Export logs to CSV
Paradarum has exactly one export feature: downloading raw access logs as a CSV file. Use it to archive request data, load it into a spreadsheet, or feed it to your own analytics pipeline. It is backed by GET /api/monitoring/logs/export, which streams text/csv and requires a JWT Bearer token.
:::warning Only raw logs can be exported
There is no export endpoint for aggregate statistics. The summary, traffic, cache, countries, devices, and other /stats/* views are JSON-only and are rendered as charts and tables in the panel — they cannot be downloaded as CSV or JSON. The export below applies solely to raw request logs.
:::
Exporting from the panel
On the Raw Logs page, click the Export CSV button (top-right). It is disabled while the table is loading or when there are no rows.
The export uses your current filter set — search, property, date range, status code, and method — but ignores pagination: instead of a single page, it pulls up to the most recent 100,000 matching rows. The browser saves a file named logs-export-<ISO timestamp>.csv (the server suggests logs_export_<yyyyMMddHHmmss>.csv via the Content-Disposition header).
Calling the endpoint directly
GET /api/monitoring/logs/export accepts the same filters as /api/monitoring/logs. Pagination params (page, pageSize) are accepted but ignored.
| Param | Meaning |
|---|---|
from | Start of range (UTC) |
to | End of range (UTC) |
propertyId | Restrict to a single property |
search | Free-text match on URI, IP, or host |
statusCode | Category (multiple of 100) or exact code |
method | HTTP method; upper-cased server-side |
Authentication is JWT Bearer, and the account is derived solely from the token's GroupSid claim. See Authentication for how to obtain a token.
curl -L -H "Authorization: Bearer $TOKEN" \
"https://api.paradarum.com/api/monitoring/logs/export?from=2026-06-01T00:00:00Z&to=2026-06-10T23:59:59Z&propertyId=42&statusCode=400&method=GET&search=/images" \
-o logs_export.csv
:::tip Use -L on curl
The export responds with a streamed attachment; pass -L so curl follows any redirect and -o to write the body to a file instead of your terminal.
:::
CSV format
The first row is a quoted header. Columns are emitted in this fixed order:
| Column | Meaning |
|---|---|
Time | UTC timestamp, YYYY-MM-DD HH:MM:SS |
Host | Request host |
Method | HTTP method |
URI | Request path |
Status | HTTP status code |
Size | Response size in bytes |
Duration_ms | Request duration in milliseconds |
IP | Client IP address |
Country | ISO country code |
Device | Device type |
Browser | Browser name |
OS | Operating system |
Cache | Cache status (HIT / MISS / BYPASS / EXPIRED) |
"Time","Host","Method","URI","Status","Size","Duration_ms","IP","Country","Device","Browser","OS","Cache"
2026-06-10 14:22:01,cdn.example.com,GET,/images/logo.png,200,18432,12.4,203.0.113.7,US,desktop,Chrome,Windows,HIT
:::note Duration unit differs from the API
The raw-log API returns duration in seconds, but the CSV Duration_ms column is in milliseconds. If you compare the two, convert before doing math.
:::
Limits and error behavior
:::warning Hard cap of 100,000 rows
The export is capped at the most recent 100,000 matching rows (ordered by timestamp descending). Pagination is ignored, so a wide window with more than 100k matching requests is silently truncated to the latest 100k. Narrow your from/to, propertyId, or other filters to capture an older slice.
:::
:::danger 403 when the account has no hostnames
If the authenticated account has no property hostnames, the endpoint returns HTTP 403 — not a CSV file. Make sure the account owns at least one property with a hostname before exporting. A missing or invalid GroupSid claim is rejected as unauthorized.
:::
Related pages
- Raw access logs — the filters that the export honors.
- Authentication — obtaining a JWT Bearer token.
- Monitoring API reference — see "Export logs to CSV" and the full
/stats/*list.