Graylog Valuable Features
The features and capabilities of Graylog that we have found most valuable are related to its basis on open search, which was ElasticSearch. We appreciate being able to integrate custom feeds and do custom parsers, and to be able to do some of the correlation on it. That all works effectively.
The Graylog features that have proven to be most beneficial for our data analysis in particular are that we tend to use it as a big data store, so we have the correlation rules that, if something matches under certain conditions, it raises an alarm. We use it for investigating problems and problem management. We throw all the information at it, we have it alerting for certain conditions, but generally we use it for deep diving into issues as needed.
AK
Atassi Kalo
Security Analyst at Netsharqs cybersecurity GmbH
I would say log enrichment via these data adapters and lookup tables is valuable, especially the caching ability since Graylog doesn't always have to make API calls for every single instance if it is enriching the same value. That is very handy and makes it scalable.
View full review »
Graylog is valuable because it bridges technical knowledge to non-technical teams, presenting complex backend processes in a simple timeline. It boosts the knowledge of sales and customer support teams by allowing them to see the backend operations without needing to read the code. Its API is flexible for visualization, and its powerful search engine efficiently handles large volumes of log data. Moreover, its stability, fast search capabilities, and compatibility with languages like ANSI SQL enhance its utility in IT infrastructure.
View full review »
Buyer's Guide
Graylog
June 2025

Learn what your peers think about Graylog. Get advice and tips from experienced pros sharing their opinions. Updated: June 2025.
859,687 professionals have used our research since 2012.
What I like about Graylog is that it's real-time and you have access to the raw data. So, you ingest it, and you have access to every message and every data item you ingest. You can then build analytics on top of that. You can look at the raw data, and you can do some volumetric estimations, such as how big traffic you have, how many messages of data of a type you have, etc.
Everything stands out as valuable, including the fact that I can quantify and qualify the logs, create pipelines and process the logs in any way I like, and create charts or data maps. One time, I created a geo map based on IP addresses accessing a website. The web server generates logs based on who's accessing the application, and we were able to extract the IPs from the logs and even create a chart on Graylog to map out exactly what countries the requests were coming from. Graylog is amazing. It's a beast.
View full review »The best feature of Graylog is the Elasticsearch integration. We can integrate and we can run filters, such as an event of interest, and those logs we can send to any SIEM tool or as an analytic. Additionally, there are clear and well-documented implementation instructions on their website to follow if needed.
View full review »One of the most valuable features is that you are able to do a very detailed search through the log messages in the overview. You are also able to attach a lot of details into your log messages.
When it came to integrating the solution with Java, it was quite easy. My colleagues used Graylog for some dashboards to show how many bugs there were per day or the overall performance of the applications. For the developers it's not super important, but it was quite a good way for the project manager to see that everything was all right.
View full review »The solution's most valuable feature is its new interface. It enhances our cluster's performance as well.
View full review »CN
CharlesNetshivhera
Senior DevOps Engineer at a financial services firm with 10,001+ employees
Graylog's search functionality, alerting functionality, user management, and dashboards are useful. They also provide an easy way to create dashboards, and the interface is also quite easy to use.
View full review »I like the simplicity of the solution, the fact that it's open source and user friendly.
What I like most about this solution, is that it caches the log. I also like it's filtration because we have various layers of data that needs to be captured - from flat filing to Windows servers, Linux-based servers and the like. I like the diversity and the number of environments it can cover, including the switches.
View full review »JD
John Paul Dienst
Technology Consultant at a computer software company with 5,001-10,000 employees
Real-time UDP/GELF logging and full text-based searching. Since UDP is a stateless, connectionless protocol, it simplifies error handling for the log sender/producer in the event that Graylog is not available. UDP is also a fast and lightweight protocol, perfect for sending large volumes of logs with minimal overhead. Storing logs in Elasticsearch means log retrieval is extremely fast, and full text search is available by default. Additionally, Graylog has support via plugins for Slack-based alerts. These have been wonderful for notifying us when exceptional log messages are encountered.
View full review »JC
JasonCrow
Senior Architect at a tech vendor with 51-200 employees
- Searching errors
- Alerting through Slack and OpsGenie using their plugins.
We run a containerized microservices environment. Being able to set up streams and search for errors and anomalies across hundreds of containers is why a log aggregation platform like Graylog is valuable to us.
Allowing us to set up alerts and integrate with platforms we already use, such as Slack and OpsGenie to alert users of these errors proactively, is also a very useful feature.
View full review »The most valuable part is an open source. The build is stable and requires little maintenance, even compared to some extremely expensive products.
View full review »The Stream Alert feature is a highlight of this. As for similar products, there are separate integrations, but Graylog ships this with the build.
View full review »- Logging aggregation and querying. We have multiple applications, therefore it is no longer feasible to check logs from our file system per each application.
- When adopting microservices architecture, centralized logging is a must have.
The ability to write custom alerts is key to information security and compliance. Also, I love the improvements I can make on dashboard widgets.
View full review »We are using only a few parts of its functionality. Its most valuable functions for us are:
- Log collection
- Quick string search in central storage
- Message forwarding through the in-built module
- Message filters.
We need all these function to fulfill law requirements for cyber security.
View full review »We're using the Community edition, but I know that it has really good dashboarding and alerts.
View full review »I like the correlation and the alerting. If I have multiple monitoring systems and I alert Graylog, Graylog will collect them and analyze them, and issue one alert.
We are only approximately four months into production and have not explored all of the features this solution offers. So far, it has everything we wanted.
View full review »Buyer's Guide
Graylog
June 2025

Learn what your peers think about Graylog. Get advice and tips from experienced pros sharing their opinions. Updated: June 2025.
859,687 professionals have used our research since 2012.