I have installed Graylog 2.4.5 in the on-prem server and then I configured & started winlogbeat in that machine and the graylog was started receiving events from the machine and it’s routed to specific stream.
Now I want to send the data to cloud server environment where the same Graylog 2.4.5 is running and I am able to send data from one graylog to another graylog using “Manage Outputs” and under manage output section I have GELF output in which I have given destination host & port details.
I verified in the cloud environment all the data was receiving successfullly but now I want to filter the data in the on-prem before it sending to cloud server.
As an example I want to send only security events data to the cloud server. Is it possible to filter out the data under manage outputs? (I can say elasticsearch query to filter data and then send it to cloud)
Is there any output plugin in Graylog (Manage outputs) which helps to filter data ?
Please let me know your thoughts and it would be very helpful.
Yes definitely this option will help me to forward certain data to another graylog server through manage outputs. @jan
I thought of using elasticsearch query to filter the data first and send the data to another graylog server either through manage output or someother way. Not sure whether this is the right approach to do…
let me know your thoughts and it will be helpful.
Let’s say I am getting metricbeats data to graylog and I want to send certain data to influxdb through graylog will that be possible?
I found this output plugin for sending data to Graphite through graylog
I thought of using elasticsearch query to filter the data first and send the data to another graylog server either through manage output or someother way. Not sure whether this is the right approach to do…
let me know your thoughts and it will be helpful.
You would use the output of one stream - that would be the Graylog way.
Let’s say I am getting metricbeats data to graylog and I want to send certain data to influxdb through graylog will that be possible?
Not sure what kind of data influx can work with, but sending metrics into a logging system and then to a metric system again isn’t the best idea. Why not send metrics directly into a metric system?
The plugin might work, but never used that myself. Give it a try and report to the community so everyone can learn.
@jan
Yes its possible I can send metricbeat data directly to influxdb Since metricbeat capturing data is in the form of time series but some operations in influx on time series data which is not possible in elasticsearch.
Also the graylog has an inbuilt kafka running which is more helpful to avoid the data loss when sending to another data store like elaticsearch, influx, graphite etc…
Currently I am following this way to send data to influx,
Metrics data → to kafka → from kafka → to influx.
If I am able to send data to influx directly through graylog then above solution doesn’t required
Is there any plugin in graylog to send data directly to influx?
