Automating Streams, Input and alert creation

sayuj · March 4, 2020, 7:13am

Hi,

I am trying to automate streams, alerts and input creation in Graylog for different environment prod, QA, UAT etc. Is there a way to do that other than dashboard I mean via scripts or something.
Any help is highly appreciated. Also, can anybody suggest me email id to the Graylog product team as I can mail them same query?

jan · March 4, 2020, 7:19am

he @sayuj

you can use something like this ansible modul: https://github.com/ReconInfoSec/ansible-graylog-modules

or make use of the API and create something on your own.

sayuj · March 4, 2020, 7:37am

@jan is there any other way apart from these?

jan · March 4, 2020, 8:17am

he @sayuj

yes, you could use the content packs: https://docs.graylog.org/en/3.2/pages/content_packs.html

sayuj · March 4, 2020, 12:18pm

@jan do you have graylog product support email id can you share with me if you have in hand?

jan · March 4, 2020, 12:23pm

@sayuj the Graylog support is only given for paying customers - if you are a paying customer you should know how to reach the Graylog support.

If you are not a paying customer but want to reach out to support, you need to talk to sales first to get a valid contract that allows to reach out to support.

graylog.org/contact-sales

sayuj · March 11, 2020, 4:19am

@jan is there a way in graylog I can create input beats as outputs under the collectors manage configuration via graylog API browser. If yes can you please let me what is the name of the section under swagger doc.
Thanks in advance

sayuj · March 11, 2020, 5:13am

Need help in knowing what is is correct payload for creating input beats under collectors. The payload i am using is

{
“backend”: “filebeat”,
“type”: “file”,
“name”: “test”,
“properties”: {
“paths”: “[‘E:\test\*.txt’]”,
“exclude_files”: “”,
“scan_frequency”: “10s”,
“encoding”: “plain”,
“ignore_older”: “0”,
“document_type”: “log”,
“exclude_lines”: “”,
“include_lines”: “”,
“tail_files”: true,
“multiline”: true,
“multiline_negate”: true,
“multiline_match”: “after”,
“multiline_pattern”: “[^test-]”
},
“forward_to”: “1c54646aae1815f3002686c1”
}

is giving me error

{
“type”: “ApiError”,
“message”: “HTTP 415 Unsupported Media Type”
}

The url I am using is http://xx.xxx.xx.x:{port}/api/plugins/org.graylog.plugins.collector/configurations/{collectorid}/inputs

Any help is greatly appreciated

sayuj · March 13, 2020, 5:45am

@jan any idea about the input paylaod issue

system · March 27, 2020, 5:45am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Configuring Graylog Exclusively through API Graylog Central (peer support)	5	830	June 22, 2017
Update content packs using autoloading functionality Graylog Central (peer support)	6	1315	August 24, 2018
Filebeat & Graylog (processors & extractors) Graylog Central (peer support)	3	1537	March 18, 2019
Create graylog users using ansible or content pack Graylog Central (peer support)	3	1042	October 16, 2017
Source application log sending authentication Development	5	219	March 17, 2024

Automating Streams, Input and alert creation

Related topics