I have setup extremely useful dashboards in Graylog that aggregate network traffic to better understand nefarious patterns and take corrective actions. However, I’m interested in automating this process for obvious reasons. Is there a way to push or pull these data to python?
For example: I have a dashboard data-table that shows blocked connections by ip address per minute. I’d like these data within python for further analysis and actions (through scripts running on the graylog server itself).
If this isn’t possible through the Graylog API, is it possible to query Elasticsearch directly?
I apologize if this has been answered or is in the wrong location, but I haven’t been able to find a satisfactory answer (most posts appear more interested in getting data into Graylog). As a newbie, it appears that Graylog is very flexible and powerful and could easily provide this functionality. Am I barking up the wrong tree? Thanks!
Thanks so much for your response, @gsmith! I’m very much a newb, so I appreciate it.
I did discover the API browser and after some trail and error have been able to get JSON responses containing the full messages that could be parsed and aggregated into the datasets of concern (next step tokens). But it seems like it would be more efficient on a couple fronts to have the ability to directly request the aggregated tables within dashboards. I’ll keep poking about, but would appreciate any breadcrumbs the community could provide.
You will find most of your setting within MongoDb. Depending on what version is being used, I noticed MongoDb metadata for Graylog dashboards are now under Views.