Actions20
- Legacy Actions
- Decorators Actions
- Exports Actions
- Messages Actions
- Metadata Actions
- Saved Actions
- Suggestions Actions
- Validation Actions
Overview
The Graylog node for n8n allows you to interact with the Graylog API, specifically using the "Legacy" resource and the "Search Absolute" operation. This operation enables users to perform absolute time range searches on log data stored in Graylog, using Lucene query syntax and various filtering, sorting, and output customization options.
Common scenarios:
- Retrieving logs matching specific criteria within a defined time window.
- Filtering and sorting log results for further processing or alerting.
- Integrating Graylog search results into automated workflows for monitoring, reporting, or incident response.
Practical example:
You could use this node to fetch all error logs from your application between two dates, limit the number of results, and only return certain fields for downstream processing.
Properties
| Name | Type | Meaning |
|---|---|---|
| Authentication | options | The authentication method to use (Token or Basic Authentication). |
| Query | string | Query (Lucene syntax) to filter logs. |
| From | dateTime | Timerange start; defines the beginning of the search window. |
| To | dateTime | Timerange end; defines the end of the search window. |
| Additional Fields | collection | Optional settings such as Limit, Offset, Filter, Fields, Sort, and Decorate. |
| Simplify | boolean | If enabled, simplifies the output structure. |
| Simplify Path | string | Path to the property that should be returned when simplifying the output. |
Additional Fields options:
- Limit (number): Maximum number of results to return.
- Offset (number): Number of results to skip.
- Filter (string): Additional filter expression.
- Fields (string): Comma-separated list of fields to include in the result.
- Sort (string): Field to sort the results by.
- Decorate (boolean): Whether to decorate the results (typically adds metadata).
Output
- The node outputs a
jsonfield containing the search results from Graylog. - The structure of the output depends on the "Simplify" and "Simplify Path" options:
- If Simplify is enabled, the output will be flattened or reduced according to the specified path.
- Otherwise, the output mirrors the standard Graylog API response for an absolute search, typically including fields like
messages,total_results, and other metadata.
- If binary data is ever output (not typical for this operation), it would represent exported log data.
Dependencies
- External Services: Requires access to a running Graylog instance with API enabled.
- API Credentials:
- Token Authentication: Needs a valid Graylog API token.
- Basic Authentication: Needs a valid username and password.
- n8n Configuration:
- Credentials must be set up in n8n under "graylogTokenApi" or "graylogBasicApi".
- Environment Variables: None required by default, unless your n8n instance needs proxy or custom network configuration.
Troubleshooting
Common issues:
Authentication errors:
- Error message: "Invalid credentials" or "401 Unauthorized".
Resolution: Check that the correct authentication method and credentials are configured in n8n.
- Error message: "Invalid credentials" or "401 Unauthorized".
Query errors:
- Error message: "Invalid query syntax" or "400 Bad Request".
Resolution: Ensure your Lucene query syntax is correct.
- Error message: "Invalid query syntax" or "400 Bad Request".
Date/time errors:
- Error message: "Invalid date format".
Resolution: Use ISO 8601 format for the "From" and "To" fields.
- Error message: "Invalid date format".
No results found:
- Error message: No error, but empty results.
Resolution: Adjust your query, time range, or filters to match existing log entries.
- Error message: No error, but empty results.
Output structure confusion:
- Issue: Output is more complex than expected.
Resolution: Enable "Simplify" and specify "Simplify Path" if you want a specific part of the response.
- Issue: Output is more complex than expected.