In this video we’ll have a look at content packs, a convenient way to share configuration data. Items like parsing rules, alerts, and dashboards can all be shared with this interesting feature. You can find a broad range of different content packs in the Graylog Marketplace.
Content Packs and the Graylog Marketplace
Content packs can be found out on the Graylog Marketplace website by clicking on the button with the same name. Once you access the Content Packs subsection of the Marketplace, you can sort through them by clicking on the respective tabs, and then download the one you prefer from Github. Once you download the JSON file, you can import it into the system.
Installing the Content Pack
Just go the Graylog web interface, and click on the System/Content packs tab, and select “Content Packs.” Then click on the “Upload” button, and choose the location of the JSON file you downloaded earlier. You can now see the name of the package you just downloaded (in the video example it’s a DNS Security content pack), and check it’s version number and whether it has the “installed” tag near its name.
Now, just click on the “Install” button, and you will see a panel containing additional information about the content pack, such as the different types of inputs or dashboards that it might have. This panel will provide you with a quick overview of everything you’re going to import, as well as other parameters needed to configure the pack properly. You can find all this info in the respective readme file you downloaded together with the JSON file. Once you’re satisfied with setting up all these parameters, you can click on install to finish installing the content pack.
You can click on the name of the content pack to access another panel where you can find additional info, and the Uninstall option if you want to remove it. You can also uninstall it from the Content Packs menu by clicking on “More Actions” – “Delete all versions.” Once the pack is uninstalled, you can also delete it by clicking “Actions” – “Delete.”
If you want to check whether the pack is actually working, you can go into the different fields that were imported. In the video example, the DNS Security pack imported a dashboard so you’re going to find a DNS Summary dashboard in the respective panel.
That’s all you need to know how to harness the full power of the Content Pack feature, install, and remove them. Happy logging!