How to explore existing Elasticsearch index data?

arda · January 23, 2019, 12:41pm

Hi,

I am currently using AWS Elasticsearch service. AWS CloudWatch sends the log data to AWS Elasticsearch.
I have daily indexes created as below through a Lambda function which sends the CloudWatch logs to AWS Elasticsearch.

cwl-2019.01.23
cwl-2019.01.22
cwl-2019.01.21

I could not explore these index data through GrayLog. I don’t want to create an input on GrayLog. I just want to explore already existing elastic data on GrayLog. Is it possible or not?

Thanks

jan · January 23, 2019, 12:57pm

what you request is not possible with Graylog.

arda · January 23, 2019, 1:04pm

Thanks for the response. Why impossible? How can I use Graylog with AWS Elasticsearch & AWS CloudWatch Logs?
As I understand, I must ingest logs to Graylog somehow and Graylog writes to elastic; but I could not find a way for AWS CloudWatch logs.

macko003 · January 23, 2019, 1:29pm

GL read only the index set’s what you define (you know there is a settings about the name of the indices…)
GL stores a lot of hidden information about the message in elasticsearch (search, show all fields)

jan · January 23, 2019, 1:42pm

Why impossible? How can I use Graylog with AWS Elasticsearch & AWS CloudWatch Logs?

I do not say it is impossible - but I wrote that what you request is not possible.

As @macko003 wrote Graylog needs to process the message as some additional (meta) information are stored together with the message. Such what user is allowed to see the information etc. That is why you would need to ingest the AWS Logs to Graylog, let Graylog process the messages and then store in AWS Elasticsearch.

Graylog is not like Kibana, that is the reason what you request is not possible.

mgue · January 24, 2019, 10:51am

Hi,
I am rather new to graylog and log-monitoring but I am glad I found this post the other day, I was trying to figure out the same issue, for almost 3 months now.

In addition to the last posts, would it be possible to create a pipeline for logs from filebeat, into logstash, into graylog, then into Elasticsearch?

If it is not allowed to ask “new” questions in one post, then just tell me and I will start a new discussion.

Thanks

jan · January 24, 2019, 11:16am

it is prefered to move nw questions over to new topics.

but you can ingest filebeat direct into Graylog - no need of a logstash in between. Check the getting started guide: http://docs.graylog.org/en/2.5/pages/getting_started/planning.html

mgue · January 24, 2019, 11:32am

Ayght, will keep it in mind on future posts.

Thanks for the reply

system · February 7, 2019, 11:32am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Send Cloudwatch Logs directly to AWS Elasticsearch (without plugin) Graylog Central (peer support)	4	2518	June 25, 2018
Existing Elasticsearch and Graylog Graylog Central (peer support)	5	3043	September 26, 2017
Adding old data from a graylog 3 to a new Graylog 3 Graylog Central (peer support)	4	585	May 12, 2020
How to collect data from elasticsearch in gyaylog? Graylog Central (peer support)	2	348	July 31, 2020
Graylog using ECS format index Graylog Central (peer support)	7	907	August 17, 2022

How to explore existing Elasticsearch index data?

Related Topics