Use the API to query for the source IP (g2_remote_ip) over a specified timeframe

jtripp · September 6, 2019, 9:42pm

To ensure that source devices have sent logs during a relative timeframe, I would like to query the API for a list of message source IPs rather than get results from the Source field. It appears that the gl2_remote_ip field is available for this information. However, GET /sources is the only current API option to query for this type of information.

The results are often a mix of hostnames and IPs on our system, depending on the configuration of the source device, and I would like a consistent output. I am guessing that replacing the Source field with gl2_remote_ip as logs are received in a pipeline places additional resource overhead on servers, so it is not my preference.

Is there a way to query the API for gl2_remote_ip in this way, or should this question be an API Development feature suggestion?

jan · September 9, 2019, 7:20am

Why not normalize the source to hold ip’s or hostname? That would be my first idea to have it consistent in your environment …

That would also allow you to use the already given API - because that is the most easy solution.

system · September 23, 2019, 7:20am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Search by source IP Graylog Central (peer support)	4	7383	December 4, 2018
Issue with gl2_remote_ip Graylog Central (peer support) pipeline-rules , debuggingpl	4	3093	February 27, 2018
Extract raw source IP from message? Graylog Central (peer support)	2	1983	April 21, 2017
Can I get source IP from messaged logged via GELF UDP? Graylog Central (peer support) pipeline-rules , debuggingpl	12	2129	May 20, 2021
How to find ip address of the source Graylog Central (peer support)	6	12065	November 2, 2018

Use the API to query for the source IP (g2_remote_ip) over a specified timeframe

Related topics