--- # Graylog Stream Management via REST API # Idempotent: checks for existing streams before creating - name: get existing streams ansible.builtin.uri: url: "{{ graylog_api_url }}/streams" method: GET user: "{{ graylog_api_token }}" password: token force_basic_auth: true headers: X-Requested-By: ansible Accept: application/json status_code: 200 register: existing_streams tags: graylog-config, streams - name: build list of existing stream titles ansible.builtin.set_fact: existing_stream_titles: "{{ existing_streams.json.streams | map(attribute='title') | list }}" existing_stream_map: "{{ existing_streams.json.streams | items2dict(key_name='title', value_name='id') }}" tags: graylog-config, streams - name: create streams ansible.builtin.uri: url: "{{ graylog_api_url }}/streams" method: POST user: "{{ graylog_api_token }}" password: token force_basic_auth: true headers: X-Requested-By: ansible Content-Type: application/json body_format: json body: title: "{{ item.title }}" description: "{{ item.description | default('') }}" index_set_id: "{{ item.index_set_id | default(graylog_default_index_set) }}" remove_matches_from_default_stream: "{{ item.remove_from_default | default(true) }}" status_code: [200, 201] loop: "{{ graylog_streams }}" loop_control: label: "{{ item.title }}" when: item.title not in existing_stream_titles register: created_streams tags: graylog-config, streams - name: refresh stream list after creation ansible.builtin.uri: url: "{{ graylog_api_url }}/streams" method: GET user: "{{ graylog_api_token }}" password: token force_basic_auth: true headers: X-Requested-By: ansible Accept: application/json status_code: 200 register: all_streams tags: graylog-config, streams - name: build stream ID lookup ansible.builtin.set_fact: stream_id_map: "{{ all_streams.json.streams | items2dict(key_name='title', value_name='id') }}" tags: graylog-config, streams - name: get existing rules for each stream ansible.builtin.uri: url: "{{ graylog_api_url }}/streams/{{ stream_id_map[item.title] }}/rules" method: GET user: "{{ graylog_api_token }}" password: token force_basic_auth: true headers: X-Requested-By: ansible Accept: application/json status_code: 200 loop: "{{ graylog_streams }}" loop_control: label: "{{ item.title }}" when: item.title in stream_id_map register: stream_rules tags: graylog-config, streams - name: create stream rules ansible.builtin.uri: url: "{{ graylog_api_url }}/streams/{{ stream_id_map[item.0.title] }}/rules" method: POST user: "{{ graylog_api_token }}" password: token force_basic_auth: true headers: X-Requested-By: ansible Content-Type: application/json body_format: json body: field: "{{ item.1.field }}" value: "{{ item.1.value }}" type: "{{ item.1.type | default(1) }}" inverted: "{{ item.1.inverted | default(false) }}" description: "{{ item.1.description | default('') }}" status_code: [200, 201] loop: "{{ graylog_streams | subelements('rules', skip_missing=True) }}" loop_control: label: "{{ item.0.title }} - {{ item.1.field }}:{{ item.1.value }}" when: - item.0.title in stream_id_map - stream_rules.results | selectattr('item.title', 'equalto', item.0.title) | map(attribute='json.stream_rules') | first | default([]) | selectattr('field', 'equalto', item.1.field) | selectattr('value', 'equalto', item.1.value) | list | length == 0 tags: graylog-config, streams - name: start streams ansible.builtin.uri: url: "{{ graylog_api_url }}/streams/{{ stream_id_map[item.title] }}/resume" method: POST user: "{{ graylog_api_token }}" password: token force_basic_auth: true headers: X-Requested-By: ansible status_code: [200, 204] loop: "{{ graylog_streams }}" loop_control: label: "{{ item.title }}" when: item.title in stream_id_map ignore_errors: true tags: graylog-config, streams