Hello,
What you need if the fields. Or create a Lookup tables and attach it to INPUT.
From what I do not see is a timestamp in those message, Bad but Elasticsearch puts a timestamp on it for you when it indices them. You could use that field.
All your howto’s are in Graylog Docs.
My best advice would be try it out, if it does not work Post it here what you have tried ( screenshots, Commands, etc…), so we can see what you did and give suggestions to help you. I think I gave you a running start. To be honest this forum does hold a lot a solutions.
Graylog does have a Event Correlation but its a paid version.
Actual this remind me, someone post here… They have a VPN dashboard.