PSGraylog

A PowerShell interface for Graylog

Getting Started

First, install and import the module from your local PSGallery repo. You should be prompted to set up your Graylog host, and your credentials. (You can always re-run this with Initialize-GraylogServiceVault)
```
 TODO: How to install from a repo
 Install-Module PSGraylog
 Import-Module PSGraylog
```
Then, connect to Graylog.
```
 Connect-GraylogService
```
Finally, run a query (the default for the -LogName parameter is 'Windows Security', which is (in my environment, anyways) Active Directory logs):
```
 $Query = "EventID:4740 && TargetUsername:ab123456" 
 Search-Graylog $Query
```
If you want to re-use the data, you can use the -AsJob parameter to return a GraylogSearchJob object. This object contains various identifers used to locate the search query, and is much quicker then re-running the query.
```
$Job = Search-Graylog $Query -AsJob
$Job | Receive-GraylogSearchJob
```