Graylog has a comprehensive and robust REST API. The Graylog web interface exclusively uses the REST API to interact with the Graylog cluster for both analytics and configuration. While the REST API is exceptional at interacting with data for analysis, the real power of the API comes in when using automation tools. Graylog uses the API to interact with other systems, such as monitoring tools and ticketing systems.
Many customers also have current management platforms to monitor many tools at one time. You can use the REST API to extend those tools to pull data from Graylog to enrich what is currently collected. Many customers like to create high priority dashboards to know when their websites are having issues with slow response--Graylog’s REST API can deliver.
Security for the REST API has been thought of as well. No tool that’s key in the monitoring of your infrastructure should be open to anyone. If attackers can look at all your data in one centralized spot, most of their work has been done for them. Graylog doesn’t use clear text credentials, but rather allows creation of access tokens for authentication.
While the possibilities of the REST API are quite numerous, a few examples of what has been done with it are as follows:
- Automate hourly/daily queries into the data set, and then send a report with the search results
- Display data in your central dashboard of your SOC/NOC
- Create workflows for support teams, allowing them quick access to the data they need
- Automation of archive related tasks, allowing for quick restoration of logs or deletion of old logs if no longer needed