Graylog – Dashboard Creation.

Carrying on with my Graylog posts, the following will give you an introduction to creating a basic but functional dashboard.

Why do you need a dashboard? Well you can view a number a widgets very quickly which can all be configured with separate search queries. What’s really convenient is that it’s your dashboard, not one that the vendor thinks you will need. Every environment has different requirements. Perhaps you are tracking iSCSI disconnects and want to see a count of the number of iSCSI errors you are getting prior to the event, maybe want to track how many logs vpxa generates, or list the amount of port scans you are getting on your external firewall. It’s really defined by you.

  1. Browse to your Graylog server and login.GL20
  2.  Click on Dashboard on the Menu across the top.Gray_Dash_01
  3. Once the Dashboards tab has opened click Create Dashboard.Gray_Dash_02
  4. Give your new Dashboard a name and description.Gray_Dash_03
  5. You now have a brand new empty dashboard. lets get some widgets generated and add them in.Gray_Dash_04
  6. Click on Search in the menu bar and in the search field type something that you’d like to keep an eye on. For this purpose I’ve chosen the vpxa. It’s noisy and will be a good example.Gray_Dash_05
  7. This will return, a histogram and a bunch of messages.Gray_Dash_06
  8. Lets add the histogram to the dashboard. In the histogram pane click on Add to dashboard and select the dashboard you want to add the histogram to.Gray_Dash_07
  9. And lets add one more. In the Fields pane, expand Messages and click Quick Values. Then in the Quick values for message Click Add to dashboard and select your dashboard.Gray_Dash_08
  10. Go through the various fields and widgets and add what you think will be useful.
  11. Back to our dashboard. Click on Dashboard in the Menu across the top and then click on the name of the dashboard you just created.Gray_Dash_09
  12. You’ll now see the widgets you’ve added to your dashboard. You’ll also see three buttons, Update in background, fullscreen and unlock/edit. To rearrange your widgets click unlock/edit and move them around as needed. Update in background keeps the widgets live and fullscreen puts the screen into a display mode which could be useful to display on screens around the IT department.Gray_Dash_10
  13. Once you are done move things around click lock to take it out of editing mode.Gray_Dash_11

The above does go through creating a very basic dashboard by once again this demonstrates how useful Graylog really is. If you are looking for log monitoring you will be in a safe place with Graylog. The flexibility and scalability, absolutely compete with, and often exceed, the larger paid for rivals.

Leave a Reply

Your email address will not be published.