Graylog

Consume Graylog API (v.1.1.0)

Actions20

Legacy Actions
Decorators Actions
Exports Actions
Messages Actions
Metadata Actions
- Posted Search
- Given Search
Saved Actions
- GET
Suggestions Actions
- Suggest Field Value
Validation Actions
- Validate Search Query

Overview

The Graylog node's "Validation" resource with the "Validate Search Query" operation is designed to validate search queries written in Lucene syntax against a Graylog instance. This is useful for users who want to ensure their search queries are syntactically correct and compatible with Graylog before executing them, reducing errors in log management workflows.

Common scenarios:

Validating user-inputted search queries in automated log analysis pipelines.
Pre-checking complex queries before running them on large datasets to avoid runtime errors.
Integrating query validation into approval or review processes for security and compliance.

Practical example:
A DevOps engineer can use this node to automatically check if a new log search filter (in Lucene syntax) is valid before deploying it to production monitoring dashboards.

Properties

Name	Type	Meaning
Authentication	options	The authentication method to use for connecting to Graylog ("Token Authentication" or "Basic Authentication").
Query	string	The search query in Lucene syntax that needs to be validated.
Additional Fields	collection	Optional advanced parameters such as timerange type, streams, and custom parameters for the query.
Simplify	boolean	If enabled, returns a simplified output structure.
Simplify Path	string	(Optional) Specifies a path to a property in the response to return only that part.

Output

The node outputs a json field containing the result of the query validation from Graylog.
If "Simplify" is enabled, the output may be reduced to a specific property or structure, optionally filtered by "Simplify Path".
The exact structure depends on the Graylog API's response for query validation, but typically includes:
- Validation status (e.g., valid/invalid)
- Error messages or details if the query is invalid
- Possibly additional metadata about the query

Note:
This node does not output binary data.

Dependencies

External Service: Requires access to a Graylog server with the appropriate API endpoints enabled.
Authentication: Needs either a Graylog API token or username/password credentials, depending on the selected authentication method.
n8n Credentials: Must configure either "graylogTokenApi" or "graylogBasicApi" credentials in n8n.

Troubleshooting

Common issues:

Invalid Credentials:
Error message: "Authentication failed" or similar.
Resolution: Ensure the correct credentials are set up in n8n and have sufficient permissions.
Malformed Query:
Error message: "Query is not valid Lucene syntax" or detailed error from Graylog.
Resolution: Double-check the query syntax; refer to Lucene Query Syntax documentation.
Connection Errors:
Error message: "Cannot connect to Graylog server" or timeout errors.
Resolution: Verify network connectivity and Graylog server URL.
Missing Required Fields:
Error message: "Query is required" or similar.
Resolution: Ensure all required fields, especially "Query", are filled in.