在我们的应用程序中,我们需要使用填充的搜索查询将用户重定向到 Graylog 搜索页面。这没什么大不了的,因为我可以把它放在 URL 参数中
但问题是要建立一个合适的搜索视图。默认搜索视图不适用 我们只需要包含两个字段的消息表
软集成 - 最首选的选项是将此信息添加到 URL,但据我所知,这是不可能的 :( 如果错了,请纠正我!
硬集成 - 使用其 REST API 在 Graylog 中预先创建一些对象
我试图创建空搜索,然后查看搜索
请参阅下面的 JSON
搜索:
{
"id": "61ea7a5abc7fa78155d684b0",
"queries": [{
"id": "00000176-3d00-1d2c-be56-fa163e722ac5",
"timerange": {
"type": "relative",
"range": 0
},
"query": {
"type": "elasticsearch",
"query_string": ""
},
"search_types": [{
"id": "00000176-3d00-1d2b-be56-fa163e711ac5",
"streams": [],
"type": "messages"
}
]
}
],
"owner": "userName",
"created_at": "2018-09-20T16:24:53.867Z"
}
看法:
{
"id": "61ea7a5abc7fa78155d61111",
"type": "SEARCH",
"title": "tasks search",
"summary": "tasks search",
"description": "Billops tasks search",
"search_id": "61ea7a5abc7fa78155d684b0",
"state": {
"00000176-3d00-1d2c-be56-fa163e722ac5": {
"titles": {
"widget": {
"49fc52ee-ed7c-4859-bd4d-2d9aac1bd3b4": "BO Messages"
}
},
"widgets": [{
"id": "49fc52ee-ed7c-4859-bd4d-2d9aac1bd3b4",
"type": "messages",
"config": {
"fields": [
"timestamp",
"message"
],
"show_message_row": false,
"sort": [{
"type": "pivot",
"field": "timestamp",
"direction": "Descending"
}
]
}
}
],
"widget_mapping": {
"49fc52ee-ed7c-4859-bd4d-2d9aac1bd3b4": [
"00000176-3d00-1d2b-be56-fa163e711ac5"
]
},
"positions": {
"49fc52ee-ed7c-4859-bd4d-2d9aac1bd3b4": {
"col": 1,
"row": 1,
"height": 10,
"width": "Infinity"
}
}
}
},
"owner": "userName"
}
然后查看注入到 URL 的 id,查询字符串作为参数附加
https://graylog-host.com/search/61ea7a5abc7fa78155d61111?q=processInstanceId%3A4c27e0e9-7888-11ec-b1a0-da395fa14702+AND+nodeId%3AT_ccb9eeea_5ba7_4041_ac4c_fd77f5432b78&streams=60d58b3411b14f3cb8e8c3d7&rangetype=relative&relative=0
它有效,但有一个大问题我猜是在我的搜索之前执行了一个空搜索。这就是为什么它的工作时间很长......
我需要任何帮助))谢谢!
PS:我们使用Graylog的免费版,3.3.8版本,会迁移到4+版本