Graylog

Consume Graylog API (v.1.1.0)

Actions20

Legacy Actions
Decorators Actions
Exports Actions
Messages Actions
Metadata Actions
- Posted Search
- Given Search
Saved Actions
- GET
Suggestions Actions
- Suggest Field Value
Validation Actions
- Validate Search Query

Overview

The Graylog node for n8n allows you to interact with the Graylog API, specifically using the "Legacy" resource and the "Search Keyword" operation. This operation enables users to perform keyword-based searches on log data stored in Graylog, utilizing Lucene query syntax and additional filtering, sorting, and result customization options.

Common scenarios:

Searching logs for specific error messages or events using keywords.
Filtering logs within a certain range or by specific fields.
Integrating log search results into automated workflows for alerting, reporting, or further processing.

Practical examples:

Automatically searching for all ERROR-level logs containing a specific keyword and sending notifications if found.
Extracting log entries matching a complex query and exporting them to another system for analysis.

Properties

Name	Type	Meaning
Authentication	options	The authentication method to use (Token Authentication or Basic Authentication).
Query	string	The Lucene-syntax query string to filter log entries.
Keyword	string	The range keyword used to further refine the search.
Additional Fields	collection	Optional parameters to customize the search (limit, offset, filter, fields, sort, decorate).
Simplify	boolean	If enabled, simplifies the output structure.
Simplify Path	string	Path to the property that should be returned when simplifying the output.

Additional Fields (collection options):

Limit (number): Maximum number of results to return.
Offset (number): Number of results to skip (for pagination).
Filter (string): Additional filter expression.
Fields (string): Comma-separated list of fields to include in the response.
Sort (string): Field to sort the results by.
Decorate (boolean): Whether to decorate the results (typically adds extra metadata).

Output

The node outputs a json field containing the search results from Graylog.
If the Simplify option is enabled, the output may be reduced to only the specified path (Simplify Path), making it easier to work with specific parts of the response.
The structure of the output will generally reflect the Graylog API's response for a keyword search, which typically includes an array of log messages and associated metadata.

Note: If binary data is ever output, it would represent exported log data or attachments, but this operation primarily returns JSON.

Dependencies

External Services: Requires access to a running Graylog instance with API enabled.
API Keys / Credentials:
- Token Authentication: Needs a valid Graylog API token.
- Basic Authentication: Requires a username and password for Graylog.
n8n Configuration: Credentials must be set up in n8n as either "Graylog Token API" or "Graylog Basic API".

Troubleshooting

Common issues:

Authentication errors: Occur if credentials are missing, invalid, or do not have sufficient permissions. Ensure the correct authentication method and credentials are selected.
Query errors: Invalid Lucene queries or unsupported keywords can cause errors. Double-check your query syntax and keyword values.
Empty results: May occur if the query does not match any log entries or if filters are too restrictive.

Error messages and resolutions:

"Invalid credentials": Check your API token or username/password.
"Failed to connect to Graylog": Verify the Graylog server URL and network connectivity.
"400 Bad Request": Review your query and additional fields for correctness.
"No results found": Adjust your query or remove unnecessary filters.