Content Packs are collections of pre-built inputs, processing intelligence, display templates, and outputs (Alerts and Report). Content Packs were created to share configurations for popular types of devices, making the setup and configuration of these devices quick and consistent.
How it Works
You can find Content Packs on the Graylog Marketplace, where they are kept up-to-date by all users. Once downloaded, you can install content packs via the web interface. Content packs have built-in inputs, extractors, and streams to ensure the logs are collected and identified correctly before the processing begins.
Content Packs allow for the parsing of logs into readable and searchable fields. This parsing allows for quick analysis of the logs by searching and analyzing key fields. Dashboards have pre-built queries for the analyst to show relevant data to the data set and present them in a logical format.
Frequently Asked Questions
Where can I find content Packs?
You can find all created Content Packs at the Graylog Marketplace. You can also create your own Content Pack and share it with the community by uploading to the Marketplace.
What are inputs used for?
Inputs allow for the collection of the log data. This can be a simple UDP Syslog message, to a more advanced API collection method. Simply, it’s how to get log data into the processing side of Graylog. Many inputs are built into Graylog, but the Content Packs allow for expandability.
Are Content Packs customizable?
Yes, you can apply any encryption or signature mechanisms that your operating system offers. Just automatically run it over the files when they are written.