Is there any way to export CSV enrichment sources ?

testbase bhattaa

May 04, 2021 04:03

Is there any way to export CSV enrichment sources? From time to time these files are lost and it is a hassle to recreate.

4 comments

Date Votes

Basudev Raut May 04, 2021 04:07

Hi Prabesh,

You can use Search Query and Export as CSV:

Table <table_name> | fields field1, field2, field3

For instance,

Table threat_intelligence | fields domain, category, end_ts, port, score, start_ts, threat_source

You can export this search result as CSV.

testbase bhattaa May 04, 2021 04:37

Thank you so much Basudev. This resolved my problem

Ahmad Khilfi June 07, 2023 04:38

Hi,

This conversation is quite old, but I’ll use this thread anyway.

I have tried to export the CSV enrichment source by performing a query and export them in csv. But I have a CSV file with more than 10,000 rows and the export from query method doesn’t fully works as it only export the first 10,000 rows.

Is there another way to fully export the csv enrichment source?

Prabesh Bhatta June 09, 2023 06:15

Hi Ahmad,

On that case, rather then fields you can make use of chart count() followed by limit . It will add additional column with count but should be able to do the job.

New query should look like this:

Table <table_name> | chart count() by field1, field2, field3 limit 12000

This will provide 12000 rows of data. If you want more you can change the value but using exponentially higher number might make the UI unresponsive.

Please sign in to leave a comment.