I want to know if its possible to search based on input from a dynamic list. Either a lookup table or csv file. I have a requirement to search an index for specific behaviour of a particular user. The user list is mostly static but will be updated when new users are added/removed. Is this possible in graylog? I looked into inputs like the json path or plaintext tcp but I can’t see any functionality to feed the results of one search into another. Does this functionality exist in community graylog 2.x-3.x?


Do I understand you correct:

  • you want to have automated search
  • what you search should be in a file you can update

If the above is true, that is not possible with Graylog. When I got you wrong, please rephrase your question.

@jan Yes that’s correct. I have a list of users and I want to find out the activity those users are performing. The list is mostly static but could be updated. Is this possible with any enterprise features? We are considering enterprise for our organization as well.

Graylog is not a search bot in your Logs - means you do not hand some data and queries over and get a result.

What you can make in Graylog (Enterprise)

  • get the Data into Graylog
  • make all data contain the user information in a specific field
  • create a parameter view of all data and information you want to see for a user

this way you just type in the username and will see all activities of a user - but to be alerted if the user behave different that is not possible.

