Graylog

Consume Graylog API (v.1.1.0)

Actions20

Legacy Actions
Decorators Actions
Exports Actions
Messages Actions
Metadata Actions
- Posted Search
- Given Search
Saved Actions
- GET
Suggestions Actions
- Suggest Field Value
Validation Actions
- Validate Search Query

Overview

The Graylog node for n8n allows you to interact with the Graylog API, specifically using the "Legacy" resource and the "Search Relative" operation. This operation enables users to perform searches on log data within a relative timeframe using Lucene query syntax. It is particularly useful for retrieving logs that match specific criteria over recent periods (e.g., last 5 minutes, last hour), which is common in monitoring, alerting, and troubleshooting scenarios.

Practical examples:

Fetch all error logs from the past 10 minutes.
Retrieve login attempts for a specific user in the last hour.
Aggregate and analyze log messages matching certain patterns for operational dashboards.

Properties

Name	Type	Meaning
Authentication	options	The authentication method to use for connecting to Graylog ("Token Authentication" or "Basic Authentication").
Query	string	The search query in Lucene syntax. Required.
Additional Fields	collection	Optional fields to refine the search: - Range: Relative timeframe to search in. - Limit: Maximum number of results. - Offset: Number of results to skip. - Filter: Additional filter expression. - Fields: Comma-separated list of fields to return. - Sort: Field to sort results by. - Decorate: Whether to decorate the results (boolean).
Simplify	boolean	If true, simplifies the output structure.
Simplify Path	string	(Optional) Path to the property that should be returned when simplifying the output.

Output

The node outputs a json field containing the search results from Graylog.
The structure of the output depends on the "Simplify" and "Simplify Path" options:
- If Simplify is enabled, only the specified part of the response (or a simplified version) is returned.
- Otherwise, the full response from Graylog's search API is provided.
If binary data is ever returned (not typical for this operation), it would represent exported log data or attachments.

Dependencies

External Services: Requires access to a running Graylog instance with API enabled.
API Credentials:
- Token Authentication: Needs a valid Graylog API token.
- Basic Authentication: Needs a valid username and password.
n8n Configuration: Credentials must be set up in n8n as either "graylogTokenApi" or "graylogBasicApi".

Troubleshooting

Common Issues:

Authentication Errors: Invalid or missing credentials will prevent connection. Ensure correct credential type and values are configured.
Query Syntax Errors: Malformed Lucene queries may result in errors from Graylog. Double-check your query syntax.
Insufficient Permissions: The Graylog user may lack permissions to perform searches or access certain fields.
Empty Results: If the time range or filters are too restrictive, no results may be returned.

Error Messages:

"401 Unauthorized" – Check your credentials and authentication method.
"400 Bad Request" – Likely due to invalid query syntax or parameters.
"Connection refused" – Ensure the Graylog server URL is correct and accessible from n8n.