As you stated, the S3 archiving is definitely the recommended way to go, however, in the event that can’t happen, you should be able to do it by going to your log search, selecting what log sets you would like to export, adjust your time picker accordingly, then run a blank query (nothing in the query bar). Once done you can export to csv, rinse repeat with other log sets. There are some drawbacks to this:
there is a limit to how many logs you can download at one time, I believe it’s a million or so, so if you have a lot of logs, this is very time consuming
This is not automated, it’s manual…enough said
This will only export the logs that have been parsed or moved to log search
You can also try the REST API to automate the process outside of the IDR console, which may be a better way to go than the above method:
One of the drawbacks of using the API is it’s more technical to perform. I will let others chime in if they can offer a more viable solution.