Graylog – Powershell WebSession

Just a quick way to export data from Graylog using Powershell
You can set the query, the fields and the timerange within an URI

/search/csv?q=QUERY&rangetype=TIMERANGE&fields=FIELD
#For example
/search/csv?q=source%3mycomp+AND+SourceModuleName%3Ain&rangetype=relative&relative=86400&fields=source%2Cfull_message

After we just connect to the graylog with a websession

$r=Invoke-WebRequest http://graylog:9000 -SessionVariable gl
$r.Forms[0].Fields.username=$username
$r.Forms[0].Fields.password=$password
$r.Forms[0].Fields.destination="/search/csv?q=source%3mycomp+AND+SourceModuleName%3Ain&rangetype=relative&relative=86400&fields=source%2Cfull_message"
$r2 = Invoke-WebRequest -URI ("http://graylog:9000"+$r.Forms[0].action) -WebSession $gl -Method POST -body $r.Forms[0].Fields
$r2.content | out-file graylog2export.csv