Graylog: Automate Graylog with the CLI

Start Graylog, retrieve its credentials, and change its configuration programmatically with the Stackhero CLI

👋 Bienvenue sur la documentation de Stackhero !

Stackhero propose une solution Graylog cloud prête à l'emploi qui offre de nombreux avantages, notamment :

  • Serveur e-mail SMTP illimité et dédié inclus.
  • Mises à jour sans effort en un clic.
  • Nom de domaine personnalisable sécurisé avec HTTPS (par exemple, https://logs.votre-entreprise.com).
  • Performance optimale et sécurité robuste grâce à une VM privée et dédiée.

Gagnez du temps et simplifiez-vous la vie : il suffit de 5 minutes pour essayer la solution Graylog cloud hosting de Stackhero !

This guide shows how to create a Graylog service, read its credentials, and update its configuration entirely from the command line, with no clicks in the dashboard. It is ideal for scripts, CI pipelines, and AI agents.

It uses the Stackhero CLI. Install it first:

curl -fsSL https://www.stackhero.io/install.sh | sh

1. Authenticate

The simplest way is to log in from your browser. The CLI opens a page where you approve the access (no password or 2FA code is ever handled by the CLI):

stackhero login

Your credentials are then saved locally and reused by every following command.

For scripts, CI pipelines, and AI agents, use a non-interactive access token instead. Create one from your dashboard (Account > Access tokens) and export it. The CLI (and any script) picks it up automatically:

export STACKHERO_TOKEN="usr-xxxxxx:your-token"

2. Find the Graylog service store

List your organizations to get your organization id, then find the Graylog store:

# Your organization id (org-xxxxxx)
stackhero organizations-list

# The Graylog service stores available to that organization
stackhero services-store-list --organization-id=org-xxxxxx --name="graylog"

Pick the svs-xxxxxx id of the version you want.

3. Pick an instance size and a region

# Instance sizes (ist-xxxxxx) available for that service store
stackhero instances-store-list --organization-id=org-xxxxxx --service-store-id=svs-xxxxxx

# Available regions
stackhero regions-list

4. Create the service

The script below creates a stack, adds Graylog to it, waits until it is running, reads its configuration (which contains the generated credentials), and applies a new configuration.

#!/bin/bash
set -e

export STACKHERO_TOKEN="usr-xxxxxx:your-token"

organizationId="org-xxxxxx"
serviceStoreId="svs-xxxxxx"   # a Graylog service store (step 2)
instanceStoreId="ist-xxxxxx"  # an instance size (step 3)
regionId="europe"             # a region id (step 3)

# Create a stack to host the service
stackId=$(stackhero --format=script stack-create \
  --organization-id="${organizationId}" \
  --name="My Graylog stack")
echo "Stack created: ${stackId}"

# Add Graylog to the stack
serviceId=$(stackhero --format=script service-add \
  --stack-id="${stackId}" \
  --service-store-id="${serviceStoreId}" \
  --instance-store-id="${instanceStoreId}" \
  --region-id="${regionId}")
echo "Service added: graylog"

# Wait until the service is running (a couple of minutes)
stackhero service-wait-for --service-id="graylog"

# Retrieve the service configuration, including its generated credentials
stackhero service-configuration-get --service-id="graylog" --format=json

5. Retrieve credentials

service-configuration-get returns the full configuration of the service, including the generated passwords and connection details. As JSON (handy for scripts and agents):

stackhero service-configuration-get --service-id=svc-xxxxxx --format=json

6. Change the configuration

Get an example of the expected configuration, then apply your own:

# See the configuration schema and an example for this service
stackhero service-configuration-example --service-id=svc-xxxxxx

# Apply a new configuration (the service restarts to apply it)
stackhero service-configuration-set \
  --service-id=svc-xxxxxx \
  --configuration='{ "...": "..." }'

# Wait until the new configuration is applied
stackhero service-wait-for --service-id=svc-xxxxxx

That is the full lifecycle: start, read credentials, reconfigure, all scriptable. See the full CLI documentation for every command and the non-interactive STACKHERO_TOKEN authentication used here.

Autres articles pour Graylog

  1. Introduction
    Introduction à Graylog, tout ce que vous devez savoir à son sujet
  2. Premiers pas
    Comment débuter avec Graylog
  3. Choisir les types d'entrée
    Comment choisir le bon type d'entrée Graylog
  4. Configurer les entrées
    Comment configurer les entrées Graylog
  5. Gérer la rétention
    Comment configurer la rétention des logs
  6. Alertes
    Comment envoyer des alertes Graylog par email, Slack ou Mattermost
  7. Licence Enterprise
    Comment gérer la licence Graylog Enterprise
  8. Problèmes de mappage des données
    Comment résoudre les problèmes de mappage des données d’index dans Graylog
  9. Utilisation avec Node.js
    Comment envoyer des logs de Node.js vers Graylog
  10. Utilisation avec Dot NET
    Comment envoyer des logs de .NET/Serilog vers Graylog
  11. Utilisation avec Python
    Comment envoyer des logs de Python à Graylog