GrayLog

the graylog connector leading centralized log management solution for capturing, storing, and enabling real time analysis of terabytes of machine data prerequisites the asset for this connector requires a username and password or an api key, which can be generated in the ui by navigating to administrator > users > more actions > edit tokens to use an api key to authorize, place the api key in the password field and leave username blank capabilities this connector provides the following capabilities absolute search relative search configurations asset authenticates graylog using password or token configuration parameters parameter description type required url a url to the target host string required username account username leave blank if using api key string optional password account password or api key string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions absolute search search graylog logs by absolute time window useful for log investigation during a target time window endpoint url /api/search/universal/absolute method get input argument name type required description query string required query (lucene syntax) from string required timerange start see description for date format to string required timerange end see description for date format limit number optional maximum number of messages to return offset number optional parameter for absolute search filter string optional parameter for absolute search fields string optional comma separated list of fields to return sort string optional sorting (field \ asc / field \ desc ) decorate boolean optional run decorators on search result output parameter type description status code number http status code of the response reason string response reason phrase query string output field query built query string output field built query used indices array output field used indices file name string name of the resource file string output field file messages array response message file name string name of the resource file string output field file fields array output field fields file name string name of the resource file string output field file time number time value total results number result of the operation from string output field from to string output field to decoration stats object output field decoration stats example \[ { "status code" 200, "response headers" { "date" "wed, 03 jan 2024 07 15 07 gmt", "content type" "application/json", "content length" "193", "connection" "keep alive", "x content type options" "nosniff", "x graylog node id" "3ca9c1dd 049c 4924 97ca e18c9f78ecd9", "x frame options" "deny", "content security policy" "default src 'self'; style src 'self' 'unsafe inline'; script src 'self' 'unsafe ", "x runtime microseconds" "989350" }, "reason" "ok", "json body" { "query" " ", "built query" " ", "used indices" \[], "messages" \[], "fields" \[], "time" 44, "total results" 0, "from" "2014 01 23t15 34 49 000z", "to" "2022 01 23t15 34 49 000z", "decoration stats" null } } ] relative search "graylog search for logs by a relative time window (last x minutes)", endpoint url /api/search/universal/relative method get input argument name type required description query string required query (lucene syntax) range number required relative timeframe to search in see method description limit number optional maximum number of messages to return offset number optional parameter for relative search filter string optional parameter for relative search fields string optional comma separated list of fields to return sort string optional sorting (field \ asc / field \ desc ) decorate boolean optional run decorators on search result output parameter type description status code number http status code of the response reason string response reason phrase query string output field query built query string output field built query used indices array output field used indices file name string name of the resource file string output field file messages array response message highlight ranges object output field highlight ranges message object response message kubernetes annotations commitid string unique identifier gl2 remote ip string output field gl2 remote ip gl2 remote port number output field gl2 remote port source string output field source kubernetes labels region string output field kubernetes labels region gl2 source input string input data for the action kubernetes labels app string output field kubernetes labels app kubernetes labels slot string output field kubernetes labels slot stream string output field stream kubernetes annotations branch string output field kubernetes annotations branch gl2 source node string output field gl2 source node timestamp string output field timestamp kubernetes labels pod template hash string output field kubernetes labels pod template hash gl2 accounted message size number response message streams array output field streams example \[ { "status code" 200, "response headers" { "date" "thu, 04 jan 2024 11 45 31 gmt", "content type" "application/json", "transfer encoding" "chunked", "connection" "keep alive", "content encoding" "gzip", "x content type options" "nosniff", "x graylog node id" "3ca9c1dd 049c 4924 97ca e18c9f78ecd9", "x frame options" "deny", "content security policy" "default src 'self'; style src 'self' 'unsafe inline'; script src 'self' 'unsafe ", "x runtime microseconds" "292048" }, "reason" "ok", "json body" { "query" " ", "built query" " ", "used indices" \[], "messages" \[], "fields" \[], "time" 31, "total results" 1372, "from" "2024 01 04t11 43 51 507z", "to" "2024 01 04t11 45 31 507z", "decoration stats" null } } ] response headers header description example connection http response header connection keep alive content encoding http response header content encoding gzip content length the length of the response body in bytes 193 content security policy http response header content security policy default src 'self'; style src 'self' 'unsafe inline'; script src 'self' 'unsafe eval'; img src data ; connect src content type the media type of the resource application/json date the date and time at which the message was originated thu, 04 jan 2024 11 45 31 gmt transfer encoding http response header transfer encoding chunked x content type options http response header x content type options nosniff x frame options http response header x frame options deny x graylog node id http response header x graylog node id 3ca9c1dd 049c 4924 97ca e18c9f78ecd9 x runtime microseconds http response header x runtime microseconds 292048 notes for more information on graylog graylog api documentation https //circles graylog cloud/api/api browser/global/index html#!/system/inputs whenever you are using query parameter, please pass it in lucene syntax