Open henrikjohansen opened 9 years ago
Please post this suggestion to our ideas portal: https://www.graylog.org/product-ideas/
@henrikjohansen I think that would make sense as a basic integration with other services, although I'm not sure how many people would actually use it. In the end the user would need a good understanding of other applications (they would have to write and test queries themselves), and they also need to ensure that the links are working after updating other applications (which they may not even know are updated if they don't belong to them).
There are also some security implications on these integrations, but I think they would be reasonable if only admins can create and use those links.
I've created a feature request here: https://graylog.ideas.aha.io/ideas/GL2E-I-471
This would probably have to be solved with a new kind of plugin. Linking alone is not powerful enough for the usage I have in mind.
More often than not I find myself opening a lot of tabs, consoles, etc in order to process or investigate certain events or logs. Integrating all that information directly into Graylog would be a herculean task so I would like to propose something different - the ability to define a right-click context menu for certain fields to facilitate the process of sending data from Graylog to external systems.
This menu should contain configurable links such as 'http://name.tld/foo/?something="field_content"' (where "field_content" is templated and replaced by the actual field value) and simply open a new browser tab ...
Examples of stuff I need to lookup often :
Search our monitoring system for something with that IP. Find that MAC address and tell we where that device was last located. Search our asset DB for owner information about device X. Fetch the full packet capture for this device and this timeframe. Lookup this username / workstation in LDAP / Active Directory.
Preferably both HTTP GET & HTTP POST should be supported since HTTP POST would be required for some systems in order to create a ticket, block a user, etc.
@edmundoa is this making any sense for you ? :)