Graylog

Consume Graylog API (v.1.1.0)

Actions20

Legacy Actions
Decorators Actions
Exports Actions
Messages Actions
Metadata Actions
- Posted Search
- Given Search
Saved Actions
- GET
Suggestions Actions
- Suggest Field Value
Validation Actions
- Validate Search Query

Overview

This n8n node interacts with the Graylog API to export search results. Specifically, it implements the "Export Search Result" operation for the "Exports" resource. The node allows users to specify a search ID and various optional parameters (such as time range, filename, limit, etc.) to customize the export. It supports both token-based and basic authentication.

Common scenarios:

Automating the extraction of log search results from Graylog for further processing or archiving.
Integrating Graylog exports into data pipelines for reporting, alerting, or compliance purposes.

Practical example:
A user wants to export the results of a specific Graylog search (by its ID) for the last 24 hours, save it with a custom filename, and process the data in subsequent n8n workflow steps.

Properties

Name	Type	Meaning
Authentication	options	The authentication method to use (Token Authentication or Basic Authentication).
Search Id	string	The unique identifier of the Graylog search whose results are to be exported.
Additional Fields	collection	Optional fields to further customize the export (see below for details).
Simplify	boolean	If true, simplifies the output structure.
Simplify Path	string	Path to the property that should be returned when simplifying the output.

Additional Fields (collection):

Timerange From (string): Start of the time range for the export.
Timerange To (string): End of the time range for the export.
Timerange Type (string): Type of time range (e.g., absolute, relative).
Filename (string): Custom filename for the exported file.
Time Zone (string): Time zone context for the export.
Limit (number): Maximum number of records to export.

Output

The node outputs the result of the Graylog export operation in the json field. The structure of this output depends on the response from the Graylog API and the "Simplify" option:

If Simplify is enabled, only the property specified by "Simplify Path" will be returned.
Otherwise, the full JSON response from the Graylog export endpoint is provided.

If the export includes binary data (e.g., a file), the node may output binary content, typically representing the exported search results file.

Dependencies

Graylog instance: You must have access to a running Graylog server with the appropriate API endpoints enabled.
Authentication: Requires either a valid Graylog API token or username/password credentials.
n8n Credentials: Set up "Graylog Token API" or "Graylog Basic API" credentials in n8n, depending on your chosen authentication method.

Troubleshooting

Common issues:

Invalid credentials: Ensure that the correct authentication method and credentials are selected and configured in n8n.
Missing or incorrect Search Id: Double-check that the "Search Id" matches an existing search in Graylog.
API connectivity problems: Network issues or incorrect Graylog API URLs can cause failures.
Insufficient permissions: The Graylog user associated with the credentials must have permission to export search results.

Possible error messages:

"401 Unauthorized": Check your authentication method and credentials.
"404 Not Found": The specified Search Id does not exist.
"400 Bad Request": One or more input parameters are invalid (e.g., malformed time range).