Graylog Enterprise Reviews

I used this solution for bug tracking, checking to see if an application was running correctly or not.

I was working at a big comparison platform in Germany and was part of a  financial services department where we built multibanking applications. I know that in other departments they used different logging tools like TeamCity, so this was not something that was used companywide. There were probably about 50 developers using it, from app developers to Java/Python backend developers and the data science team. The extent of log messages and verbosity was varying from team to team.

One of the most valuable features is that you are able to do a very detailed search through the log messages in the overview. You are also able to attach a lot of details into your log messages. 

When it came to integrating the solution with Java, it was quite easy. My colleagues used Graylog for some dashboards to show how many bugs there were per day or the overall performance of the applications. For the developers it's not super important, but it was quite a good way for the project manager to see that everything was all right.

With Python, there was a problem where it was harder to attach extra information using the basic logging package. We had to build our own custom adapter for this to append that information to the log message. For Python developers, it would be great if Graylog could provide a better Python package in order to make it easier to use for the Python community.

I used this solution for about two years. 

This solution is definitely stable. 

This solution was definitely scalable to our needs. 

I would say the initial setup is quite straightforward, but it's pretty straightforward for any kind of logging tool out there. The difference is in how you integrate it into the project, but I don't think there's much of a difference between all of the tools, at least from my perspective. 

I used Graylog until a few months ago, and I'm currently using Sentry. With Sentry it is quite easy to filter, for example, errors for a specific project just by clicking a drop down. On Graylog, we had to perform active filtering through the search bar. The filtering process was a bit different. I wouldn't say they differ too much, but Sentry also allows me to do some bug tracking and mark them like, "Okay, now I have to review this," or "This has been resolved", which is not something I would ask for in a log tool, but it's available.

I would say that it's definitely worth looking into the extensive search and filtering functionality of Graylog in order to make the most out of it. I would also suggest having a look into the dashboard view functionalities for doing some kind of quick performance overview on the application set. I think the coolest feature of Graylog if you're a developer is that you are able to really narrow down or to specify the search.

For TeamCity, for example, there is specific query language and you can build dashboards and queries there as well, but this feature was kind of limited when I was using it. Even though it was available, I didn't like the feature overly much. I know that there are other similar tools available, but I enjoy using Graylog the most.

I would rate this solution as an eight out of ten because the integration with Python isn't perfect, but if that's fixed in the future, I would say it would be a nine or ten.

We have one SIEM tool to integrate the log source for other containers and user-related logs. Those logs were integrated into Graylog. When required those logs Graylog gets sent to a SIEM tool. 

The best feature of Graylog is the Elasticsearch integration. We can integrate and we can run filters, such as an event of interest, and those logs we can send to any SIEM tool or as an analytic. Additionally, there are clear and well-documented implementation instructions on their website to follow if needed.

Graylog could improve the process of creating rules. We have to create them manually by doing parses and applying them. Other SIEM solutions have basic rules and you can create and get more events of interest.

I have been using Graylog for approximately three years.

Graylog is a stable solution. However, while using some microservices it may go down.

Graylog

We have approximately 40 to 45 people using the solution in my company. There are three different teams using it, such as developers and testing teams. The teams use the solution on a daily basis.

We are working in India, and sometimes it takes a while to receive a response from the support. However, the solutions they provide are can do them. Their support is good.

I rate the support from Graylog a four out of five.

Positive

I have previously used Logstash. The main difference between Graylog and Logstash is in Logstash it takes a longer time for searching logs.

We had some struggles with the initial setup of Graylog. However, after using the support it works fine.

I rate the initial setup of Graylog a four out of five.

We use the support from the Graylog team for the implementation of the solution.

Graylog is a free open-source solution. The free version has a capacity limitation of 2 GB daily, if you want to go above this you have to purchase a license.

I rate Graylog a seven out of ten.

I like the correlation and the alerting. If I have multiple monitoring systems and I alert Graylog, Graylog will collect them and analyze them, and issue one alert.

We are only approximately four months into production and have not explored all of the features this solution offers. So far, it has everything we wanted.

I would like to see some kind of visualization included in Graylog. The report is plain, they could be improved.

I have been using Graylog for approximately five months.

We are using the latest version.

Graylog community is very good.

We are also using Zenoss.

The initial setup is straightforward.

It's an open-source solution that can be used free of charge.

I would definitely recommend Graylog to others who are interested in using it.

At this point with the features that I have used, I would rate Graylog a ten out of ten.

We use Graylog for developer login to assist developers and help them find issues faster, and for certain applications in production.

The centralized logs where one can find bugs quicker and find the line of code that is a problem has made us more efficient. The turn around time for production support is quite high when using this kind of solution.

Graylog's search functionality, alerting functionality, user management, and dashboards are useful. They also provide an easy way to create dashboards, and the interface is also quite easy to use.

Graylog can improve the index rotation as it's quite complicated. They need to work on that because it's quite cumbersome to manage the index rotation with all the logs.

The filtering of logs before ingestion also needs a bit of work. This is because you have to write some code to avoid certain things before ingesting. As it doesn't support certain AIX versions, you need to upgrade the servers to accommodate it.

I have been using Graylog for about three years.

Graylog is quite stable, and the only issue is the index rotation.

Graylog is scalable and can be deployed in a clustered distributed environment.

The support from the Graylog community is helpful, but they can do better. The enterprise support doesn't really cater to open-source solutions. They only support you if you are an enterprise working on a POC. If you want to do a POC for an enterprise solution, they need assurances that you'll buy their enterprise solution. 

I have used different solutions like Nagios before. These solutions are more like manual processes where logging and viewing of logs are conducted on the server.

Others like ELK are difficult to use because it isn't straightforward and requires a lot of reading. You have to learn quite a lot before using it.

Graylog is quite easy to set up. As it comes with a prepackaged installation file, it's not complex to install and takes one to three days to deploy. If you have to study the documentation and then implement it, I think you can do it within a week.

All implementation was handled in-house.

Graylog is straightforward to install and easy to maintain. It also comes with alerting. But one has to be mindful of the support and disadvantages like the index rotation.

On a scale from one to ten, I give Graylog an eight.

I use this solution regularly for analyzing incidents, collecting them to figure out what's going on. For now, I'm using it myself but would like to also deploy for some of my customers in the near future. I'm an entrepreneur in a security solutions company and a customer of Graylog. 

I like the simplicity of the solution, the fact that it's open source and user friendly.

It would be helpful if they would work more on the documentation because it's not very clear and ideally I'd like to be able to do more myself, but would need some additional guidelines and material for that.

I've been using this solution for a year. 

It's a stable solution. 

I believe it's a scalable solution but haven't tested it yet. 

The technical support is a weak point in this product. It's not so easy to contact them and they don't answer immediately. Sometimes it takes a lot of time and the wait is difficult. If I had enough documentation I might not need the support. 

The initial setup was relatively straightforward. I was able to deploy it myself in a couple of days. For now, I'm the only user. I know it can be scaled for free for up to five users and I'll test that soon. 

This is a good product and I would rate it an eight out of 10. 

Our primary use case of this solution is for logging. Because we have financial systems, we also use it for audit trailing.

I basically run the entire program in our company. Whenever there's an audit, I get the people on board and give them the information they require.

Graylog captures our financial logs and preserves them, mainly for any audit that may come up. The compliance is very good.

What I like most about this solution, is that it caches the log. I also like it's filtration because we have various layers of data that needs to be captured - from flat filing to Windows servers, Linux-based servers and the like. I like the diversity and the number of environments it can cover, including the switches.

I would like to see a date and time in the Graylog Grok patterns so that I can save time when searching for a log. I like how the streams and the search query work, but adding a date and time will allow me to pull out a log in a milli-second.

I am very proud of how very stable the solution is. One time I had an entire node on my VxRail VMware collapse, so I basically restored the template, gave it the same IP address and everything was working again.

We've grown from 500 to 2,000 independent devices on this solution, and it captures them all. We even plan to increase our usage. So, yes, the program is scalable.

There hasn't been a need for me to call support, because I only went through the forums and hundreds of pages of manuals to get to understand it. 

The initial setup was really complex because I did it myself. I had no support and I didn't understand the whole ecosystem. The first deployment took about a month because I had to figure out exactly what I'm capturing, and how to query it afterwards. I also had to manage the clientele, client installations, and the like. After a month or so I had an overall view of everything.

I am responsible for the deployment and maintenance of Graylog. I've even done smaller setups and deployments for other people. 

I use the free version of Graylog.

In the next version I would perhaps like to see less overlapping in in the interface. Some users feel that it is still very rigid and boxy. Pretty old school. So a more user-friendly interface with less overlapping in the structures would be great. I rate this solution 9.5 out of 10.

Logs were previously stored in various database tables. Log consumers were required to write SQL for retrieval, then correlate/join disparate sources by hand. Since most logging fields were not indexed, the retrieval process was painfully slow.

Real-time UDP/GELF logging and full text-based searching. Since UDP is a stateless, connectionless protocol, it simplifies error handling for the log sender/producer in the event that Graylog is not available. UDP is also a fast and lightweight protocol, perfect for sending large volumes of logs with minimal overhead. Storing logs in Elasticsearch means log retrieval is extremely fast, and full text search is available by default. Additionally, Graylog has support via plugins for Slack-based alerts. These have been wonderful for notifying us when exceptional log messages are encountered.

• Backup and restore functionally for migrating instances.
• Dashboard and search analytics (i.e., more complex visualizations and the ability to execute custom Elasticsearch queries would be great).
• More flexible alert conditions

No issues.

No issues.

I would rate them as a two out of 10. You are on your own without an enterprise license.

No previous solution.

Our setup was not straightforward. We opted to create a Docker swarm instance, hosting three Graylog nodes, Nginx for SSL/TLS offloading, and three MongoDB nodes (in a replica set). Then, we installed a three node Elasticsearch cluster on RHEL 7 virtual machines. The majority of the configuration was done through Docker compose.

You get a lot out-of-the-box with the non-enterprise version, so give it a try first.

All the other solutions were in-house proposals.

Thoroughly read the Graylog documentation and consider Enterprise support if you have atypical needs or setup requirements.

Use for log aggregation, alerting, and monitoring in a container environment

• Searching errors
• Alerting through Slack and OpsGenie using their plugins.

We run a containerized microservices environment. Being able to set up streams and search for errors and anomalies across hundreds of containers is why a log aggregation platform like Graylog is valuable to us. 

Allowing us to set up alerts and integrate with platforms we already use, such as Slack and OpsGenie to alert users of these errors proactively, is also a very useful feature. 

Elasticsearch recommendations for tuning could be better. Graylog doesn't have direct support for running the system inside of Kubernetes, so it can be challenging to fill in the gaps and set up containers in a way that is both performant and stable.

We ran into problems with Elasticsearch throwing a circuit-breaking exception due to field data size being too large. It turned out that the heap size directly impacted this size in a high-throughput environment, causing unexplained instability in Graylog. We were able to troubleshoot on the Elasticsearch size, but we should have been able to reference some minimum requirements for Graylog to know that our settings weren't sufficient.

Otherwise, the documentation is great and there are a lot of options for configuration. Since container orchestration systems are popular and Graylog fits the niche well, perhaps they could officially support running in docker containers on Kubernetes as a StatefulSet as a use case. That way, the declarative nature of Kubernetes config files would document their best-case deployment scenario.

Yes, with Elasticsearch.

No issues with scalability.

Never used.

Splunk, Logstash, and Elasticsearch.

Set up in Kubernetes; not complex once the configuration is right.

We use the free version.

Splunk, Logstash, and Elasticsearch.

Make sure your Elasticsearch cluster is sized right, memory-wise.