Tips & Tricks #2: Using the Graylog REST API

Did you know that Graylog comes with its own REST API and interactive API browser? The Graylog REST API is purpose-built for log management, and will enable you to easily integrate Graylog with other systems or your own customized scripts.

Why Use the Graylog REST API?

Every graylog-server node comes with a REST API that is the main communication interface for the graylog-web-interface. When setting up a graylog-web-interface, you may have noticed that you only need to tell it where to find graylog-server nodes to speak to. This is because the Graylog web interface communicates with Graylog servers only. It does not interact with any other system, not even with Elasticsearch.

This is beneficial for two reasons:

The API browser

.

 

The API browser lists all available calls grouped in categories. You see the URL that was called and can dynamically change parameters. With all this information you can replicate the calls using a tool like cURL and then ultimately build your own applications on top of the REST API.

 

 

The use cases are endless with Graylog’s REST API. For example, you could write a cron job that sends a report email every night based on search results, or you could display log information in a customized way. Some users have built their own web interface with very specific workflows for support teams on top of the Graylog REST API. All configuration and maintenance can be performed through API calls.

Get the Monthly Tech Blog Roundup

Subscribe to the latest in log management, security, and all things Graylog blog delivered to your inbox once a month.