Graylog: Difference between revisions

The Graylog software centrally captures, stores, and enables real-time search and log analysis against terabytes of machine data from any component in the IT infrastructure and applications.^[1]

Installation

The installation consists of three different software programs, namely Graylog, MongoDB and OpenSearch.

It's advised to pin each package to one major version to circumvent upgrade issues. See following example that uses Graylog 6, MongoDB 6 and Opensearch

{ config, pkgs, ... }:
{
  services = {
    graylog = {
      enable = true;
      extraConfig = ''
        http_external_uri = https://graylog.example.com/
      '';
      elasticsearchHosts = [ "http://127.0.0.1:9200" ];
      package = pkgs.graylog-6_0;
      passwordSecret = "yPE4lpLpjdCxJ5V3q9st7nSw6zo9XYueL191VubFqdjRMK9Wtc4WGbDhJD1AvUPcBwZhMTxtmt9JurbT0fOwaqIdonmVWMAd";
      rootPasswordSha2 = "c0b0109d9439de57fe3cf03abeccbc52f4c98170c732d3b69af5e6395ace574e";
    };
    mongodb = {
      enable = true;
      package = pkgs.mongodb-6_0;
    };
    opensearch = {
      enable = true;
      settings = {
        "cluster.name" = "my-cluster";
      };
    };
  };
}

Troubleshooting

Graylog officially states in their documentation that OpenSearch Version 2.16.0 should not be used. This is a problem as this version is the only one available as a nixpkg.

If OpenSearch v2.16.0 was already installed, Graylog has a workaround here: https://graylog.org/post/alert-notice-opensearch-v2-16/

References