Automatically create UDP input for Graylog2 server running in Docker?

Question

We're running a Graylog2 server in a Docker container in our development environment. It works like a charm apart from the fact that we have to re-create the UDP input every time we launch the container.

Has anyone figured out a convenient way to automatically create Graylog2 inputs?

Answer 1

Use a auto-loaded content pack in a newly created docker container.

Dockerfile (since Graylog 3.2 - thanks to T. van den Berg):

FROM graylog2/server:latest
COPY udp-input-graylog.json /usr/share/graylog/data/contentpacks
ENV GRAYLOG_CONTENT_PACKS_AUTO_INSTALL udp-input-graylog.json
ENV GRAYLOG_CONTENT_PACKS_LOADER_ENABLED true
ENV GRAYLOG_CONTENT_PACKS_DIR data/contentpacks

Dockerfile (pre 3.0, see this pull request ). :

FROM graylog2/server:latest
COPY udp-input-graylog.json /usr/share/graylog/data/contentpacks
ENV GRAYLOG_CONTENT_PACKS_AUTO_LOAD udp-input-graylog.json
ENV GRAYLOG_CONTENT_PACKS_LOADER_ENABLED true
ENV GRAYLOG_CONTENT_PACKS_DIR data/contentpacks

udp-input-graylog.json:

{
  "name":"UDP GELF input on 12201",
  "description":"Adds a global UDP GELF input on port 12201",
  "category":"Inputs",
  "inputs":[
    {
      "title":"udp input",
      "configuration":{
        "override_source":null,
        "recv_buffer_size":262144,
        "bind_address":"0.0.0.0",
        "port":12201,
        "decompress_size_limit":8388608
      },
      "static_fields":{},
      "type":"org.graylog2.inputs.gelf.udp.GELFUDPInput",
      "global":true,
      "extractors":[]
    }
  ],
  "streams":[],
  "outputs":[],
  "dashboards":[],
  "grok_patterns":[]
}