graylog_search v1.0.1 GraylogSearch View Source
GraylogSearch constructs search queries in a composable manner.
It more or less follows Graylog's search query language.
Basic Usage
All queries start with a base URL to the graylog instance.
GraylogSearch.new("https://graylog.example.com")And end with requesting the constructed URL.
GraylogSearch.url()In between the start and end, the query can be composed in various ways.
GraylogSearch.new("https://graylog.example.com")
|> GraylogSearch.for("message", "ssh login")
|> GraylogSearch.and_for("hostname", "service*.example.com")
|> GraylogSearch.minutes_ago(5)
|> GraylogSearch.url()See the API docs below for other ways to construct a query.
Link to this section Summary
API - Generic
Given a base URL to the Graylog instance (i.e. scheme and host name, no path or query string), returns a URI for GraylogSearch pipelines.
Includes the given fields in the message results.
Returns a URL to perform the search
API - Boolean operators
Aliases for/2
Aliases for/3
Aliases not_for/2
Aliases not_for/3
Search for a message by the given query term or phrase. This function can be chained to combine queries with AND.
Searches for a term or phrase in a specific message field.
Search for messages that do not include a term or phrase.
Searches for messages that do not include a term or phrase in a specific field.
Search messages by another term or phrase.
Searches for another term or phrase in a specific message field.
API - Time frames
Search messages within an absolute time range.
Search messages with a relative time range in days.
Search messages with a relative time range in hours.
Search messages with a relative time range in minutes.
Search messages within a time range specified by natural language.
Link to this section API - Generic
Specs
Given a base URL to the Graylog instance (i.e. scheme and host name, no path or query string), returns a URI for GraylogSearch pipelines.
Specs
Includes the given fields in the message results.
Requires extractors to exist for the fields being specified.
Specs
Returns a URL to perform the search
Link to this section API - Boolean operators
Specs
Aliases for/2
Specs
Aliases for/3
Aliases not_for/2
Aliases not_for/3
Specs
Search for a message by the given query term or phrase. This function can be chained to combine queries with AND.
By default, all fields are included in the search when a field to search in is not specified.
Specs
Searches for a term or phrase in a specific message field.
Unlike for/2 which searches all message fields.
Specs
Search for messages that do not include a term or phrase.
Uses the NOT operator. Can be chained to combine queries with AND NOT.
Specs
Searches for messages that do not include a term or phrase in a specific field.
Unlike not_for/2 which searches all message fields.
Specs
Search messages by another term or phrase.
Uses the OR operator to combine queries.
Specs
Searches for another term or phrase in a specific message field.
Unlike or_for/2 which searches all message fields.
Link to this section API - Time frames
Specs
between(URI.t(), String.t(), String.t()) :: URI.t() | {:error, atom()}
between(URI.t(), DateTime.t(), DateTime.t()) :: URI.t()
between(URI.t(), NaiveDateTime.t(), NaiveDateTime.t()) :: URI.t()
Search messages within an absolute time range.
Datetimes expected to be UTC in ISO 8601 format.
Specs
days_ago(URI.t(), pos_integer()) :: URI.t()
Search messages with a relative time range in days.
From the given amount of days ago to the time the search is performed.
Specs
hours_ago(URI.t(), pos_integer()) :: URI.t()
Search messages with a relative time range in hours.
From the given amount of hours ago to the time the search is performed.
Specs
minutes_ago(URI.t(), pos_integer()) :: URI.t()
Search messages with a relative time range in minutes.
From the given amount of minutes ago to the time the search is performed.
Specs
Search messages within a time range specified by natural language.
Consult the natty natural language parser for details on supported date/time formats.