Search another article?
Use Playbooks to retrieve logs
Logs nodes allows you to take an input, usually coming from a request to an API to retrieve logs, and process it to extract and store to SGBox a set of log lines.
The input always comes from a previous node in the flow. Select a node from the list to show its output.
Available nodes, to manage different input formats, are
- JSON logs
- CSV logs
- TEXT logs
JSON logs
Once the JSON output of a previous node is displayed, you can click on its keys to tell the node where to extract the logs from. Then, you have to tell the node where to extract the timestamp from, its format, the host, and other info. Follow the guide inside the node form.
See this article if you there are some problem to collect the logs see the advanced section
CSV logs
Retrieve logs from API
You can create a Playbook with one or more api requests, using Start timestamp and End timestamp parameters, followed by a Logs node.
Then, just schedule the playbook to be executed with any periodicity and, at every execution, it will call the API with updated timestamps to retrieve the last available logs and store them into SGBox, available for consultation in the Historical Search page.