JOIN GRAYLOG FOR OUR

ANNUAL CONFERENCE

Thursday,
October 21, 2021
10am-5pm CT
REGISTER NOW

Step 2: Documentation

Welcome to Step 2 in the Graylog Journey.
This week, let’s talk about your experience with Graylog documentation. In Step 1, members posted tips about the benefits of reading the documentation. Thank you for your responses! Let’s continue the journey by answering these questions and earning 1 Challenge Point:

  • When performing a task, do you read Graylog’s documentation before, after, or never?

  • Tell us a story about how Graylog’s documentation helped you solve a problem?

  • Or, tell us story about how you were unable to find the answer to a specific problem in the documentation. In that case, where did you find a solution?

  • Lastly, rate the documentation from 1 (low) to 5 (high). Let us know what you liked and what could be improved.

Hello @dscryber

If the task is related to an issues or function that’s needed for Graylog to communicate with MongoDb or Elasticsearch I would utilize Graylog Documentation first, but this would very on the task. Let’s say it’s an UNASSIGNED shard/s on elasticsearch. I would resort to Elastic documentation for the procedure in solving this issue.

Elasticsearch Shard Issue

On the other hand, maybe I want to secure MongoDb with user and password I would consult MongoDb Documentation.

MongoDb User and Password

Once completed I will notice errors from graylog stating “Unable to connect to MongoDb” therefore I would utilize Graylog Documentation on solving the issue first.

Awhile back (i.e., 4 years ago) we thought there was a problem with our network. Wasn’t sure what could be the direct issue of this since there were a multiple switches and firewalls. After 4 days digging through logs on multiple devices, we found that a firewall port (53) was exhausted. We ended up correcting this issue but unfortunately it took 4.5 days.

So, the need to find a better way to resolve this in a timely manner. I had to figure out how I could extract this information to create an alert and notification.

We were using Raw/Plaintext UDP input which basically showed a couple fields and a block of log information in the Messages field. I wanted to configure this block of log information into specific fields which would create an alert. The need to simplify messages so it would not take as long to resolve this issue. Graylogs documentation came in handy on how to create extractors on an input.

Extractors

I would give it a solid 4, for the simple reason that everything can be improved. Maybe having section specifically for the other services that correspond with Graylog (i.e., MongoDb, Elasticsearch, etc…). This way you don’t have to look elsewhere to solve some simple issues when setting up Graylog server. Just an idea, maybe the Troubleshooting section under Frequently asked questions can have its own section like Dashboard, Alerts, Streams, etc… does. To be honest Graylog has been rock solid, but were not talking about SSO here :blush:

2 Likes

Excellent responses, gsmith! Your post is very process detailed, which makes it super-helpful to the community. Looking forward to seeing your future responses to our Graylog Journey questions, and other community members following with their posts as well.

1 Challenge Point Awarded

I always read documentation of every product I deploy. It’s my mindset to better understanding a product it’s a way to success. And graylog was no difference. So if I’ve got stuck in small problem, official documentation for my first step. Usually there is very detailed explanation, or if not, at least there are some advice how to carry on.

For small group of graylog users I’ve needed to create own role with limited permissions in the past. First step was obvious, open RestAPI Browser and create role. But one thing was missing, supported permissions. Another look in official docs solved my problem very quickly. I’ve navigated to section permission system where I’ve found curl command to list all supported permissions. Another steps were very simple, find a right combination of permissions what created role and assign to new users.

Once I’ve discovered power of pipeline rules I’ve started play with this wonderful feature more and more. Documentation contains some examples, but not for all pipepeline rules functions. So I’ve search forum and found one older post with URL to source code in github with tests that contains nice examples for all pipeline functions:

Another nice source of examples is Graylog Knowledge Base with lot of examples. I think that lot of people don’t know about it.
https://graylog.zammad.com/help/en-us

I would rate it 4. I’ve read lot of docs for opensource projects and in first place is definitely documentation of Zabbix. In second place is Graylog, because it contains not only how to configure product, but also nice theory how to create log management more powerful with lot of examples. Mark 4 because sometimes docs missing description of some features in more detail, and you have to use trial and error to find how it works. It’s especially true for widgets in dashboards. It’s so powerful but documentation is not enough, only some examples for some type of widgets not all. So this is definitely a part to improve, because also lot of people ask in forum for how to use widgets.

1 Like