[details="Summary"]
**1. Describe your incident:**
I have searched everywhere to find someone providing a script to automate sidecar configuration for graylog 4.3.14. It did not exist so I made it, leave critiques opinions and anything else you see fit to improve our community as ITs. In order to use it search the script and replace the following with the correct information.
YOURGRAYLOGADDRESSHERE X2
YOURCOLLECTORIDHERE
YOURCONFIGURATIONIDHERE
This script will only run configurations on sidecars that are active at the initial time the script is run, and only configure those that are not configured.
**2. Describe your environment:**
* OS Information: Windows, Graylog 4.3.14
* Package Version: Win10
**3. What steps have you already taken to try and solve the problem?**
Here is the script to run in POWERSHELL 7.
<# Graylog Auto Config Sidecars with API
This script will create a list of "node_ids" for specified hosts not configured and send commands to the global api for graylog every 10 mins until all sidecars are configured.
By David Sugg
**THIS SCRIPT MUST BE RUN IN POWERSHELL 7 OR ABOVE IN ORDER TO USE HTTP COMMANDS Properly**
Ensure C:\Temp exists.
Created 03May23 Modified xx-xxx-xx - initial creation
#>
$Cred = Get-credential
Pause
#Querysidecars for Collectors Equaling "Null"
#----------------------------------------------------------------------#
$Querysidecars = @{
Uri = "https://YOURGRAYLOGWEBADDRESSHERE/api/sidecars/all"
Authentication = "Basic"
Credential = $Cred
Header = @{ 'X-Requested-by' = 'Powershell' }
}
#----------------------------------------------------------------------#
invoke-Restmethod @Querysidecars |Convertto-Json -Depth 6 | Out-File "C:\Temp\graylogoutput.txt"
Get-content "C:\Temp\graylogoutput.txt" | select-string -Pattern '"active":','"node_id":','"assignments":' | Out-File "C:\Temp\graylogoutput1.txt"
Get-Content "C:\Temp\graylogoutput1.txt"| select-string -Pattern 'true' -Context 0,2 | Out-File "C:\Temp\graylogoutput.txt"
Get-content "C:\Temp\graylogoutput.txt" | select-string -Pattern '\[\]' -Context 1,0 | Out-File "C:\Temp\graylogoutput1.txt"
$Sidecars= Get-Content "C:\Temp\graylogoutput1.txt"| select-string -Pattern 'node_id'
$Sidecars= $Sidecars -replace ' "node_id": "|",',''
#LOOP Begin
foreach($h in $Sidecars){
#Build HTML BODY Request
#----------------------------------------------------------------------#
$c= '{
"nodes": [
{
"assignments": [
{
"collector_id":"YOURCOLLECTORIDHERE",
"configuration_id": "YOURCONFIGURATIONIDHERE"
}
],
"node_id":"'
$c+= "$h"
$c+= '"}
]
}'
#----------------------------------------------------------------------#
#Send Configuration to sidecar
#----------------------------------------------------------------------#
$SendConfig = @{
Uri = "https://YOURGRAYLOGADDRESSHERE/api/sidecars/configurations"
Authentication = "Basic"
Credential = $Cred
Header = @{ 'X-Requested-by' = 'Powershell' }
Method = "PUT"
ContentType = "application/json"
Body = $c
}
#----------------------------------------------------------------------#
invoke-Restmethod @SendConfig|ConvertTo-Json
Get-Date -Format "dd-MMM-yyyy HH:mm"
Write-host "$H being configured, now waiting 10 min to begin next config
#------------------------------------------------#"
Start-Sleep -Seconds 600
}
#LOOP End
Get-ChildItem "C:\Temp\"| Where-Object name -like 'graylogoutpu*.txt'| ForEach-Object {Remove-Item $_}
Write-Host "Script Complete!"
**4. How can the community help?**
Critique this and provide more information to make this easier for others. Let me know what you think, thanks! Regarding the lengthy thread title, I labeled it that way so more users searching google could come across it easier.
[/details]
2 Likes
This is great @dsugg. Thanks for posting!
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.