Get via http json only new records

andreaconsadoriw · April 9, 2019, 8:33am

Hi,
i’ve a working json http input but i see that if’ve no new infos the input continue to replicate the last value.

there’s a way to tell graylog to get only new value from json?

From Graylog
{ID=8870151220755677376, LoginID=8870151220755677376, Date=09/04/2019 08:21:43, User=Andrea Consadori (xxx@xxx.it), OperationLog=logged in, OperationType=1, Parameters={IP Address=172.16.xxx.254, Browser Type=NOTEBOOKxxx (Windows 10 Enterprise), Profile Type=Active Directory, Two step verification=No, Device Type=xxxx}}
{ID=8870151220755677376, LoginID=8870151220755677376, Date=09/04/2019 08:21:43, User=Andrea Consadori (xxx@xxx.it), OperationLog=logged in, OperationType=1, Parameters={IP Address=172.16.xxx.254, Browser Type=NOTEBOOKxxx (Windows 10 Enterprise), Profile Type=Active Directory, Two step verification=No, Device Type=xxxx}}
{ID=8870151220755677376, LoginID=8870151220755677376, Date=09/04/2019 08:21:43, User=Andrea Consadori (xxx@xxx.it), OperationLog=logged in, OperationType=1, Parameters={IP Address=172.16.xxx.254, Browser Type=NOTEBOOKxxx (Windows 10 Enterprise), Profile Type=Active Directory, Two step verification=No, Device Type=xxxx}}

From Json query
[
{
“ID”: 8870151220755677000,
“LoginID”: 8870151220755677000,
“Date”: “09/04/2019 08:21:43”,
“User”: “xxxxxx(xx.xxi@xxxx.it)”,
“OperationLog”: “logged in”,
“OperationType”: 1,
“Parameters”: {
“IP Address”: “172.16.xxx.xxxx”,
“Browser Type”: “NOTEBOOKxxxxx (Windows 10 Enterprise)”,
“Profile Type”: “Active Directory”,
“Two step verification”: “No”,
“Device Type”: “xxxxx”
}
},
{
“ID”: 8632463399569285000,
“LoginID”: 8632463399569285000,
“Date”: “09/04/2019 08:15:53”,
“User”: “yyyy (yyyy@yyyy.it)”,
“OperationLog”: “logged in”,
“OperationType”: 1,
“Parameters”: {
“IP Address”: “172.16.yyyy.yyyy”,
“Browser Type”: “curl/7.38.0”,
“Profile Type”: “yyyyy”,
“Two step verification”: “No”,
“Device Type”: “REST API”
}

on api side this is the only options i’ve

URL: /admin/audit METHOD: GET PARAMS: From: timestamp To: timestamp

macko003 · April 9, 2019, 1:14pm

You problem not so clear for me, but Graylog won’t make connection between messages.
All message processed when you send it in. So graylog will store the full message, it can’t recognize an “update” or it is a duplicated message.
Make sure you send your logs only once.

andreaconsadoriw · April 18, 2019, 7:51am

the issue is the following:

Json reqest reply me the last value even if not changed.

if i’ve 1 event per sencond or 1 event per minute and i set polling every second i’ll have 60 events in a minute even if i’ve no new event to grab

system · May 2, 2019, 8:04am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
JSON Path from HTTP API - I'm stuck Graylog Central (peer support)	1	688	August 19, 2017
JSON path from HTTP API - Restart Graylog Central (peer support)	2	968	March 22, 2018
Getting more from JSON Path from Http API Graylog Central (peer support)	9	2957	July 30, 2020
[Input] Generic HTTP :: JSON Graylog Tech Challenges pipeline-rules	8	1887	September 1, 2021
1Password JSON HTTP API Input Graylog Central (peer support)	1	16	February 28, 2025

Get via http json only new records

Related topics