Required Graylog version: 2.0 and later Required Neo4j version: 3.5 and later
- 4.0 is only compatible with Neo4j 3.5+
- The HTTP url format changed (they are different between Neo4j 3.5 and Neo4j 4.x)
- The query parameters now uses Neo4j standard format
$paramName
Limitations:
- does not support neo4j native types in query parameters (number, dates, booleans). The parameters have to be converted into the correct type if needed using cypher functions.
- no multiple database support
Download the plugin and place the .jar file in your Graylog plugin directory. The plugin directory is the plugins/ folder relative from your graylog-server directory by default and can be configured in your graylog.conf file.
Restart graylog-server and you are done.
This project is using Maven and requires Java 8 or higher.
- Clone this repository.
- Run
mvn packageto build a JAR file. - Optional: Run
mvn jdeb:jdebandmvn rpm:rpmto create a DEB and RPM package respectively. - Copy generated JAR file in target directory to your Graylog plugin directory.
- Restart the Graylog.
-
Build the plugin jar using
mvn package -DskipTests -
Start the graylog and databases with
docker-compose up -
Configure the plugin. See
test.httpor do it manually:- connect to http://localhost:9000/system/outputs
- create a neo4j output
- connect to http://localhost:9000/streams/000000000000000000000001/outputs
- assign the neo4j output to the All message stream
- create a new GELF HTTP input here http://localhost:9000/system/inputs
-
Send some test data
curl -XPOST http://localhost:12201/gelf -p0 -d '{"short_message":"Hello there", "host":"example.org", "facility":"test", "source":"1.2.3.4", "user_id":"foo"}' -
Check the nodes are created with correct properties in Neo4j