Graylog Reviews

Name: Graylog
Brand: Graylog
Rating: 4.0 (18 reviews)

Vendor: Graylog

4.0 out of 5

18 reviews
94% willing to recommend

503 followers

Post review

What is Graylog?

Graylog is purpose-built to deliver the best log collection, storage, enrichment, and analysis. Graylog is:

Get the Graylog Buyer's Guide and find out what your peers are saying about Graylog, Wazuh, Splunk Enterprise Security and more!

Graylog is the #18 ranked solution in Log Management Software. PeerSpot users give Graylog an average rating of 8.0 out of 10. Based on the analysis of the 18 most recent Graylog reviews, the overall sentiment is positive, with a sentiment score of 7.0. Graylog is most commonly compared to Wazuh: Graylog vs Wazuh. Graylog is popular among the large enterprise segment, accounting for 50% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 17% of all views.

Helped 824,053 peers since 2012

Featured reviews

Nicolae CIornii

Security Officer at BC Energbank S.A.

We have tested IBM QRadar and now use it. First of all, the key factor is the pricing. I saw that IBM QRadar has an interactive dashboard, providing valuable insights to people. Additionally, I've seen that IBM QRadar has an agent that simplifies installations across various platforms without requiring intricate configurations. Also, IBM QRadar has automatic reporting.

Read full review

Andrey Mostovykh

Senior Data Architect at a comms service provider with 51-200 employees

We stopped using it for analytics because of its price, and at the moment, we are using it mostly for log centralization. If you use it with high traffic for analytical purposes, as well as for the logs, the infrastructure costs are unbelievable. Graylog is a great product backed by Elasticsearch as the storage and query engine. It is just an interface on top of Elasticsearch and some Elasticsearch management. The indexes that are kept in Elasticsearch are managed by Graylog software. Elasticsearch is a decent product, but it's very infrastructure-heavy. It requires lots of resources, and if you make a mistake with provisioning, you are likely to not get a cluster back. We had a couple of outages like that, and we hated that. So, we ended up over-provisioning resources just to avoid such situations from happening. If you have a whole team trying to fix the Graylog instance for two days, that's a bit too much. That may be my Norwegian take on it, but the engineering resources are expensive. It's better to just provision the infrastructure. Overall, the product is great, and the features are just fine, but the infrastructure cost is what is killing it. The infrastructure cost is the main issue. I like the rest. If the infrastructure costs could be lower, it would be fantastic. I'm not sure if they can improve the infrastructure cost with the way Elasticsearch is. If they keep using Elasticsearch, maybe there are some opportunities there, or they can support other backends with cheaper storage. They could have a different backend to replace Elasticsearch or do some tweaks to Elasticsearch to reduce the costs. There could be partial parsing of logs or parsing on demand so that when you write data through Graylog to Elasticsearch, it doesn't need to crunch in every detail requiring that much CPU.

Read full review

Peter Malaty

Sr. DevOps Engineer at TechStyle Fashion Group

Graylog needs to improve their authentication. Their AD integration is really bad. When it comes to ACL's, access control lists, where you want to have different group memberships and control who gets access to what, it really could use major improvements. It seems like a beta authentication version that they came up with in a hurry and said, "Hey guys, we've got something going for you. Use it until we think of something later on." I believe their enterprise version has improved some of these features, but I use the open source version. The second thing would be the way they handle live logging. The fact that Graylog displays logs from the top down is just ridiculous. I've never seen anything that logs this way except for Graylog. I believe this is an issue because they have the selector going in that direction, so it would make sense that they have to implement it that way, but it's definitely not cool. When you're looking at Graylog's live logging, whether it's doing a one-second or five-second pull, you'll notice that new log lines are placed at the top of the screen, not the bottom of the screen. I find this ridiculous because normally when you're looking at logs anywhere, on Linux, even in Windows, you're going to see that the logs are generated at the bottom. That's one thing that Graylog definitely needs to improve. Graylog also needs to invest some time to improve the performance and how they handle the maintenance of Elasticsearch. An added feature I would like to see is the capacity to delegate most of the backend maintenance to the frontend UI. When you have somebody from the service desk working on the solution or somebody who's not a technical person, they could run some of the maintenance stuff directly from the UI. Another thing is something that I saw in LogDNA, where you could have a color based on log regex. For example, it would color the timestamps next to the log lines orange, make the source of the log purple, and then make the actual log content black. That would be very nice to see in Graylog.

Read full review

Graylog mindshare

As of December 2024, the mindshare of Graylog in the Log Management category stands at 6.5%, up from 5.6% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Log Management

PeerAnalyst reports

Type	Title	Date
Category	Log Management	Dec 21, 2024	Download
Product	Reviews, tips, and advice from real users	Dec 21, 2024	Download
Comparison	Graylog vs Splunk Enterprise Security	Dec 21, 2024	Download
Comparison	Graylog vs Wazuh	Dec 21, 2024	Download
Comparison	Graylog vs Datadog	Dec 21, 2024	Download

Title	Rating	Mindshare	Recommending
Wazuh	3.7	17.0%	79%	45 interviews Add to research
Splunk Enterprise Security	4.2	9.0%	93%	301 interviews Add to research

Valuable Features

Graylog's valuable features include a new interface that enhances cluster performance, real-time access to raw data for analytics, the ability to create pipelines and process logs in various ways, Elasticsearch integration for filters and analytics, detailed search capabilities, and easy integration with Java for dashboarding and performance monitoring. The Community edition also offers good dashboarding and alert capabilities.

"The product is scalable. The solution is stable."
"The solution's most valuable feature is its new interface."
"What I like about Graylog is that it's real-time and you have access to the raw data. So, you ingest it, and you have access to every message and every data item you ingest. You can then build analytics on top of that. You can look at the raw data, and you can do some volumetric estimations, such as how big traffic you have, how many messages of data of a type you have, etc."

Room for Improvement

Improvements include bringing back the legacy alarm callback feature and including SSO integration. Also, the infrastructure costs associated with using Graylog for analytics are significant and Graylog should consider supporting other backends with cheaper storage or partial parsing of logs. Graylog also needs to improve its authentication and access control features, as well as the way it handles live logging. In addition, creating rules in Graylog could be made easier and more customization options would be appreciated.

"I hope to see improvements in Graylog for more interactivity, user-friendliness, and creating alerts.The initial setup is complex."
"Its scalability gets complicated when we have to update or edit multiple nodes."
"The infrastructure cost is the main issue. I like the rest. If the infrastructure costs could be lower, it would be fantastic."

ROI

Graylog has proven to be a valuable investment for companies. Users have reported positive outcomes and benefits from implementing Graylog in their systems. The return on investment (ROI) has been described as significant, with users experiencing improved efficiency and effectiveness in their log management and analysis.

Graylog's advanced features and capabilities have allowed users to gain valuable insights and take proactive measures in resolving issues and enhancing security.

Pricing

Graylog offers both a free open-source version and a paid enterprise version. The open-source version is recommended for small companies or those with low traffic. It has a capacity limit of 2 GB daily, but can run on modest hardware. The enterprise version has improved authentication.

"We are using the free version of the product. However, the paid version is expensive."
"It's open source and free. They have a paid version, but we never looked into that because we never needed the features of the paid version."
"There is an open source version and an enterprise version. I wouldn't recommend the enterprise version, but as an open source solution, it is solid and works really well."

Popular Use Cases

Graylog is primarily used for central log management and log aggregation from various sources, including Kubernetes and other containers, user-related logs, and non-security events. It is also used for monitoring logs for system errors, bug tracking, and analytics, with features such as graphs, dashboards, and pipelines for transforming raw logs into metrics and health checks.

Service and Support

Graylog's customer service and support are rated positively Some users rely on the community support forum to solve their queries, while others have not encountered any issues with the platform and have been able to find solutions on their own through resources like Stack Overflow. Technical support is generally rated around four out of five, with some users noting that response times can vary depending on location. It's important to note that support is not offered with the Community edition of Graylog.

Deployment

The initial setup for Graylog is generally easy and straightforward, especially for small environments with standalone instances. However, setting up a highly scalable cluster can be complex. Some users struggled with the setup but found it manageable with support.

Scalability

The scalability of Graylog depends on Elasticsearch, which is complex but scalable. Adding new nodes to the cluster can be tedious, but it can handle large amounts of traffic and users. The cost can be an issue, but it has worked well for companies with 40-300 users.

Stability

The stability of the solution of Graylog is generally good, with some users reporting occasional hiccups or issues when using certain microservices. If the solution is not overloaded and used within its capacity, it runs smoothly and is considered stable.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Graylog Buyer's Guide for additional reliable information.