GrayLog

the graylog connector leading centralized log management solution for capturing, storing, and enabling real time analysis of terabytes of machine data prerequisites the asset for this connector requires a username and password or an api key, which can be generated in the ui by navigating to administrator > users > more actions > edit tokens to use an api key to authorize, place the api key in the password field and leave username blank capabilities this connector provides the following capabilities absolute search relative search notes for more information on graylog https //circles graylog cloud/api/api browser/global/index html#!/system/inputs whenever you are using query parameter, please pass it in lucene syntax configurations asset authenticates graylog using password or token configuration parameters parameter description type required url a url to the target host string required username account username leave blank if using api key string optional password account password or api key string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions absolute search search graylog logs by absolute time window useful for log investigation during a target time window endpoint url /api/search/universal/absolute method get input argument name type required description parameters query string required query (lucene syntax) parameters from string required timerange start see description for date format parameters to string required timerange end see description for date format parameters limit number optional maximum number of messages to return parameters offset number optional parameters for the absolute search action parameters filter string optional parameters for the absolute search action parameters fields string optional comma separated list of fields to return parameters sort string optional sorting (field \ asc / field \ desc ) parameters decorate boolean optional run decorators on search result input example {"parameters" {"query" "query","from" "2023 01 23t15 34 49 000z","to" "2023 10 23t15 34 49 000z","limit" 300,"offset" 12,"filter" "filter","fields" "field1,field2","sort" "timestamp","decorate"\ false}} output parameter type description status code number http status code of the response reason string response reason phrase query string output field query built query string output field built query used indices array output field used indices used indices file name string name of the resource used indices file string output field used indices file messages array response message messages file name string name of the resource messages file string response message fields array output field fields fields file name string name of the resource fields file string output field fields file time number time value total results number result of the operation from string output field from to string output field to decoration stats object output field decoration stats output example {"status code" 200,"response headers" {"date" "wed, 03 jan 2024 07 15 07 gmt","content type" "application/json","content length" "193","connection" "keep alive","x content type options" "nosniff","x graylog node id" "3ca9c1dd 049c 4924 97ca e18c9f78ecd9","x frame options" "deny","content security policy" "default src 'self'; style src 'self' 'unsafe inline'; script src 'self' 'unsafe ","x runtime microseconds" "989350"},"reason" "ok","json body" {"query" " ","built query" " ","used indices" \[ relative search "graylog search for logs by a relative time window (last x minutes)", endpoint url /api/search/universal/relative method get input argument name type required description parameters query string required query (lucene syntax) parameters range number required relative timeframe to search in see method description parameters limit number optional maximum number of messages to return parameters offset number optional parameters for the relative search action parameters filter string optional parameters for the relative search action parameters fields string optional comma separated list of fields to return parameters sort string optional sorting (field \ asc / field \ desc ) parameters decorate boolean optional run decorators on search result input example {"parameters" {"query" "query","range" 300,"limit" 300,"offset" 12,"filter" "filter","fields" "field1,field2","sort" "timestamp","decorate"\ false}} output parameter type description status code number http status code of the response reason string response reason phrase query string output field query built query string output field built query used indices array output field used indices used indices file name string name of the resource used indices file string output field used indices file messages array response message messages highlight ranges object response message messages message object response message messages message kubernetes annotations commitid string unique identifier messages message gl2 remote ip string response message messages message gl2 remote port number response message messages message source string response message messages message kubernetes labels region string response message messages message gl2 source input string input data for the action messages message kubernetes labels app string response message messages message kubernetes labels slot string response message messages message stream string response message messages message kubernetes annotations branch string response message messages message gl2 source node string response message messages message timestamp string response message messages message kubernetes labels pod template hash string response message messages message gl2 accounted message size number response message messages message streams array response message output example {"status code" 200,"response headers" {"date" "thu, 04 jan 2024 11 45 31 gmt","content type" "application/json","transfer encoding" "chunked","connection" "keep alive","content encoding" "gzip","x content type options" "nosniff","x graylog node id" "3ca9c1dd 049c 4924 97ca e18c9f78ecd9","x frame options" "deny","content security policy" "default src 'self'; style src 'self' 'unsafe inline'; script src 'self' 'unsafe ","x runtime microseconds" "292048"},"reason" "ok","json body" {"query" " "," response headers header description example connection http response header connection keep alive content encoding http response header content encoding gzip content length the length of the response body in bytes 193 content security policy http response header content security policy default src 'self'; style src 'self' 'unsafe inline'; script src 'self' 'unsafe eval'; img src data ; connect src content type the media type of the resource application/json date the date and time at which the message was originated wed, 03 jan 2024 07 15 07 gmt transfer encoding http response header transfer encoding chunked x content type options http response header x content type options nosniff x frame options http response header x frame options deny x graylog node id http response header x graylog node id 3ca9c1dd 049c 4924 97ca e18c9f78ecd9 x runtime microseconds http response header x runtime microseconds 292048