Graylog Valuable Features
reviewer2704128
Head of Cyber Security & CTO at a tech services company with 51-200 employees
The features and capabilities of Graylog that we have found most valuable are related to its basis on open search, which was ElasticSearch. We appreciate being able to integrate custom feeds and do custom parsers, and to be able to do some of the correlation on it. That all works effectively.
The Graylog features that have proven to be most beneficial for our data analysis in particular are that we tend to use it as a big data store, so we have the correlation rules that, if something matches under certain conditions, it raises an alarm. We use it for investigating problems and problem management. We throw all the information at it, we have it alerting for certain conditions, but generally we use it for deep diving into issues as needed.
AK
Atassi Kalo
Security Analyst at Netsharqs cybersecurity GmbH
I would say log enrichment via these data adapters and lookup tables is valuable, especially the caching ability since Graylog doesn't always have to make API calls for every single instance if it is enriching the same value. That is very handy and makes it scalable.
View full review »
Ivan Kokalovic
DevOps Engineer at Proton Technologies
Graylog is valuable because it bridges technical knowledge to non-technical teams, presenting complex backend processes in a simple timeline. It boosts the knowledge of sales and customer support teams by allowing them to see the backend operations without needing to read the code. Its API is flexible for visualization, and its powerful search engine efficiently handles large volumes of log data. Moreover, its stability, fast search capabilities, and compatibility with languages like ANSI SQL enhance its utility in IT infrastructure.
View full review »
Buyer's Guide
Graylog
June 2025
Learn what your peers think about Graylog. Get advice and tips from experienced pros sharing their opinions. Updated: June 2025.
859,687 professionals have used our research since 2012.
Andrey Mostovykh
Senior Data Architect at a non-tech company with 201-500 employees
What I like about Graylog is that it's real-time and you have access to the raw data. So, you ingest it, and you have access to every message and every data item you ingest. You can then build analytics on top of that. You can look at the raw data, and you can do some volumetric estimations, such as how big traffic you have, how many messages of data of a type you have, etc.
Peter Malaty
Sr. DevOps Engineer at TechStyle Fashion Group
Everything stands out as valuable, including the fact that I can quantify and qualify the logs, create pipelines and process the logs in any way I like, and create charts or data maps. One time, I created a geo map based on IP addresses accessing a website. The web server generates logs based on who's accessing the application, and we were able to extract the IPs from the logs and even create a chart on Graylog to map out exactly what countries the requests were coming from. Graylog is amazing. It's a beast.
View full review »
Lokesh Puthalapattu
Senior Marketing Specialist II at Harman International
The best feature of Graylog is the Elasticsearch integration. We can integrate and we can run filters, such as an event of interest, and those logs we can send to any SIEM tool or as an analytic. Additionally, there are clear and well-documented implementation instructions on their website to follow if needed.
View full review »
Jonas Leeb
Software Engineer & Co-Founder at Plexify GmbH
One of the most valuable features is that you are able to do a very detailed search through the log messages in the overview. You are also able to attach a lot of details into your log messages.
When it came to integrating the solution with Java, it was quite easy. My colleagues used Graylog for some dashboards to show how many bugs there were per day or the overall performance of the applications. For the developers it's not super important, but it was quite a good way for the project manager to see that everything was all right.
View full review »
Shivam-Tiwari
DevOps Engineer Intern at MyKaarma
The solution's most valuable feature is its new interface. It enhances our cluster's performance as well.
View full review »CN
CharlesNetshivhera
Senior DevOps Engineer at a financial services firm with 10,001+ employees
Graylog's search functionality, alerting functionality, user management, and dashboards are useful. They also provide an easy way to create dashboards, and the interface is also quite easy to use.
View full review »it_user1270395
Entrepreneur at a tech services company with 51-200 employees
I like the simplicity of the solution, the fact that it's open source and user friendly.
it_user995112
Head of Infrastructure at a financial services firm with 201-500 employees
What I like most about this solution, is that it caches the log. I also like it's filtration because we have various layers of data that needs to be captured - from flat filing to Windows servers, Linux-based servers and the like. I like the diversity and the number of environments it can cover, including the switches.
View full review »JD
John Paul Dienst
Technology Consultant at a computer software company with 5,001-10,000 employees
Real-time UDP/GELF logging and full text-based searching. Since UDP is a stateless, connectionless protocol, it simplifies error handling for the log sender/producer in the event that Graylog is not available. UDP is also a fast and lightweight protocol, perfect for sending large volumes of logs with minimal overhead. Storing logs in Elasticsearch means log retrieval is extremely fast, and full text search is available by default. Additionally, Graylog has support via plugins for Slack-based alerts. These have been wonderful for notifying us when exceptional log messages are encountered.
View full review »JC
JasonCrow
Senior Architect at a tech vendor with 51-200 employees
- Searching errors
- Alerting through Slack and OpsGenie using their plugins.
We run a containerized microservices environment. Being able to set up streams and search for errors and anomalies across hundreds of containers is why a log aggregation platform like Graylog is valuable to us.
Allowing us to set up alerts and integrate with platforms we already use, such as Slack and OpsGenie to alert users of these errors proactively, is also a very useful feature.
View full review »ITSecuri4852
IT Security Consultant at a tech services company with 10,001+ employees
The most valuable part is an open source. The build is stable and requires little maintenance, even compared to some extremely expensive products.
View full review »it_user805368
Software Engineer, DevOps at a tech services company with 51-200 employees
The Stream Alert feature is a highlight of this. As for similar products, there are separate integrations, but Graylog ships this with the build.
View full review »it_user776928
Java Software Developer at a financial services firm with 5,001-10,000 employees
- Logging aggregation and querying. We have multiple applications, therefore it is no longer feasible to check logs from our file system per each application.
- When adopting microservices architecture, centralized logging is a must have.
it_user776922
Release Engineering Manager
The ability to write custom alerts is key to information security and compliance. Also, I love the improvements I can make on dashboard widgets.
View full review »it_user774168
Systémový inenýr DS senior
We are using only a few parts of its functionality. Its most valuable functions for us are:
- Log collection
- Quick string search in central storage
- Message forwarding through the in-built module
- Message filters.
We need all these function to fulfill law requirements for cyber security.
View full review »reviewer1751748
Systems Architect at a tech services company with 51-200 employees
We're using the Community edition, but I know that it has really good dashboarding and alerts.
View full review »reviewer1530855
Network Engineer at a media company with 10,001+ employees
I like the correlation and the alerting. If I have multiple monitoring systems and I alert Graylog, Graylog will collect them and analyze them, and issue one alert.
We are only approximately four months into production and have not explored all of the features this solution offers. So far, it has everything we wanted.
View full review »Buyer's Guide
Graylog
June 2025
Learn what your peers think about Graylog. Get advice and tips from experienced pros sharing their opinions. Updated: June 2025.
859,687 professionals have used our research since 2012.
Buyer's Guide
Download our free Graylog Report and get advice and tips from experienced pros
sharing their opinions.
Updated: June 2025
Product Categories
Log ManagementPopular Comparisons
Wazuh
Dynatrace
Datadog
Splunk Enterprise Security
IBM Security QRadar
Elastic Security
Grafana Loki
Security Onion
LogRhythm SIEM
Elastic Stack
syslog-ng
Amazon CloudWatch
Fortinet FortiAnalyzer
Cribl
Amazon OpenSearch Service
Buyer's Guide
Download our free Graylog Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More:
- Primary Use Case
- Benefits
- Valuable Features
- Room for Improvement
- Customer Service and Support
- Initial Setup
- ROI
- Pricing
- Other Advice
- When evaluating Log Management tools and software, what aspect do you think is the most important to look for?
- Datadog vs ELK: which one is good in terms of performance, cost and efficiency?
- Which Windows event log monitoring tool do you recommend?
- What is the difference between log management and SIEM?
- Splunk vs. Elastic Stack
- How can Cloudtrail logs be used effectively to improve log monitoring?
- Why hot data and cold data differences in SIEM solutions are not discussed sufficiently?
- When evaluating Log Management solutions, what aspect do you think is the most important to look for?
- When evaluating Log Management solutions, what aspects do you think are the most important to look for?
- Why are Log Management tools important for companies?
