vast export

Synopsis


usage: export [<parameters>] <command>

exports query results to STDOUT or file

parameters:
  [-h | -? | --help] <boolean>   prints the help text
  [--documentation?] <boolean>   prints the Markdown-formatted documentation
  [-c | --continuous] <boolean>  marks a query as continuous
  [-h | --historical] <boolean>  marks a query as historical
  [-u | --unified] <boolean>     marks a query as unified
  [-n | --max-events] <uint64>   maximum number of results
  [-r | --read] <string>         path for reading the query

subcommands:
  zeek   exports query results in Zeek format
  csv    exports query results in CSV format
  ascii  exports query results in ASCII format
  json   exports query results in JSON format
  pcap   exports query results in PCAP format

Documentation

The export command retrieves a subset of data according to a given query expression. The export format must be explicitly specified:

vast export [options] <format> [options] <expr>

The export command is the dual to the import command.