Before you post: Your responses to these questions will help the community help you. Please complete this template if you’re asking a support question.
Don’t forget to select tags to help index your topic!
1. Describe your incident:
developing a batch file to query graylog server
2. Describe your environment:
-
OS Information:
-
Package Version:
Graylog 5.2.4+ec33db8 on (Eclipse Adoptium 17.0.10 on Linux 5.15.0-94-generic) -
Service logs, configurations, and environment variables:
3. What steps have you already taken to try and solve the problem?
4. How can the community help?
When I do a basic search in Graylog search, say TargetUserName:FLastname, I get dramatically different results than when I use the same(?) search via curl:
curl -u %CRED%:token -H "Content-Type: application/json" -H "Accept: text/csv" -g -X GET "http://syslog:9000/api/search/universal/relative?query=TargetUserName:%ans%&fields=TargetUserName,LogonType,WorkstationName,IpAddress"
Clearly, I’m trying to get Logon history for a specified user, defined in %ans% variable.
Helpful Posting Tips: Tips for Posting Questions that Get Answers [Hold down CTRL and link on link to open tips documents in a separate tab]