I’ve had an issue recently where I’ve needed to export a huge amount of dfwpktlog events out of Log Insight for external processing. Using the GUI or the API we’re only limited to 20k events per query !
The below script is a simple proof of concept that will prove if it’s feasible for me to get events over a 24 hour period through 5 minute intervals. I also want to understand how long it will take and how large the resulting csv file will be. As it’s intended for exporting a huge amount of dfwpktlogs, I’ve also included functionality to remove duplicates prior to saving to file.
The script is a work in progress as of publication of this post but future versions will be available on github. Reach out or leave any comments if you’d like to see this expanded as I’ve written it with my own (specific) use case in mind 🙂
Find the script here: https://github.com/joshsname/vRLIQueryExtractor