Oracle Cloud Infrastructure Documentation

Export Logs

If you want to store the search results offline, then Oracle Logging Analytics lets you export search results in Comma-separated Values (CSV) or JavaScript Object Notation (JSON) format.

Topics:

To export search results:

  1. Search the logs to obtain your desired result.
  2. Click Export.
  3. For the file format, select Comma-Separated Values or JavaScript Object Notation.
  4. Enter a name for the file and click Export.

In the case of the Records and Histogram visualizations, the search result is exported based on the time, original log content, and all the selected display fields. In the case of Table visualization, the search result is exported based on the time and selected display fields. For any other visualization, the results of the query displayed in the selected visualization is exported.

Export Limits

If the export result can be streamed, then the maximum count of the results retrieved form the data source is 1,000,000. If not streamed, then the maximum count is:

  • 500 if the query includes link command
  • 10,000 if the query doesn't include link command
  • 10,000 if the query includes commands like head, tail, or stats.

Large Exports

Oracle Logging Analytics is optimized for searching and aggregating logs, but not for exporting large amount of data. Large exports are limited and throttled to minimize the impact on the system.

Export Query Restrictions and Limits

  • Limits:

    • A maximum of one export per second
    • A maximum of 7 exports per minute
    • A maximum of 100 exports per 15 minutes

  • Commands not allowed: A Large field is the one that is used for holding large amount of data. The following commands cannot be used with large fields in the queries used for exporting logs due to high resource usage. 

    extract
jsonextract
xmlextract

eval/where
   substr
   replace
   reverse

    The following are some examples of large fields: 

    Arguments
Call Stack Trace
Data Received
Data Sent
Environment
Error Stack Dump
Error Text
Exception
Message
Original Log Content
Resource Limit Settings
SQL Bind Variables
SQL Statement
Stack Trace
Supplemental Detail
URI

    Do not assign large fields into temporary variables and use them with above commands. A field derived from operations such as below cannot be used with the above commands: 

    message
message || a, 
a || message, 
concat(message, a), 
concat(a, message), 
upper(message), 
lower(message), 
trim(message), 
ltrim(message), 
rtrim(message)

    Instead of using commands like extract or regex in your export query, define Extended Fields and use those fields for such requirements. See Use Extended Fields in Sources.

  • If you are using log partitioning:

    If you have enabled log partitioning in your tenant, then you can include a maximum of 5 log sets in the export query.