Okay, so I’m new to graylog but very keen, I have read the getting started guide and followed it as best I can but to no avail, maybe it’s me but there seem to be assumptions as to depth of knowledge that I simple do not have.
A lot of what I read gives the impression that “filebeats” and redirecting files over the network are basic topics, while they may well be to some I confess they are not to me.
I have downloaded the VM and have it running, I can login to the UI and wander around - all good so far! Beyond that it all seems pretty cryptic.
My goal is to do some fairly basic testing, I have a bunch of log files in a “sort of” syslog format but I know I need to parse them. What I want to do is feed them in (as a one off is fine) so I can try creating extractors then analyzing data via searches/dashboards to evaluate whether graylog will do what I envisage.
So, assuming I have the VM server running and I can have my log files sat on either my Mac or PC is there a straightforward way to do the following:
- Push some logs in and see the messages in graylog (I want to verify if multi-line entries are recognized)
- Delete that data, prepare an extractor and push them in again - analyze the results to determine if my extractor worked effectively
- Repeat step 2 as I add extractors for different line types (still seems a little cryptic as to how to test extractors but I am familiar with regex so hopefully that helps)
Anyone who is patient and willing to provide guidance would be a blessing, I realize the documentation is probably very clear but I do think it assumes a level of knowledge that some of us just do not possess.