If the task is related to an issues or function that’s needed for Graylog to communicate with MongoDb or Elasticsearch I would utilize Graylog Documentation first, but this would very on the task. Let’s say it’s an UNASSIGNED shard/s on elasticsearch. I would resort to Elastic documentation for the procedure in solving this issue.
Elasticsearch Shard Issue
On the other hand, maybe I want to secure MongoDb with user and password I would consult MongoDb Documentation.
MongoDb User and Password
Once completed I will notice errors from graylog stating “Unable to connect to MongoDb” therefore I would utilize Graylog Documentation on solving the issue first.
Awhile back (i.e., 4 years ago) we thought there was a problem with our network. Wasn’t sure what could be the direct issue of this since there were a multiple switches and firewalls. After 4 days digging through logs on multiple devices, we found that a firewall port (53) was exhausted. We ended up correcting this issue but unfortunately it took 4.5 days.
So, the need to find a better way to resolve this in a timely manner. I had to figure out how I could extract this information to create an alert and notification.
We were using Raw/Plaintext UDP input which basically showed a couple fields and a block of log information in the Messages field. I wanted to configure this block of log information into specific fields which would create an alert. The need to simplify messages so it would not take as long to resolve this issue. Graylogs documentation came in handy on how to create extractors on an input.
I would give it a solid 4, for the simple reason that everything can be improved. Maybe having section specifically for the other services that correspond with Graylog (i.e., MongoDb, Elasticsearch, etc…). This way you don’t have to look elsewhere to solve some simple issues when setting up Graylog server. Just an idea, maybe the Troubleshooting section under Frequently asked questions can have its own section like Dashboard, Alerts, Streams, etc… does. To be honest Graylog has been rock solid, but were not talking about SSO here