Best Practices Webinar Series | #2 | Parameterized Dashboards

In this video, Jeff Darrington presents the second session of Graylog’s series, “Go from Reactive to Fully Proactive with Graylog.” The session focuses on how to leverage parameterized searches and dashboards to enhance visibility and streamline investigations. Jeff demonstrates how to create flexible searches using parameters for various use cases, such as user activity tracking and vulnerability identification, and how to build dashboards that provide insights and enable proactive monitoring.

Video key takeaways:

  • Learn how to use parameterized searches in Graylog to streamline investigations and reduce repetitive searches.
  • Discover how to create dashboards that aggregate data and provide real-time insights into user activity and security events.
  • Explore how to automate reporting and monitoring using saved searches and dashboards, enabling proactive security measures across teams.

Welcome to this three-part series, “Go from Reactive to Fully Proactive with Graylog.” Today, data volume and complexity are expanding, leading many to work reactively. We’ll guide you in becoming fully proactive to save time.

I’m Jeff Darrington, Senior Technical Marketing Manager at Graylog, and welcome to Session Two: “Parameterized Search and Dashboards.” Following alerts and notifications in Session One, we’ll now dive into investigations using Graylog’s flexibility with parameterized search and dashboards to enhance your visibility and response to common search issues.

Let’s start with parameterized dashboards. They enable deeper visibility and faster root-cause analysis. We’ll begin with a search in my Graylog instance. Here, we’ll start by searching for a test user and extending data across messages. Using the username field, we can declare and configure parameters to avoid manually typing each query. You can modify parameters, like turning them into dropdowns for selecting multiple users quickly.

Once the parameter is set, we can use this to aggregate data and display it in various formats like data tables or pie charts. These visuals provide insight into user activity. For instance, selecting an administrator account can show audit logs and system processes, allowing us to identify key events quickly.

We can then save these searches as dashboards, which allows automated reporting on individual user activity, such as high-privilege accounts like administrators. These dashboards make investigations efficient and easy to share across teams.

Moving on, we can also create parameters for security use cases, such as searching for known vulnerabilities using hash values (e.g., MD5, SHA-256). You can configure parameters to expand searches across different hash types, allowing easy identification of compromised systems.

By combining multiple parameters—like usernames and hash values—within the same query, we can perform complex investigations on systems and users. With these saved searches, we streamline investigations, eliminate repetitive searches, and enable proactive monitoring.

Finally, as shown in an additional example, parameters can track building access via security logs, letting teams monitor specific departments or users. This automation reduces manual effort and improves security visibility.

To recap, start by searching and identifying events, parameterizing searches, building out dashboards, and sharing them with your team to turn reactive practices into proactive, efficient monitoring with Graylog.

Let’s move on to the Q&A.