Graylog Reviews

Name: Graylog
Brand: Graylog
Rating: 4.0 (19 reviews)

Vendor: Graylog

4.0 out of 5

19 reviews
94% willing to recommend

508 followers

Start review

What is Graylog?

Graylog is purpose-built to deliver the best log collection, storage, enrichment, and analysis. Graylog is:

Get the Graylog Buyer's Guide and find out what your peers are saying about Graylog, Wazuh, Dynatrace and more!

Graylog is the #16 ranked solution in Log Management Software. PeerSpot users give Graylog an average rating of 8.0 out of 10. Graylog is most commonly compared to Wazuh: Graylog vs Wazuh. Graylog is popular among the large enterprise segment, accounting for 50% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 17% of all views.

Helped 842,194 peers since 2012

Featured Graylog reviews

Andrey Mostovykh

Senior Data Architect at a non-tech company with 201-500 employees

We stopped using it for analytics because of its price, and at the moment, we are using it mostly for log centralization. If you use it with high traffic for analytical purposes, as well as for the logs, the infrastructure costs are unbelievable. Graylog is a great product backed by Elasticsearch as the storage and query engine. It is just an interface on top of Elasticsearch and some Elasticsearch management. The indexes that are kept in Elasticsearch are managed by Graylog software. Elasticsearch is a decent product, but it's very infrastructure-heavy. It requires lots of resources, and if you make a mistake with provisioning, you are likely to not get a cluster back. We had a couple of outages like that, and we hated that. So, we ended up over-provisioning resources just to avoid such situations from happening. If you have a whole team trying to fix the Graylog instance for two days, that's a bit too much. That may be my Norwegian take on it, but the engineering resources are expensive. It's better to just provision the infrastructure. Overall, the product is great, and the features are just fine, but the infrastructure cost is what is killing it. The infrastructure cost is the main issue. I like the rest. If the infrastructure costs could be lower, it would be fantastic. I'm not sure if they can improve the infrastructure cost with the way Elasticsearch is. If they keep using Elasticsearch, maybe there are some opportunities there, or they can support other backends with cheaper storage. They could have a different backend to replace Elasticsearch or do some tweaks to Elasticsearch to reduce the costs. There could be partial parsing of logs or parsing on demand so that when you write data through Graylog to Elasticsearch, it doesn't need to crunch in every detail requiring that much CPU.

Read full review

Peter Malaty

Sr. DevOps Engineer at TechStyle Fashion Group

Graylog needs to improve their authentication. Their AD integration is really bad. When it comes to ACL's, access control lists, where you want to have different group memberships and control who gets access to what, it really could use major improvements. It seems like a beta authentication version that they came up with in a hurry and said, "Hey guys, we've got something going for you. Use it until we think of something later on." I believe their enterprise version has improved some of these features, but I use the open source version. The second thing would be the way they handle live logging. The fact that Graylog displays logs from the top down is just ridiculous. I've never seen anything that logs this way except for Graylog. I believe this is an issue because they have the selector going in that direction, so it would make sense that they have to implement it that way, but it's definitely not cool. When you're looking at Graylog's live logging, whether it's doing a one-second or five-second pull, you'll notice that new log lines are placed at the top of the screen, not the bottom of the screen. I find this ridiculous because normally when you're looking at logs anywhere, on Linux, even in Windows, you're going to see that the logs are generated at the bottom. That's one thing that Graylog definitely needs to improve. Graylog also needs to invest some time to improve the performance and how they handle the maintenance of Elasticsearch. An added feature I would like to see is the capacity to delegate most of the backend maintenance to the frontend UI. When you have somebody from the service desk working on the solution or somebody who's not a technical person, they could run some of the maintenance stuff directly from the UI. Another thing is something that I saw in LogDNA, where you could have a color based on log regex. For example, it would color the timestamps next to the log lines orange, make the source of the log purple, and then make the actual log content black. That would be very nice to see in Graylog.

Read full review

Nicolae CIornii

Security Officer at BC Energbank S.A.

We have tested IBM QRadar and now use it. First of all, the key factor is the pricing. I saw that IBM QRadar has an interactive dashboard, providing valuable insights to people. Additionally, I've seen that IBM QRadar has an agent that simplifies installations across various platforms without requiring intricate configurations. Also, IBM QRadar has automatic reporting.

Read full review

Graylog mindshare

As of March 2025, the mindshare of Graylog in the Log Management category stands at 6.4%, up from 5.6% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Log Management

PeerAnalyst reports based on Graylog reviews

Type	Title	Date
Category	Log Management	Mar 24, 2025	Download
Product	Reviews, tips, and advice from real users	Mar 24, 2025	Download
Comparison	Graylog vs Wazuh	Mar 24, 2025	Download
Comparison	Graylog vs Splunk Enterprise Security	Mar 24, 2025	Download
Comparison	Graylog vs Datadog	Mar 24, 2025	Download

Title	Rating	Mindshare	Recommending
Wazuh	3.7	15.0%	79%	46 interviews Add to research
Dynatrace	4.4	5.3%	95%	345 interviews Add to research

Valuable Features

Graylog's valuable features include log collection, search capabilities, message forwarding, and custom alerts. Users appreciate its open-source nature, stability, and easy integration, especially in containerized environments. Its Elasticsearch integration, dashboard customization, and real-time data access add to its appeal. Alerting through Slack and OpsGenie, user management, data adapters, and lookup tables enhance functionality. Users find its error-handling, filtration, and ability to process logs into charts or data maps beneficial for managing multiple applications.

"Graylog is very handy."
"It has data adapters and lookup tables that utilize HTTP calls to APIs."
"The product is scalable. The solution is stable."

Room for Improvement

Graylog faces issues with collector application preferences, flexible alert systems, and cumbersome index rotation. Users want improved authentication, better Python support, and enhanced documentation. Many express a need for more complex visualizations, dynamic topology displays, and scalable infrastructure. Cost-effective solutions, refined parsing processes, and better Kubernetes support are also sought. The community desires support for outdated features and additional customization based on log visuals, alongside a more intuitive setup and maintenance interface.

"When it comes to configuring the processing pipeline, writing the rules can be very tedious, especially since the documentation isn't extensive on how the functions provided for these rules work."
"When it comes to configuring the processing pipeline, writing the rules can be very tedious, especially since the documentation isn't extensive on how the functions provided for these rules work."
"I hope to see improvements in Graylog for more interactivity, user-friendliness, and creating alerts.The initial setup is complex."

ROI

Graylog has proven to be a valuable investment for companies. Users have reported positive outcomes and benefits from implementing Graylog in their systems. The return on investment (ROI) has been described as significant, with users experiencing improved efficiency and effectiveness in their log management and analysis.

Graylog's advanced features and capabilities have allowed users to gain valuable insights and take proactive measures in resolving issues and enhancing security.

Pricing

Enterprise buyers evaluating Graylog find that the platform is primarily recognized for its free, open-source version, which suits small volumes and basic needs. However, for higher data capacities exceeding 2 GB daily, a paid license is required. Users report that while the paid version offers enhancements like improved authentication, it can become costly. Many choose the free community edition initially to maximize out-of-the-box benefits before considering enterprise features.

"We are using the free version of the product. However, the paid version is expensive."
"It's open source and free. They have a paid version, but we never looked into that because we never needed the features of the paid version."
"There is an open source version and an enterprise version. I wouldn't recommend the enterprise version, but as an open source solution, it is solid and works really well."

Popular Use Cases

Graylog users primarily employ it for log aggregation, central management, and monitoring, particularly in container environments. It serves for auditing financial systems, analyzing incidents, and troubleshooting by offering a real-time dashboard and analytics capabilities. It facilitates developer login, bug tracking, and system error monitoring. Users integrate logs with other security tools and enrich data using adapters for threat intelligence. Graylog is praised for its ability to manage and visualize logs effectively across different platforms.

Service and Support

Many avoid Graylog technical support due to reliance on community forums and documentation. While response times can be slow, community support is generally considered effective. Users rate support between two to four out of five. Enterprise support primarily targets those with licenses, leaving community edition users unsupported. Many resolve issues independently through online resources. Community interaction is positive, although not immediate without an enterprise account.

Deployment

Graylog's initial setup varied in complexity. Many found it straightforward, often completing it in a few days with existing Linux expertise. Others encountered challenges due to non-default configurations, multi-node setups, and the need for related applications like MongoDB and Elasticsearch. Docker and Kubernetes users highlighted additional complexities. Some needed support for smoother installations. Familiarity with Apache and other tech stacks eased the process for users, while SSL certificate configuration posed difficulties for some.

Scalability

Graylog's scalability is generally positive. Users report no significant issues, smoothly increasing from single to multiple nodes. It efficiently manages traffic growth. Challenges arise mainly in managing or updating nodes. While its scalability is largely influenced by Elasticsearch's capabilities, some find scaling complex due to resource demands. Despite occasional high costs, many plan to expand its usage due to its effectiveness in larger environments. Scalability experiences vary, with some emphasizing its capability to handle increased usage.

Stability

Many find Graylog stable, with minimal issues reported. Some encountered problems during the Java upgrade to version 9, prompting a rollback to version 8. Memory exhaustion of the Elasticsearch node has caused occasional crashes. Stability concerns arise if the system is overloaded or when specific microservices are used. Users express satisfaction with ease of restoration following node failures, yet some report frequent minor issues. Transitioning to a high-availability setup is advisable for uninterrupted use.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Graylog Buyer's Guide for additional reliable information.