Exporting Events to Files

You can run the phExportEvent tool from a Supervisor or Worker node to export events to CSV files. The file will contain these fields:

  • Customer Id (applicable to SP license)

  • Reporting Device IP

  • Reporting Device Name

  • Event Received Time

  • Raw Message

This code block shows the commands that you can use with phExportEvent, followed by a table that describes

them in more detail.

phExportEvent {--dest DESTINATION_DIR} {--starttime START_TIME | --relstarttime RELATIVE_START_TIME} {--endtime END_TIME | --relendtime RELATIVE_END_TIME} [--dev DEVICE_NAME] [--org ORGANIZATION_NAME] [-t TIME_ZONE]

 

pHExportEvent Command Description
DESTINATION_ DIR Destination directory where the exported event files are saved.
START_TIME Starting time of events to be exported. The format is YYYY-MM-DD HH:MM:SS {+|-} TZ. If TZ is not given, the local time zone of the machine where the script is running will be used. Example: 2010-03-10 23:00:00 -8 means Pacific Standard Time, 23:00:00 03/10/2010. 2010-07-29 10:20:00 +5:30 means India Standard Time 10:20:00 07/29/2010.
RELATIVE_ START_TIME

This must be used together with END_TIME. Starting time of events to be exported is relative backwards to the end time, specified using --endtime END_TIME. The format is

{NUM}{d|h|m}

where NUM is the number of days or hours or minutes. For example, -- relstarttime 5d means the starting time is 5 days prior to the ending time.
END_TIME Ending time of events to be exported. The format is the same as described for START_TIME.
RELATIVE_END_ TIME This must be used together with START_TIME. Ending time of events to be exported is relative forward to the start time, specified using START_TIME. The format is the same that is used for RELATIVE_START_TIME.
DEVICE_NAME Provide the host name or IP address of the device with the events to be exported. Use a comma-separated list to specify multiple IPs or host names, for example, --dev 10.1.1.1,10.10.10.1,router1,router2. Host name is case insensitive.
ORGANIZATION_ NAME This is used only for Service Provider deployments. Provide the name of the organization with the events to be exported. To specify multiple organizations, enter a command for each organization, for example, --org "Public Bank" --org "Private Bank". The organization name is case insensitive.
TIME_ZONE Specifies the time zone used to format the event received time in the exported event files. The format is {+|-}TZ, for example, -8 means Pacific Standard Time, +5:30 means India Standard Time.