Is there any way to export CSV enrichment sources? From time to time these files are lost and it is a hassle to recreate.
Best answer by Basudev Raut
View originalIs there any way to export CSV enrichment sources? From time to time these files are lost and it is a hassle to recreate.
Best answer by Basudev Raut
View originalHi Prabesh,
You can use Search Query and Export as CSV:
Table <table_name> | fields field1, field2, field3
For instance,
Table threat_intelligence | fields domain, category, end_ts, port, score, start_ts, threat_source
You can export this search result as CSV.
Hi,
This conversation is quite old, but I’ll use this thread anyway.
I have tried to export the CSV enrichment source by performing a query and export them in csv. But I have a CSV file with more than 10,000 rows and the export from query method doesn’t fully works as it only export the first 10,000 rows.
Is there another way to fully export the csv enrichment source?
Hi Ahmad,
On that case, rather then fields you can make use of chart count() followed by limit . It will add additional column with count but should be able to do the job.
New query should look like this:
Table <table_name> | chart count() by field1, field2, field3 limit 12000
This will provide 12000 rows of data. If you want more you can change the value but using exponentially higher number might make the UI unresponsive.
Already have an account? Login
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.