Kla*_*aus 6 api logging graylog2 graylog graylog3
如何使用 PHP 从graylog 服务器搜索日志?
假设graylog服务器是https://host.td/api/search/universal/absolute
该解决方案是用 PHP 实现的:
$url = 'https://host.td/api/search/universal/absolute'
. '?query=' . urlencode('field:value') //query which you would also perform on UI
. '&from=' . urlencode(Carbon::createFromTimestamp(0)) // min timestamp so we get all logs
. '&to=' . urlencode(Carbon::createFromTimestamp(NumberUtils::MAX_32_BIT_INT)) // max timestamp so we get all logs
. '&limit=' . $this->limit //how many results do we want?
. '&fields=' . urlencode('field1,field2,field3') //which fields do we want?
. '&filter=' . urlencode('streams:<stream_id>') //OPTIONAL: only search in this stream
. '&sort=' . urlencode('field:desc') //sort result
. '&decorate=false'; //decorate parameter
$res = (new Client())->get($url, [
// generate a token on graylog UI;
// we use basic auth, username=the token; password: hard coded string 'token'
'auth' => ['<token_value>', 'token'],
'headers' => ['Accept' => 'application/json'] //we want a json result
]);
$json = \GuzzleHttp\json_decode($res->getBody());
如果您想按您提供的时间戳进行排序,请不要将其称为时间戳,因为在这种情况下,使用的是graylog 的时间戳,而不是您的时间戳。我最终在我存储的每个字段上使用了前缀。
| 归档时间: |
|
| 查看次数: |
3682 次 |
| 最近记录: |