Graylog Reviews

The product does all the things it must do very well. It can be used for investigating logs as well as a dashboard to see the current amount of errors in the environment.

• Logging aggregation and querying. We have multiple applications, therefore it is no longer feasible to check logs from our file system per each application.
• When adopting microservices architecture, centralized logging is a must have.

It has sped up the investigation of incidents.

The alerting system could be more flexible. It does not allow for definition of different thresholds and alert types of the same streams. It allows different alert types and thresholds for the same stream.

E.g., if we have a single stream of errors, I would like to send each error to the ticketing system: A mail if there are less than 1 errors per second and an SMS if greater than 10 errors received per second.

One year.

No issues.

No issues.

Not applicable.

No.

It was straightforward.

Yes, Elastic Stack.

Send all logs to Graylog instead of just your errors. This will make it easier to investigate problems.

The core of the product is to aggregate log collection.

The ability to write custom alerts is key to information security and compliance. Also, I love the improvements I can make on dashboard widgets. 

Application event messaging, or logging, until I show an organization the result of seeing the application in real time. Then, I can mentor the importance of a good log event message. To have proper context, logging is more than exception logging, it is positive and negative logging. Once you show what can be done with a proper logging message, the entire application can become more robust. The ability to make an extractor out of a non-standard stream of strings, which allows for you to index on a plethora of fields, and you gain some insights that you may have missed. 

Graylog brings life to the application execution.

The collectors and using sidecar made my life easier from earlier versions. Unfortunately, I have been pulled away from the product, beyond setting up new inputs, defining the alerts. I am currently trying to leverage the API and Graylog Extended Log Format (GELF), and some of the underlying tech of Elasticsearch as well, for downstream consumers and our AI consumers.

For improvements or features to add, I would like to see a default dashboard widget that shows the topology of the clusters defined for the graylog install.
For instance, I have three Elasticsearch nodes and three MongoDB. I would like to see a visual representation of their status. 

Additionally, maybe it does exist (I have not looked), but I would like to see percent filled of the current index. 

I love the product. I have used it at three different employment points in my career. I first used Graylog seven years ago, and have provisioned and configured it into production three times over that period.

I have had two gaps in my use over the seven years, so using the current version has been super.

I do have a multinode deployment, with only one Graylog node. As we rely more on Graylog permanently and consume more of its collected data, I will transition to a Graylog HA installation, as and when we come to require it without outage. We are moving more to IoT, and those streams will be mandated to not have any gaps. They will be responders to events that can't have any outages. 

No scaling issues that I have seen with the three nodes of MongoDB and the three nodes of Elasticsearch. I will transition to have HA, load balancers, and buffering/queues as we move forward. I see things have changed in the latest version, or current -1 that I am using right now. I see durability is defined, I just need to reach out and implement it. 

I have not had to use technical support. 

I have always used Graylog2. Initially, I may have looked at Logstash and Loggly, but once it was off and running, I embraced the Graylog way of things. 

This was the first multi-node installation that I laid out. It seems to be running, and I did not find it overly complicated. I have Apache distributed big data experience, and have used Cloudera within that scope. Having Linux expertise, Apache, Tomcat, REST, and Java experiences may have reduce the complexity. 

I am not fully aware of their licensing model. I should take a look at the details, as I am using a community edition. I have not looked at the enterprise offering from Graylog.

I reviewed Logstash and Loggly. 

Start with the defaults. Do not be afraid to start over. Having a test or sandbox to work with to figure out how to create streams, extractors, and inputs is a good way to go. Recommend interacting with MongoDB and Elasticsearch from the command line, if you have the time; nothing deep. Knowing the underlying CLI's may help you if you need to understand how or why something may not line up correctly.

I would consider myself Graylog2's number one fan or at least a big advocate of the utility of this product. Step one in any application inception should begin with application messaging, and couple that with Graylog2, and you will cover many bases of insight and compliance right out of the gate. 

We are using only a few parts of its functionality. Its most valuable functions for us are:

• Log collection
• Quick string search in central storage
• Message forwarding through the in-built module
• Message filters. 

We need all these function to fulfill law requirements for cyber security.

We use this system as a central log collector with the possibility to search through the archive backward for specific string definitions.

The biggest problem is the collector application, as we wanted to avoid using Graylog Collector Sidecar due to its architecture. It requires connection outside our network during build from source, so we decided instead to use the obsolete Graylog Collector, which is working fine and in an easy way. It would be great, if that component would get back into the development process. But it is nothing that I could even complain about, as our company is not paying for support.

Solution was build on the 10th of January 2017, so for nearly a year.

The only issue we had was during the Java patch. Graylog's search DB was not able to start up after the upgrade to Java 9, so we returned back to v.8. With that only exception, we have any issues with application or its components.

We never attempted to scale the environment, as its sizing is defined in the planning phase and it fitted us later perfectly.

We never contacted technical support, so I cannot answer this.

There were no solution before Graylog. It was built as new project.

We did not had any experience with Graylog or its components before this project. We had luck in planning phase, the environment was sized properly to its purpose. 

As Graylog also needs other applications/DB's to run, implementation of each component was a separate challenge, as we are not using the default configuration.

I cannot answer this question. Having paid official support is wise for projects.

Yes, we were thinking about the Logstash family, but due to similar issues with the building codes as in the Graylog Collector Sidecar case, we decided for Graylog.

Do not give up. Look forward and good luck. The worst phase was the planning one, so I would offer this advice: Don't underestimate anything. 

Graylog is worth the given effort.

We use it for central log management and log aggregation. We use it for non-security events.

We're using the Community edition, but I know that it has really good dashboarding and alerts.

More customization is always useful.

It has been about three years. I'm currently not using the tool myself, but my team is using it.

It is stable.

It is scalable.

We're not using the Enterprise license. We're using the Community edition, and support is not offered with it.

It was easy to set up. 

We did it ourselves.

We're using the Community edition.

This decision was already made before I got to the organization.

I would recommend this solution to others. It is for small and medium organizations.

I would rate it a seven out of 10.

I like the correlation and the alerting. If I have multiple monitoring systems and I alert Graylog, Graylog will collect them and analyze them, and issue one alert.

We are only approximately four months into production and have not explored all of the features this solution offers. So far, it has everything we wanted.

I would like to see some kind of visualization included in Graylog. The report is plain, they could be improved.

I have been using Graylog for approximately five months.

We are using the latest version.

Graylog community is very good.

We are also using Zenoss.

The initial setup is straightforward.

It's an open-source solution that can be used free of charge.

I would definitely recommend Graylog to others who are interested in using it.

At this point with the features that I have used, I would rate Graylog a ten out of ten.