Basic, basic tutorial


#1

Okay, so I’m new to graylog but very keen, I have read the getting started guide and followed it as best I can but to no avail, maybe it’s me but there seem to be assumptions as to depth of knowledge that I simple do not have.

A lot of what I read gives the impression that “filebeats” and redirecting files over the network are basic topics, while they may well be to some I confess they are not to me.

I have downloaded the VM and have it running, I can login to the UI and wander around - all good so far! Beyond that it all seems pretty cryptic.

My goal is to do some fairly basic testing, I have a bunch of log files in a “sort of” syslog format but I know I need to parse them. What I want to do is feed them in (as a one off is fine) so I can try creating extractors then analyzing data via searches/dashboards to evaluate whether graylog will do what I envisage.

So, assuming I have the VM server running and I can have my log files sat on either my Mac or PC is there a straightforward way to do the following:

  1. Push some logs in and see the messages in graylog (I want to verify if multi-line entries are recognized)
  2. Delete that data, prepare an extractor and push them in again - analyze the results to determine if my extractor worked effectively
  3. Repeat step 2 as I add extractors for different line types (still seems a little cryptic as to how to test extractors but I am familiar with regex so hopefully that helps)

Anyone who is patient and willing to provide guidance would be a blessing, I realize the documentation is probably very clear but I do think it assumes a level of knowledge that some of us just do not possess. :slight_smile:
Chris.


(system) #2

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.