Hey everyone, newb question here. I recently started a job with an organization.
The Security Officer asked me to check out Greylog and he gave me access with (i think minimal) permissions.
Told me to poke around, build a dashboard and learn the search syntax.
Problem occurs that following the docs I get nothing return for any style of aearch. Anyone have advice on this? Also the docs show a green create dashboard button that I dont see. Is that a permissions thing? Maybe something to do with different versions?
how you can search in your data hightly depends how they are normalized and what kind of data you have inside of Graylog. The documentation is the only help we can give without knowledge about the mentioned information: http://docs.graylog.org/en/2.4/pages/queries.html
If your Graylog looks different than the screenshots in the documentation that might be a permission issue or a version issue - but without the knowledge about your environment that can’t be answered.
What worked for me was to start working backwards… See all the log events that I have access to and then determine how I can query to make only one, or a few of these, show up…
When you access the Graylog GUI the default Search page should open up with all the messages you can view.
