18018\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/07\/search-results-for-last-30-days.png?v=1689879993 1470w, https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/07\/search-results-for-last-30-days-768x375.png?v=1689879993 768w\" sizes=\"(max-width: 1470px) 100vw, 1470px\" \/><\/figure>\n\n\n\n<p>Next, you can choose to export the events the way they are, if you are sharing them to a technical person, otherwise, it is good to select specifics of the events, (if any) so you can export a more clean report.<\/p>\n\n\n\n<p>For my SSH authentication events, we have quite a number of fields that might be of interest such as the source address, destination, username, time, event activity, method of authentication and event result. You can choose to display those specific fields;<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1474\" height=\"747\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/07\/curated-events.png\" alt=\"\" class=\"wp-image-18019\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/07\/curated-events.png?v=1689880697 1474w, https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/07\/curated-events-768x389.png?v=1689880697 768w\" sizes=\"(max-width: 1474px) 100vw, 1474px\" \/><\/figure>\n\n\n\n<p>You can hit the <strong>Save<\/strong> button at the top left menu to save your search query.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"export-kibana-search-results-to-csv-excel-file\">Export Kibana Search Results to CSV\/Excel file<\/h3>\n\n\n\n<p>Once you have searched and filtered your events on Kibana, you can now go ahead and export the results to CSV\/excel.<\/p>\n\n\n\n<p>Note the the default size of CSV supported for export by default is 10mb. If you are exporting huge search results that could possibly go beyond 10mb, then you might need to adjust the value of <code>xpack.reporting.csv.maxSizeBytes<\/code> on Kibana as well the <code>http.max_content_length<\/code>&nbsp;setting in Elasticsearch. While doing this, take into consideration the amount of system resources, especially RAM, assigned to your server. This is so as to ensure that the performance of Kibana and your Elasticsearch cluster is not negatively affected.<\/p>\n\n\n\n<p>Assuming all is good, click the <strong>Share<\/strong> button on the Discover top menu options (with your search filter and results still on), and click <strong>CSV Reports<\/strong>.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1471\" height=\"588\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/07\/share-search-results.png\" alt=\"\" class=\"wp-image-18021\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/07\/share-search-results.png?v=1689881549 1471w, https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/07\/share-search-results-768x307.png?v=1689881549 768w\" sizes=\"(max-width: 1471px) 100vw, 1471px\" \/><\/figure>\n\n\n\n<p>Next, click <strong>Generate CSV<\/strong>. Note that depending on the size of your search it can take sometime to generate.<\/p>\n\n\n\n<p>When report generation is complete, you will be notified on Kibana dashboard to check and download it.<\/p>\n\n\n\n<p>Similarly, you can track the report generation progress in <strong>Stack Management<\/strong> &gt; <strong>Alerts and Insights <\/strong>&gt; <strong>Reporting<\/strong> section.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1468\" height=\"439\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/07\/report-generation-progress.png\" alt=\"Export Kibana Search Results to CSV\/Excel file\" class=\"wp-image-18023\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/07\/report-generation-progress.png?v=1689881872 1468w, https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/07\/report-generation-progress-768x230.png?v=1689881872 768w\" sizes=\"(max-width: 1468px) 100vw, 1468px\" \/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"download-kibana-search-results-in-csv-format\">Download Kibana Search Results in CSV Format<\/h3>\n\n\n\n<p>As you can see above, the report is now ready and available for download.<\/p>\n\n\n\n<p>Under <strong>Actions<\/strong>, there are two options; <strong>Download<\/strong> and <strong>View<\/strong> additional information about the report.<\/p>\n\n\n\n<p>Click the down facing arrow to download your report to your system, in CSV format.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"open-kibana-search-results-csv-on-excel\">Open Kibana Search Results CSV on Excel<\/h3>\n\n\n\n<p>You should now be able to read the CSV export of your results using any Excel software.<\/p>\n\n\n\n<p>See my LibreOffice Calc;<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1296\" height=\"945\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/07\/kibana-search-results-csv-export.png\" alt=\"\" class=\"wp-image-18026\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/07\/kibana-search-results-csv-export.png?v=1689882908 1296w, https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/07\/kibana-search-results-csv-export-768x560.png?v=1689882908 768w\" sizes=\"(max-width: 1296px) 100vw, 1296px\" \/><\/figure>\n\n\n\n<p>Awesome, isn&#8217;t it? You can share the report with the &#8220;management&#8221; now!<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"other-tutorials\">Other Tutorials<\/h2>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/how-to-copy-kibana-dashboard-to-another-kibana-space\/\" target=\"_blank\" rel=\"noreferrer noopener\">How to Copy Kibana Dashboard to Another Kibana Space<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/install-wazuh-manager-with-elk-on-debian\/\" target=\"_blank\" rel=\"noreferrer noopener\">Install Wazuh Manager with ELK on Debian 12<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/enable-kibana-https-connection\/\" target=\"_blank\" rel=\"noreferrer noopener\">Quick Way to Enable Kibana HTTPS Connection<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>How can i easily export Kibana search results to CSV\/Excel file? Well, that is an easy thing to do! Follow through this guide to learn<\/p>\n","protected":false},"author":10,"featured_media":18021,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_lock_modified_date":false,"footnotes":""},"categories":[72,910,121],"tags":[7089,7092,7091,7090],"class_list":["post-15993","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-monitoring","category-elastic-stack","category-howtos","tag-export-kibana-search-results-in-csv","tag-generate-kibana-search-results-csv","tag-kibana-csv-export","tag-kibana-search-results-in-excel-format","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-50","resize-featured-image"],"_links":{"self":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/15993"}],"collection":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/users\/10"}],"replies":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/comments?post=15993"}],"version-history":[{"count":14,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/15993\/revisions"}],"predecessor-version":[{"id":20799,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/15993\/revisions\/20799"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media\/18021"}],"wp:attachment":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media?parent=15993"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/categories?post=15993"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/tags?post=15993"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}