Graylog dashboard

Graylog Central (peer support)
1

Before you post: Your responses to these questions will help the community help you. Please complete this template if you’re asking a support question.
Don’t forget to select tags to help index your topic!

1. Describe your incident:

need help to make dashboard

2. Describe your environment:

  • OS Information:Graylog,Mikrotik,cisco,

  • Package Version:

  • Service logs, configurations, and environment variables:

3. What steps have you already taken to try and solve the problem?

4. How can the community help?

Can anyone suggest me how to do this type of dashboard.

WhatsApp Image 2024-02-18 at 3.36.46 PM
WhatsApp Image 2024-02-18 at 3.36.46 PM1600×499 125 KB

Helpful Posting Tips: Tips for Posting Questions that Get Answers [Hold down CTRL and link on link to open tips documents in a separate tab]

2

Have you already parsed the messages into individual fields?

3

No, This pic is just a sample.

4

So that’s going to be your first step, if you can post some examples of how the messages looks when they come in we can point you in the right direction. Once you have it parsed the rest is relatively easy.

5

firewall,info TCP_: TCP_ forward: in:TO_DIST_1_BONDING out:vlan238_INT, connection-mark:Padma connection-state:established,snat src-mac 18:fd:74:8c:7d:c8, proto TCP (ACK,FIN,PSH), 10.73.12.133:59476->31.13.64.18:443, NAT (10.73.12.133:59476->103.234.203.69:59476)->31.13.64.18:443, len 52

Screenshot 2024-02-19 020611
Screenshot 2024-02-19 0206111822×495 56.7 KB

6

Okay so GROK is probably the best option to parse that log. There are lots of posts about it, YouTube etc, it’s basically using regex to extract all the parts.

7

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.