Graylog integration with Grafana

ayoub92 · May 14, 2019, 10:14am

hello grafana community,
I ask for help please, , in my workspace, i installed graylog 2.5 (Os: centos7) and I collect the logs of several device . i am really stuck, i dont know a lot about Grafana…help please how integrate Grafana witch Gralog please.
I followed whole step in the link of graylog marketplace, but i couldn’t make the graylog integration with Grafana (os: centos7)

Thanks

pooh · May 14, 2019, 10:35am

What are you using for your Grafana data source?

In other words, where is telegraf sending the data it collects using this
graylog plugin?

Antony.

ayoub92 · May 14, 2019, 3:53pm

I just installed installed telegraf ( yum install telegraf) , os : centos7 … I just installed influxdb ,telegraf, Grafana, I did not configure anything else… I have not configured it
…i don’t know a lot about Telegraf… I collect logs with graylog and I want to make dashboards logs with Grafana …please help
thanks

ayoub92 · May 15, 2019, 6:32am

Hi @pooh On second paragraph: “This dashboard uses Graylog plugin from Telegraf.”
please look at this link

I configured this file in /etc/telegraf/telegraf.d/graylog.conf but I want to know the integration how is done after. i am really stuck please help

pooh · May 15, 2019, 9:22am

Hi Pooh
On second paragraph: “This dashboard uses Graylog plugin from Telegraf.”
please look at this link
the NEW Marketplace - Graylog Community

Yes, I read that link from the first time you posted it. It tells me how
telegraf is getting data from graylog. It doesn’t tell me where telegraf is
sending the data afterwards (because this plugin doesn’t care - it can be
used with any backend storage you like; it’s just for getting data from a
different source).

I configured this file in /etc/telegraf/telegraf.d/graylog.conf but I want
to know the integration how is done after. i am really stuck please help

telegraf takes data from one source and sends it to another. It understands
lots and lots of input formats, and with the plugin you’ve added, it now
understand another one.

However, telegraf also needs to know where to send the data to, and this is
presumably going to be the same data store that you tell Grafana to read and
display from.

I hope that helps to explain how things fit together:

graylog -> telegraf -> data store -> Grafana

You need to decide which data store is best for your needs, depending on what
sort of data it is and how you want Grafana to be able to query it.

Regards,

Antony.

ayoub92 · May 15, 2019, 9:43am

Hello @pooh
So thank you and thank you for explanation ```
graylog → telegraf → data store → Grafana

can i connect with elasticsearch ???
https://qbox.io/blog/how-to-use-grafana-to-pull-data-from-elasticsearch

![aooo|690x237](upload://tKBGZO4HDVTYhJXJItgZxv1HOd0.png)

ayoub92 · May 15, 2019, 9:45am

example of answer on the combination between graylog and Grafana

ayoub92 · May 15, 2019, 9:55am

ayoub92 · May 15, 2019, 10:30am

@pooh
I’m sorry for bothering you I am under pressure, I have to find a solution to see the log dashbords with grafana … a few more days I have to finish my project

https://grafana.com/dashboards/2549

pooh · May 15, 2019, 1:32pm

I’m sorry, but this is not my job. I contribute here when I have time and
sufficient expertise to answer someone’s question. The thing which is my job
takes priority.

Someone else here may be able to help you, and someone else here may have
experience with graylog (which I do not), but I don’t believe I have anything
further to contribute on this question beyond what I’ve already said.

It sounds to me as though your problem is that you have not configured the data
store between telegraf and Grafana, however that is a guess on my part.

My only experience of connecting these two is by using InfluxDB, and there are
plenty of tutorials and guidelines on the Internet for getting those three
working together. My experience is that telegraf needs to be told to write to
Influx, Influx needs no configuration whatsoever, and Grafana can then be
configured to get its data from Influx, the whole setup of which I found pretty
simple (especially the Influx part).

If you need further help from anyone here, I suggest you explain ina bit more
detaisl what you have trie to do to get things working and what specific
problem you are running into.

Simply saying “I configured this telegraf input plugin and I can’t get Grafana
to work” leaves out so much detail that we don’t know what you’re trying to do
(or have done) with the bits in the middle, and which bit may be missing or
incorrect.

Regards,

Antony.

ayoub92 · May 16, 2019, 8:26am

Hello @pooh i create a dashboard use this elasticsearch Data Source graylog + grafana on the same machine and the same @ip graylog port 9000 and grafana 3000 but i’m not sure that grafana work corecttly in me my case… in my project I collect the logs of Firewall Palo alto and switch cisco, I want to see their dashboards

ayoub92 · May 16, 2019, 8:28am

in my project I collect the logs of Firewall Palo alto and switch cisco, I want to see their dashboards this graph that is displayed it tells me nothing !!

voiprodrigo · June 11, 2019, 12:50am

You need to better understand how to create queries for Elasticsearch. For meaningful dashboards that tell you more than the number of events on a specific index per interval period (which is the default query), you’ll probably want to add a group by for some term (like “source” perhaps), and also search for something particular. Grafana will not import Graylog dashboards for you, you need to create them with graph panels and queries.

mfzhsn · April 6, 2020, 5:21am

For my understanding,

I have Graylog as syslog
and I have installed Grafana, I am unable to connect between them. Do I need telegraf mandatory ? Can i not connect directly to Elastic-Search ?