Use the API to query for the source IP (g2_remote_ip) over a specified timeframe

jtripp · September 6, 2019, 9:42pm

To ensure that source devices have sent logs during a relative timeframe, I would like to query the API for a list of message source IPs rather than get results from the Source field. It appears that the gl2_remote_ip field is available for this information. However, GET /sources is the only current API option to query for this type of information.

The results are often a mix of hostnames and IPs on our system, depending on the configuration of the source device, and I would like a consistent output. I am guessing that replacing the Source field with gl2_remote_ip as logs are received in a pipeline places additional resource overhead on servers, so it is not my preference.

Is there a way to query the API for gl2_remote_ip in this way, or should this question be an API Development feature suggestion?

jan · September 9, 2019, 7:20am

Why not normalize the source to hold ip’s or hostname? That would be my first idea to have it consistent in your environment …

That would also allow you to use the already given API - because that is the most easy solution.

system · September 23, 2019, 7:20am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Extractor using gl2_remote_ip Graylog Central (peer support)	5	1319	February 7, 2019
Aggregation via API Graylog Central (peer support)	3	1425	July 31, 2020
Parsing Logs On Graylog Graylog Central (peer support)	8	8011	November 17, 2017
Logs of a source using api Graylog Central (peer support)	4	2368	November 8, 2021
Geolocation Processor empty geo fields Graylog Add-ons	12	4693	September 29, 2017

Use the API to query for the source IP (g2_remote_ip) over a specified timeframe

Related Topics