Graylog Reviews

We are using the solution to store all the logs from different sources. Also, we use it to monitor the logs for system errors.

The solution's most valuable feature is its new interface. It enhances our cluster's performance as well.

They depleted the legacy alarm callback feature from the current version. They should make it available in the newest version as well. Also, they should include SSO integration in Graylog 5.0's community version, similar to its enterprise version. It would also be beneficial if they added a feature that scales the solution automatically when the load increases.

We have been using the solution for five to six years.

The solution's current version that I am using is stable.

We have 50-60 users of the solution. Its scalability gets complicated when we have to update or edit multiple nodes. It is a very tedious task to add new nodes to the cluster. I rate its scalability a six.

We use Graylog's community support forum. It helps us solve our queries.

The solution's initial setup is easy. The deployment process for the new version takes 10-15 days.

Our in-house technical staff has seven years of experience working with Graylog. With their guidance, we configure and maintain the solution.

The solution's community version works well for a lesser workload. It will help if you opt for the solution's enterprise version if you plan to increase the load.

I recommend the solution to others and rate it as a seven.

We use Graylog for developer login to assist developers and help them find issues faster, and for certain applications in production.

The centralized logs where one can find bugs quicker and find the line of code that is a problem has made us more efficient. The turn around time for production support is quite high when using this kind of solution.

Graylog's search functionality, alerting functionality, user management, and dashboards are useful. They also provide an easy way to create dashboards, and the interface is also quite easy to use.

Graylog can improve the index rotation as it's quite complicated. They need to work on that because it's quite cumbersome to manage the index rotation with all the logs.

The filtering of logs before ingestion also needs a bit of work. This is because you have to write some code to avoid certain things before ingesting. As it doesn't support certain AIX versions, you need to upgrade the servers to accommodate it.

I have been using Graylog for about three years.

Graylog is quite stable, and the only issue is the index rotation.

Graylog is scalable and can be deployed in a clustered distributed environment.

The support from the Graylog community is helpful, but they can do better. The enterprise support doesn't really cater to open-source solutions. They only support you if you are an enterprise working on a POC. If you want to do a POC for an enterprise solution, they need assurances that you'll buy their enterprise solution. 

I have used different solutions like Nagios before. These solutions are more like manual processes where logging and viewing of logs are conducted on the server.

Others like ELK are difficult to use because it isn't straightforward and requires a lot of reading. You have to learn quite a lot before using it.

Graylog is quite easy to set up. As it comes with a prepackaged installation file, it's not complex to install and takes one to three days to deploy. If you have to study the documentation and then implement it, I think you can do it within a week.

All implementation was handled in-house.

Graylog is straightforward to install and easy to maintain. It also comes with alerting. But one has to be mindful of the support and disadvantages like the index rotation.

On a scale from one to ten, I give Graylog an eight.

I use this solution regularly for analyzing incidents, collecting them to figure out what's going on. For now, I'm using it myself but would like to also deploy for some of my customers in the near future. I'm an entrepreneur in a security solutions company and a customer of Graylog. 

I like the simplicity of the solution, the fact that it's open source and user friendly.

It would be helpful if they would work more on the documentation because it's not very clear and ideally I'd like to be able to do more myself, but would need some additional guidelines and material for that.

I've been using this solution for a year. 

It's a stable solution. 

I believe it's a scalable solution but haven't tested it yet. 

The technical support is a weak point in this product. It's not so easy to contact them and they don't answer immediately. Sometimes it takes a lot of time and the wait is difficult. If I had enough documentation I might not need the support. 

The initial setup was relatively straightforward. I was able to deploy it myself in a couple of days. For now, I'm the only user. I know it can be scaled for free for up to five users and I'll test that soon. 

This is a good product and I would rate it an eight out of 10. 

Our primary use case of this solution is for logging. Because we have financial systems, we also use it for audit trailing.

I basically run the entire program in our company. Whenever there's an audit, I get the people on board and give them the information they require.

Graylog captures our financial logs and preserves them, mainly for any audit that may come up. The compliance is very good.

What I like most about this solution, is that it caches the log. I also like it's filtration because we have various layers of data that needs to be captured - from flat filing to Windows servers, Linux-based servers and the like. I like the diversity and the number of environments it can cover, including the switches.

I would like to see a date and time in the Graylog Grok patterns so that I can save time when searching for a log. I like how the streams and the search query work, but adding a date and time will allow me to pull out a log in a milli-second.

I am very proud of how very stable the solution is. One time I had an entire node on my VxRail VMware collapse, so I basically restored the template, gave it the same IP address and everything was working again.

We've grown from 500 to 2,000 independent devices on this solution, and it captures them all. We even plan to increase our usage. So, yes, the program is scalable.

There hasn't been a need for me to call support, because I only went through the forums and hundreds of pages of manuals to get to understand it. 

The initial setup was really complex because I did it myself. I had no support and I didn't understand the whole ecosystem. The first deployment took about a month because I had to figure out exactly what I'm capturing, and how to query it afterwards. I also had to manage the clientele, client installations, and the like. After a month or so I had an overall view of everything.

I am responsible for the deployment and maintenance of Graylog. I've even done smaller setups and deployments for other people. 

I use the free version of Graylog.

In the next version I would perhaps like to see less overlapping in in the interface. Some users feel that it is still very rigid and boxy. Pretty old school. So a more user-friendly interface with less overlapping in the structures would be great. I rate this solution 9.5 out of 10.

Logs were previously stored in various database tables. Log consumers were required to write SQL for retrieval, then correlate/join disparate sources by hand. Since most logging fields were not indexed, the retrieval process was painfully slow.

Real-time UDP/GELF logging and full text-based searching. Since UDP is a stateless, connectionless protocol, it simplifies error handling for the log sender/producer in the event that Graylog is not available. UDP is also a fast and lightweight protocol, perfect for sending large volumes of logs with minimal overhead. Storing logs in Elasticsearch means log retrieval is extremely fast, and full text search is available by default. Additionally, Graylog has support via plugins for Slack-based alerts. These have been wonderful for notifying us when exceptional log messages are encountered.

• Backup and restore functionally for migrating instances.
• Dashboard and search analytics (i.e., more complex visualizations and the ability to execute custom Elasticsearch queries would be great).
• More flexible alert conditions

No issues.

No issues.

I would rate them as a two out of 10. You are on your own without an enterprise license.

No previous solution.

Our setup was not straightforward. We opted to create a Docker swarm instance, hosting three Graylog nodes, Nginx for SSL/TLS offloading, and three MongoDB nodes (in a replica set). Then, we installed a three node Elasticsearch cluster on RHEL 7 virtual machines. The majority of the configuration was done through Docker compose.

You get a lot out-of-the-box with the non-enterprise version, so give it a try first.

All the other solutions were in-house proposals.

Thoroughly read the Graylog documentation and consider Enterprise support if you have atypical needs or setup requirements.

Use for log aggregation, alerting, and monitoring in a container environment

• Searching errors
• Alerting through Slack and OpsGenie using their plugins.

We run a containerized microservices environment. Being able to set up streams and search for errors and anomalies across hundreds of containers is why a log aggregation platform like Graylog is valuable to us. 

Allowing us to set up alerts and integrate with platforms we already use, such as Slack and OpsGenie to alert users of these errors proactively, is also a very useful feature. 

Elasticsearch recommendations for tuning could be better. Graylog doesn't have direct support for running the system inside of Kubernetes, so it can be challenging to fill in the gaps and set up containers in a way that is both performant and stable.

We ran into problems with Elasticsearch throwing a circuit-breaking exception due to field data size being too large. It turned out that the heap size directly impacted this size in a high-throughput environment, causing unexplained instability in Graylog. We were able to troubleshoot on the Elasticsearch size, but we should have been able to reference some minimum requirements for Graylog to know that our settings weren't sufficient.

Otherwise, the documentation is great and there are a lot of options for configuration. Since container orchestration systems are popular and Graylog fits the niche well, perhaps they could officially support running in docker containers on Kubernetes as a StatefulSet as a use case. That way, the declarative nature of Kubernetes config files would document their best-case deployment scenario.

Yes, with Elasticsearch.

No issues with scalability.

Never used.

Splunk, Logstash, and Elasticsearch.

Set up in Kubernetes; not complex once the configuration is right.

We use the free version.

Splunk, Logstash, and Elasticsearch.

Make sure your Elasticsearch cluster is sized right, memory-wise.

It is used as a log manager/SIEM. It provides visibility into the infrastructure and security related events.

The most valuable part is an open source. The build is stable and requires little maintenance, even compared to some extremely expensive products.

There are places which could be improved:

• Stream alerts
• Dashboards
• Parsing.

Some places were already improved in 2.4 with the threat intelligence add-on.

Over six months, I had two similar issues where searches were performed on field "messages". It exhausted all the memory of the ES node causing an ES crash and a Graylog halt.

We have scaled from a single machine installation (a VM with a Graylog + ES + MongoDB) to (2 Graylog + 2 ES + 3 MongoDB). This was done smoothly with a minimal impact on logging.

I have only used the community support (forum), but Graylog developers are quick to respond and assist with issues.

Splunk: The price was the factor for the switch.

The initial setup is straightforward.

Step-by-step installation walk-through is provided by the Graylog team.

If you want something that works and do not have the money for Splunk or QRadar, take Graylog.

ELK was another option. However, Graylog appeared to be more robust and had less limitations at the time.

Just go ahead with the product. 

This had increased productivity for the dev and support teams, because we are directly notifying them. Now, they have to come to dev for every issue. 

The Stream Alert feature is a highlight of this. As for similar products, there are separate integrations, but Graylog ships this with the build.

There should be some user groups and an auto sign-in feature.

No issues.

Not yet.

We are not using any technical support.

No.

It was pretty straightforward.

None, as we are not using an enterprise solution.

We had evaluated ELK Stack, but found Graylog more useful for our use case.

I will say that if you are using this, then explore all the features. You will find this like a swiss army knife.