Now that we have we have created an API token for our new API Reader user, we can query the API and search messages. Our user currently has “Reader” level permissions. However Graylog developers state that:
“Universal search requires admin privileges as you have access to all ingested messages with it. Normal users can use streams: http://docs.graylog.org/en/1.3/pages/streams.html47 – reference link
“Reader users are always bound to streams and can only do searches with a
filter that limits them to streams they are allowed to view. You could create a stream that matches every message and give the users permissions on that. – reference link
As you may guess, you are probably not going to create a stream for every message. So…what should you do? Well, I just assigned my api user admin rights and then generated a token. Note, this works with version 2 of Graylog, perhaps version 3 has resolved this issue. More on that to come.
In order to generate a new access token for a user in Graylog, follow these steps depending on your version.
Graylog version 2.x
Open the API Browser and navigate to the Users:User accounts section. Expand the section:
Then fill out your username and name to generate your token. Example:
Graylog version 3.x
In Graylog version 3.x you can generate a token either from the api or you can now generate a token from the web ui. Follow this link for webui instructions.