Graylog search view configuration

In our app, we need to redirect users to the Graylog search page with a filled search query. It is not a big deal, because I can put it in URL params

But the problem is to set up an appropriate search view. Default search view is not applicable We need simply message table with two fields

I see these options:

1. Soft integration - most preferred option is to add this info to the URL, but as I know it is impossible fix me if it’s wrong!
2. Hard integration - create some objects beforehand in Graylog using its REST API
3. Hardest integration - make global default view for all searches - have no idea how to implement it

As part of option #2 I tried this:
I created empty search and then view for search

See below JSON’s

search:

{
    "id": "61ea7a5abc7fa78155d684b0",
    "queries": [{
            "id": "00000176-3d00-1d2c-be56-fa163e722ac5",
            "timerange": {
                "type": "relative",
                "range": 0
            },
            "query": {
                "type": "elasticsearch",
                "query_string": ""
            },
            "search_types": [{
                    "id": "00000176-3d00-1d2b-be56-fa163e711ac5",
                    "streams": [],
                    "type": "messages"
                }
            ]
        }
    ],
    "owner": "userName",
    "created_at": "2018-09-20T16:24:53.867Z"
}

view:

{
        "id": "61ea7a5abc7fa78155d61111",
        "type": "SEARCH",
        "title": "tasks search",
        "summary": "tasks search",
        "description": "Billops tasks search",
        "search_id": "61ea7a5abc7fa78155d684b0",
        "state": {
            "00000176-3d00-1d2c-be56-fa163e722ac5": {
                "titles": {
                    "widget": {
                        "49fc52ee-ed7c-4859-bd4d-2d9aac1bd3b4": "BO Messages"
                    }
                },
                "widgets": [{
                        "id": "49fc52ee-ed7c-4859-bd4d-2d9aac1bd3b4",
                        "type": "messages",
                        "config": {
                            "fields": [
                                "timestamp",
                                "message"
                            ],
                            "show_message_row": false,
                            "sort": [{
                                    "type": "pivot",
                                    "field": "timestamp",
                                    "direction": "Descending"
                                }
                            ]
                        }
                    }
                ],
                "widget_mapping": {
                    "49fc52ee-ed7c-4859-bd4d-2d9aac1bd3b4": [
                        "00000176-3d00-1d2b-be56-fa163e711ac5"
                    ]
                },
                "positions": {
                    "49fc52ee-ed7c-4859-bd4d-2d9aac1bd3b4": {
                        "col": 1,
                        "row": 1,
                        "height": 10,
                        "width": "Infinity"
                    }
                }
            }
        },
        "owner": "userName"
    }

And then view id injected to URL, query string appended as param

https://graylog-host.com/search/61ea7a5abc7fa78155d61111?q=processInstanceId%3A4c27e0e9-7888-11ec-b1a0-da395fa14702+AND+nodeId%3AT_ccb9eeea_5ba7_4041_ac4c_fd77f5432b78&streams=60d58b3411b14f3cb8e8c3d7&rangetype=relative&relative=0

It works, but there is one big problem I guess that an empty search is executed before my search. That’s why it works quite long…

I need any help)) Thanks!

PS: we use the free version of Graylog, version 3.3.8, and will migrate to version 4+

Hello && Welcome

You referring to when users login Graylog Web UI, you want them to see the saved searches? or perhaps a dashboard which is basically made up of saved search’s?

Correct me if I’m wrong but if you just want the user to login and go right to what you want them to see perhaps edit the user by navigating to System/Users and Teams.

Click on the user in question then edit that user/s. On the left under settings you will see this…

image945×456 21.9 KB

“Start page” config
Choose either Dashboard or Stream.

Example: I choose Dashboard ( AKA Saved search’s) and select the dashboard needed.
dashboard --> test

image972×460 22.8 KB

User logs in from GL Web UI, results Widget with two fields, done.

image1892×658 26.7 KB

This is GL 4.2, ES 7.10 and MongoDb 4.2

Hope that helps

hi!

No, every time different search query will be provided in URL param.
That’s why I can’t save search only once

Backend will provide different URLs for graylog, but all these URLs should be opened in custom view.

Hello,
My apologies , I assume the question was from

In layman’s terms, what exactly are you trying to do?

I need to show all searches in graylog in custom view.
The view should contain only one widget - messages table. with some NOT default columns.

The default view is not applicable for our users. Default view contains messages count widget and messages widget

Hello,

What version of Graylog do you have? Because what I showed you above will resolve this issue about a default view.

we use the free version of Graylog, version 3.3.8, and will migrate to version 4+

In my user preferences I don’t see this

image1055×553 29.6 KB

Hello,

Yeah, I forgot how 3.3.8 looks like and there have been a few changes to user authentication section.
Before upgrading you may want to look at this.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.