Exporting visualizations
CSV/JSON Export
If you would like to export the documents matched by a query on an Elasticsearch index, press the 'Export' link at the bottom of the enhanced search results visualization.
This will display a dialog box with several options.
The basic options allow you to choose between CSV (Comma-separated values) and JSON export formats.
Clicking Export in the dialog will begin exporting all the documents matching a query on an Elasticsearch index in the format you have chosen.
For more control over what gets exported, click Additional settings to list some more advanced options.
By default, all fields of an index will be exported. To limit the export to a specific set of fields, click the arrow next to 'Fields'. This will display a list of all the fields in the index we’re exporting from. Simply select the checkbox next to the name of the fields you want to export.
The next option is to limit the number of documents to export. By default all documents matching a query on an Elasticsearch index will be exported, but this can be limited to a specific number by entering it in the 'Limit' input box.
When the 'Export' link at the bottom of the enhanced search results visualization is pressed, the time filter is frozen to the range of time as it is when the link is pressed. This can be refreshed by pressing the refresh icon.
Finally, when exporting as CSV, you have the option of applying field formatters to fields where they are defined. Simply press 'Yes' next to the 'Formatted' option.
Exporting Dashboard Visualizations
Dashboard visualizations can be exported as images or as a PDF document.
To take a snapshot of the dashboard as a PDF or to get a single visualization as an image, first click on the 'Export' button to display the export panel.
Exporting PDF or printing
You can export a PDF snapshot of a dashboard or print it.
In an open dashboard, click Export from the Options menu.
The following additional options are available, which allow you to include other useful information in the exported file:
-
Include dashboard query in output
-
Include non-graphic panels in output (e.g. tables, controls)
|
Panels without results or panels opened in spy mode are not included in the document. |
PNG capture of visualization
To export a single visualization as an image, click on the camera button seen on dashboard visualizations (the button is available while the export panel is open).
The exported visualization will be saved as a PNG image.
| Panels without results or panels opened in spy mode will not be available for capturing. |
Avoiding issues with nginx
Some settings for nginx can interfere with the functionality of the
export feature, namely the proxy_buffering directive.
To avoid any potential issues, we recommend disabling the
proxy_buffering directive in your nginx configuration.
Example nginx configuration, where Siren Investigate is running behind
the proxy on basePath = BASE_PATH:
location /BASE_PATH/export {
proxy_buffering off; <---- Here is the important bit
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/passwords_enterprise;
rewrite /kibi/(.*) /$1 break;
proxy_pass http://127.0.0.1:15013/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
client_max_body_size 100M;
}
location /BASE_PATH {
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/passwords_enterprise;
rewrite /kibi/(.*) /$1 break;
proxy_pass http://127.0.0.1:15013/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
client_max_body_size 100M;
}