Access to Graylog Datanode API

Is there a way to gain access to the Graylog Datanode API (aka OpenSearch API).
I’ve tried editing the …/opensearch-security/config.yml, …/internal_users.yml, … but they always get overwritten.

I always end up getting :

Authentication finally failed

I’m using Docker and the “official” Graylog Docker Compose file.

Any ideas?

Manual changes to OpenSearch are not possible when using the data node, as Graylog fully manages it. Are you trying to change settings within OpenSearch manually, or are you trying to hook it into something else? The only authentication allowed is between Graylog and the managed OpenSearch instances.

With Graylog v4, I had Grafana querying the Graylog Elasticsearch instance (pfSense log data). With Graylog v5 and the Graylog Datanode, that’s not possible anymore. So my approach as in v4 is not possible anymore. Also I noticed that authentication is done by JWT mechanism.

In my effort to a solution, I’m now using the Graylog Dashboards in combination with the Graylog API (…/api/views/search/65ae56e8d77c052a0ec46f59/execute), which gives me similar result.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.