Exporting Large Datasets from XPLG Using a File Forwarder

Common Use Case

While XPLG provides multiple data exporting options via the GUI, exports are limited to 1,000,000 events per export. When larger datasets need to be exported, a File Forwarder offers a more efficient solution that bypasses dataset size limitations.

Using a File Forwarder allows you to:

• Forward logs to a specific file for storage or further processing.

• Define any desired time range for log extraction.

• Utilize the forwarder’s replay functionality to efficiently export historical data.

Important Considerations

⚠ Mandatory Requirement: Ensure that the destination path where logs will be written has sufficient storage capacity to accommodate the required data.

Be sure to check:

• Available disk space to prevent overflow.

• File size limits that may restrict log storage.

Example Scenario

If you need to export all events from a large log spanning the past three months, direct export from the search interface may not be feasible due to volume limitations.

Recommended Steps:

1. Create a File Forwarder and configure it to collect the relevant logs.
   📖 Refer to the File Forwarder Documentation for detailed instructions.

2. Set the Time Frequency to "Never"

   • This ensures the forwarder does not run cyclically unless required.

3. Replay the Forwarder within the Selected Time Frame

   • This allows you to retrieve and export the logs efficiently.
     📖 Refer to the Replaying Data of a Forwarder Documentation for step-by-step guidance.

By following this approach, you can export large datasets efficiently without encountering GUI export limitations.