Help with RestAPI / Extractors

Hey All,

So I’m fairly new to RestAPI and trying to figure this all out and the best way to simplify my job while insuring everything is documented/updated properly.

So here is what my end goal is. I’d like all successful Windows Update installs to get an automatic Change Ticket put into our CMDB. My plan is to use Graylog to grab all the Windows Event Logs from each server using a Beats Collector and then get Graylog to export/post the successful install to my CMDB.

What I have done…

I’ve created a collector for my test server and using winlogbeat have all the Event Name - Setup Logs going into GrayLog.

I know that the winlogbeat_event_id is 2 for the messages I want to parse the information from.

The CMDB needs the following information…

The operation name “ADD” should be sent as a “POST attribute” with key “OPERATION_NAME”.
The technician key should be sent as a “POST attribute” with key “TECHNICIAN_KEY”.

Input Data for CMDB

{
    "operation": {
        "details": {
            "title": "title of the change",
            "technician": "administrator",
            "stagename": "completed",
            "statusname": "Windows Patch",
            "statuscomments": "Comments for status",
            "priority": "high",
            "description": "description of the change",
            "scheduledstarttime": "26 Apr 2013, 10:11:11",
            "servicesaffected ": [
                "email",
                "hardware"
            ]
        }
    }
}

What I need help with…

What’s the best way to take the data from the log file in GrayLog and use RestAPI or PowerShell to Post that information to the RestAPI of my CMDB. Would I use extractors or outputs? I’ve been looking at the Graylog RestAPI browser and I’m not sure which one I should be using.

Thanks for your help

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.