Graylog

Consume Graylog API (v.1.1.0)

Actions20

Legacy Actions
Decorators Actions
Exports Actions
Messages Actions
Metadata Actions
- Posted Search
- Given Search
Saved Actions
- GET
Suggestions Actions
- Suggest Field Value
Validation Actions
- Validate Search Query

Overview

The Graylog node for n8n allows you to interact with the Graylog API, specifically to export search results from messages. This is useful in scenarios where you need to automate the extraction of log data or search results from your Graylog instance for further processing, reporting, or integration with other systems.

Common use cases:

Exporting filtered log messages for compliance or auditing.
Automating the download of search results for analysis in external tools.
Integrating Graylog search exports into larger monitoring or alerting workflows.

Example:
You could set up a workflow that runs a specific search in Graylog every night, exports the results as a file, and sends it via email or uploads it to cloud storage.

Properties

Name	Type	Meaning
Authentication	options	The authentication method to use (Token Authentication or Basic Authentication).
Additional Fields	collection	Optional parameters to refine the export, such as Search Id, Timerange, Filename, Limit, etc.
Simplify	boolean	If enabled, simplifies the output structure for easier downstream processing.
Simplify Path	string	Path to a specific property in the response to return when simplifying output.

Details on Additional Fields:

Search Id: ID of the search to export results from.
Timerange From/To: Define the time window for the search.
Timerange Type: Specify the type of timerange (e.g., absolute, relative).
Filename: Desired name for the exported file.
Limit: Maximum number of results to export.
Time Zone: Time zone context for the search.
Fields In Order: Specify which fields to include and their order in the export.

Output

The node outputs a json field containing the exported search results from Graylog.
If the "Simplify" option is enabled, the output may be reduced to a specific property or simplified structure, optionally using the "Simplify Path".
If binary data is returned (e.g., exporting as a file), the output will contain a binary field representing the exported file.

Dependencies

Graylog Instance: You must have access to a running Graylog server.
API Credentials: Requires either a Token or Basic Authentication credentials configured in n8n:
- graylogTokenApi for token-based authentication.
- graylogBasicApi for username/password authentication.
n8n Configuration: Ensure the appropriate credentials are set up in n8n's credential store.

Troubleshooting

Common Issues:

Authentication Errors:
- Error: "Invalid credentials" or "401 Unauthorized".
  Resolution: Check that the correct authentication method and valid credentials are provided.
Missing Required Fields:
- Error: "Search Id is required" or similar.
  Resolution: Ensure all necessary additional fields (like Search Id) are filled out.
Export Limitations:
- Error: "Result set too large" or timeouts.
  Resolution: Use the "Limit" field to restrict the number of results, or narrow the timerange.
Output Structure Confusion:
- Issue: Output is more complex than expected.
  Resolution: Enable "Simplify" and/or specify a "Simplify Path" to extract only the needed part of the response.