your tool should be Rest API, because everything you click on web GUI can be also done with Rest API. Graylog web UI uses Rest API for every operation, so you can easily create same steps.
There is also a Rest API browser in graylog you can use for experiments:
Rest API browser is a nice tool to try, but still I would suggest rather use Developer Tools in browser. Simple open Developer Tools switch to tab Network and XHR requests. Then create for example Lookup table in graylog web UI and then pause recording in Developer Tools. Then find POST/PUT request that create new entry and check parameters used to create it. You can also copy complete request to curl using Copy - Copy as cURL (in Firefox).
So in your case check this Rest PI endpoinds:
- Create lookup adapter (POST):
- Create lookup cache (POST):
- Create lookup table (POST):
- Create pipeline rule (POST):
- Create pipeline (POST):
- Edit pipeline connections (POST):
- Edit pipeline stage - add pipeline rule (PUT):
There is also existing ansible module, that can help with some steps, like create pipeline, pipeline rule, or you can fork it and create implement missing functionality: