Centralized Log API

In this tutorial we will lear hoe to use the Centralized Logs, Graylog API.

Instructions

Graylog has a global API accesible from its UI

  1. Log into the platform and go to “Centraliced Logs”

     

  2. Once in, go to “System/Node” menu and select “Nodes” option:

     

  3. On the Nodes screen, click on “Cluster Global API Browser“

 

This will show us a Swagger doc with the full Graylog’s API definition:

To use the API, you can just invoke any method from the Swagger UI. No extra authentication required as it works with SSO.

An other option is to call the methods programmatically or with a client such as Postman.

In that case we have to consider the possible authentication methods allowed by Graylog:

  1. Basic Authorization: Just use the Basic Authorization header with your onesait platform user and password.

  2. Use “Remote-User” header, having a valid onesait platform Oauth2 token on it.

  3. Use the “session” API from Graylog to get a session token, then use that token to invoke the rest of the methods you’ll need. You can follow the steps of this example in Graylog documentation.