We are using the solution to store all the logs from different sources. Also, we use it to monitor the logs for system errors.
DevOps Engineer Intern at MyKaarma
Has a good interface but it is tedious to add new nodes
Pros and Cons
- "The solution's most valuable feature is its new interface."
- "Its scalability gets complicated when we have to update or edit multiple nodes."
What is our primary use case?
What is most valuable?
The solution's most valuable feature is its new interface. It enhances our cluster's performance as well.
What needs improvement?
They depleted the legacy alarm callback feature from the current version. They should make it available in the newest version as well. Also, they should include SSO integration in Graylog 5.0's community version, similar to its enterprise version. It would also be beneficial if they added a feature that scales the solution automatically when the load increases.
For how long have I used the solution?
We have been using the solution for five to six years.
Buyer's Guide
Graylog
November 2024
Learn what your peers think about Graylog. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
816,562 professionals have used our research since 2012.
What do I think about the stability of the solution?
The solution's current version that I am using is stable.
What do I think about the scalability of the solution?
We have 50-60 users of the solution. Its scalability gets complicated when we have to update or edit multiple nodes. It is a very tedious task to add new nodes to the cluster. I rate its scalability a six.
How are customer service and support?
We use Graylog's community support forum. It helps us solve our queries.
How was the initial setup?
The solution's initial setup is easy. The deployment process for the new version takes 10-15 days.
What about the implementation team?
Our in-house technical staff has seven years of experience working with Graylog. With their guidance, we configure and maintain the solution.
What other advice do I have?
The solution's community version works well for a lesser workload. It will help if you opt for the solution's enterprise version if you plan to increase the load.
I recommend the solution to others and rate it as a seven.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Release Engineering Manager
Provides the ability to write custom alerts, which are key to information security and compliance
Pros and Cons
- "The ability to write custom alerts is key to information security and compliance."
- "I would like to see a default dashboard widget that shows the topology of the clusters defined for the graylog install."
What is our primary use case?
The core of the product is to aggregate log collection.
What is most valuable?
The ability to write custom alerts is key to information security and compliance. Also, I love the improvements I can make on dashboard widgets.
How has it helped my organization?
Application event messaging, or logging, until I show an organization the result of seeing the application in real time. Then, I can mentor the importance of a good log event message. To have proper context, logging is more than exception logging, it is positive and negative logging. Once you show what can be done with a proper logging message, the entire application can become more robust. The ability to make an extractor out of a non-standard stream of strings, which allows for you to index on a plethora of fields, and you gain some insights that you may have missed.
Graylog brings life to the application execution.
What needs improvement?
The collectors and using sidecar made my life easier from earlier versions. Unfortunately, I have been pulled away from the product, beyond setting up new inputs, defining the alerts. I am currently trying to leverage the API and Graylog Extended Log Format (GELF), and some of the underlying tech of Elasticsearch as well, for downstream consumers and our AI consumers.
For improvements or features to add, I would like to see a default dashboard widget that shows the topology of the clusters defined for the graylog install.
For instance, I have three Elasticsearch nodes and three MongoDB. I would like to see a visual representation of their status.
Additionally, maybe it does exist (I have not looked), but I would like to see percent filled of the current index.
For how long have I used the solution?
I love the product. I have used it at three different employment points in my career. I first used Graylog seven years ago, and have provisioned and configured it into production three times over that period.
I have had two gaps in my use over the seven years, so using the current version has been super.
What do I think about the stability of the solution?
I do have a multinode deployment, with only one Graylog node. As we rely more on Graylog permanently and consume more of its collected data, I will transition to a Graylog HA installation, as and when we come to require it without outage. We are moving more to IoT, and those streams will be mandated to not have any gaps. They will be responders to events that can't have any outages.
What do I think about the scalability of the solution?
No scaling issues that I have seen with the three nodes of MongoDB and the three nodes of Elasticsearch. I will transition to have HA, load balancers, and buffering/queues as we move forward. I see things have changed in the latest version, or current -1 that I am using right now. I see durability is defined, I just need to reach out and implement it.
How are customer service and technical support?
I have not had to use technical support.
Which solution did I use previously and why did I switch?
I have always used Graylog2. Initially, I may have looked at Logstash and Loggly, but once it was off and running, I embraced the Graylog way of things.
How was the initial setup?
This was the first multi-node installation that I laid out. It seems to be running, and I did not find it overly complicated. I have Apache distributed big data experience, and have used Cloudera within that scope. Having Linux expertise, Apache, Tomcat, REST, and Java experiences may have reduce the complexity.
What's my experience with pricing, setup cost, and licensing?
I am not fully aware of their licensing model. I should take a look at the details, as I am using a community edition. I have not looked at the enterprise offering from Graylog.
Which other solutions did I evaluate?
I reviewed Logstash and Loggly.
What other advice do I have?
Start with the defaults. Do not be afraid to start over. Having a test or sandbox to work with to figure out how to create streams, extractors, and inputs is a good way to go. Recommend interacting with MongoDB and Elasticsearch from the command line, if you have the time; nothing deep. Knowing the underlying CLI's may help you if you need to understand how or why something may not line up correctly.
I would consider myself Graylog2's number one fan or at least a big advocate of the utility of this product. Step one in any application inception should begin with application messaging, and couple that with Graylog2, and you will cover many bases of insight and compliance right out of the gate.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Graylog
November 2024
Learn what your peers think about Graylog. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
816,562 professionals have used our research since 2012.
Captures our financial logs and preserves them and it covers many environments
Pros and Cons
- "I am very proud of how very stable the solution is."
- "I would like to see a date and time in the Graylog Grok patterns so that I can save time when searching for a log. I like how the streams and the search query work, but adding a date and time will allow me to pull out a log in a milli-second."
What is our primary use case?
Our primary use case of this solution is for logging. Because we have financial systems, we also use it for audit trailing.
I basically run the entire program in our company. Whenever there's an audit, I get the people on board and give them the information they require.
How has it helped my organization?
Graylog captures our financial logs and preserves them, mainly for any audit that may come up. The compliance is very good.
What is most valuable?
What I like most about this solution, is that it caches the log. I also like it's filtration because we have various layers of data that needs to be captured - from flat filing to Windows servers, Linux-based servers and the like. I like the diversity and the number of environments it can cover, including the switches.
What needs improvement?
I would like to see a date and time in the Graylog Grok patterns so that I can save time when searching for a log. I like how the streams and the search query work, but adding a date and time will allow me to pull out a log in a milli-second.
For how long have I used the solution?
I have been using Graylog for at least three years now on site in our data center.
What do I think about the stability of the solution?
I am very proud of how very stable the solution is. One time I had an entire node on my VxRail VMware collapse, so I basically restored the template, gave it the same IP address and everything was working again.
What do I think about the scalability of the solution?
We've grown from 500 to 2,000 independent devices on this solution, and it captures them all. We even plan to increase our usage. So, yes, the program is scalable.
How are customer service and technical support?
There hasn't been a need for me to call support, because I only went through the forums and hundreds of pages of manuals to get to understand it.
How was the initial setup?
The initial setup was really complex because I did it myself. I had no support and I didn't understand the whole ecosystem. The first deployment took about a month because I had to figure out exactly what I'm capturing, and how to query it afterwards. I also had to manage the clientele, client installations, and the like. After a month or so I had an overall view of everything.
What about the implementation team?
I am responsible for the deployment and maintenance of Graylog. I've even done smaller setups and deployments for other people.
What's my experience with pricing, setup cost, and licensing?
I use the free version of Graylog.
What other advice do I have?
In the next version I would perhaps like to see less overlapping in in the interface. Some users feel that it is still very rigid and boxy. Pretty old school. So a more user-friendly interface with less overlapping in the structures would be great. I rate this solution 9.5 out of 10.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Systémový inenýr DS senior
We use this system as a central log collector with the possibility to search through the archive backward for specific string definitions
Pros and Cons
- "Message forwarding through the in-built module."
- "The biggest problem is the collector application, as we wanted to avoid using Graylog Collector Sidecar due to its architecture."
What is most valuable?
We are using only a few parts of its functionality. Its most valuable functions for us are:
- Log collection
- Quick string search in central storage
- Message forwarding through the in-built module
- Message filters.
We need all these function to fulfill law requirements for cyber security.
How has it helped my organization?
We use this system as a central log collector with the possibility to search through the archive backward for specific string definitions.
What needs improvement?
The biggest problem is the collector application, as we wanted to avoid using Graylog Collector Sidecar due to its architecture. It requires connection outside our network during build from source, so we decided instead to use the obsolete Graylog Collector, which is working fine and in an easy way. It would be great, if that component would get back into the development process. But it is nothing that I could even complain about, as our company is not paying for support.
For how long have I used the solution?
Solution was build on the 10th of January 2017, so for nearly a year.
What do I think about the stability of the solution?
The only issue we had was during the Java patch. Graylog's search DB was not able to start up after the upgrade to Java 9, so we returned back to v.8. With that only exception, we have any issues with application or its components.
What do I think about the scalability of the solution?
We never attempted to scale the environment, as its sizing is defined in the planning phase and it fitted us later perfectly.
How are customer service and technical support?
We never contacted technical support, so I cannot answer this.
Which solution did I use previously and why did I switch?
There were no solution before Graylog. It was built as new project.
How was the initial setup?
We did not had any experience with Graylog or its components before this project. We had luck in planning phase, the environment was sized properly to its purpose.
As Graylog also needs other applications/DB's to run, implementation of each component was a separate challenge, as we are not using the default configuration.
What's my experience with pricing, setup cost, and licensing?
I cannot answer this question. Having paid official support is wise for projects.
Which other solutions did I evaluate?
Yes, we were thinking about the Logstash family, but due to similar issues with the building codes as in the Graylog Collector Sidecar case, we decided for Graylog.
What other advice do I have?
Do not give up. Look forward and good luck. The worst phase was the planning one, so I would offer this advice: Don't underestimate anything.
Graylog is worth the given effort.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
IT Security Consultant at a tech services company with 10,001+ employees
Scales smoothly, but needs improvement in dashboards and parsing
Pros and Cons
- "It is used as a log manager/SIEM. It provides visibility into the infrastructure and security related events."
- "The build is stable and requires little maintenance, even compared to some extremely expensive products."
- "We have scaled from a single machine installation (a VM with a Graylog + ES + MongoDB) to (2 Graylog + 2 ES + 3 MongoDB). This was done smoothly with a minimal impact on logging."
- "Dashboards, stream alerts and parsing could be improved."
- "Over six months, I had two similar issues where searches were performed on field "messages". It exhausted all the memory of the ES node causing an ES crash and a Graylog halt."
How has it helped my organization?
It is used as a log manager/SIEM. It provides visibility into the infrastructure and security related events.
What is most valuable?
The most valuable part is an open source. The build is stable and requires little maintenance, even compared to some extremely expensive products.
What needs improvement?
There are places which could be improved:
- Stream alerts
- Dashboards
- Parsing.
Some places were already improved in 2.4 with the threat intelligence add-on.
For how long have I used the solution?
Less than one year.
What do I think about the stability of the solution?
Over six months, I had two similar issues where searches were performed on field "messages". It exhausted all the memory of the ES node causing an ES crash and a Graylog halt.
What do I think about the scalability of the solution?
We have scaled from a single machine installation (a VM with a Graylog + ES + MongoDB) to (2 Graylog + 2 ES + 3 MongoDB). This was done smoothly with a minimal impact on logging.
How are customer service and technical support?
I have only used the community support (forum), but Graylog developers are quick to respond and assist with issues.
Which solution did I use previously and why did I switch?
Splunk: The price was the factor for the switch.
How was the initial setup?
The initial setup is straightforward.
What about the implementation team?
Step-by-step installation walk-through is provided by the Graylog team.
What's my experience with pricing, setup cost, and licensing?
If you want something that works and do not have the money for Splunk or QRadar, take Graylog.
Which other solutions did I evaluate?
ELK was another option. However, Graylog appeared to be more robust and had less limitations at the time.
What other advice do I have?
Just go ahead with the product.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
FROM GRAYLOG: Thanks for the review of Graylog, We have recently released version 3.0 which fixes many of your improvement areas. We have release Views, which is a more interactive dashboard with parameters so you can create a workflow for your data, while visually seeing in the format you would like. Also, we are always expanding our Marketplace to have new content with parsing rules and pre-built content. Give 3.0 a try!
Java Software Developer at a financial services firm with 5,001-10,000 employees
It has sped up the investigation of incidents
What is our primary use case?
The product does all the things it must do very well. It can be used for investigating logs as well as a dashboard to see the current amount of errors in the environment.
What is most valuable?
- Logging aggregation and querying. We have multiple applications, therefore it is no longer feasible to check logs from our file system per each application.
- When adopting microservices architecture, centralized logging is a must have.
How has it helped my organization?
It has sped up the investigation of incidents.
What needs improvement?
The alerting system could be more flexible. It does not allow for definition of different thresholds and alert types of the same streams. It allows different alert types and thresholds for the same stream.
E.g., if we have a single stream of errors, I would like to send each error to the ticketing system: A mail if there are less than 1 errors per second and an SMS if greater than 10 errors received per second.
For how long have I used the solution?
One year.
What do I think about the stability of the solution?
No issues.
What do I think about the scalability of the solution?
No issues.
How are customer service and technical support?
Not applicable.
Which solution did I use previously and why did I switch?
No.
How was the initial setup?
It was straightforward.
Which other solutions did I evaluate?
Yes, Elastic Stack.
What other advice do I have?
Send all logs to Graylog instead of just your errors. This will make it easier to investigate problems.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Software Engineer, DevOps at a tech services company with 51-200 employees
The Stream Alert feature is a highlight of the product, and it is shipped with the build
Pros and Cons
- "This had increased productivity for the dev and support teams, because we are directly notifying them."
- "There should be some user groups and an auto sign-in feature."
How has it helped my organization?
This had increased productivity for the dev and support teams, because we are directly notifying them. Now, they have to come to dev for every issue.
What is most valuable?
The Stream Alert feature is a highlight of this. As for similar products, there are separate integrations, but Graylog ships this with the build.
What needs improvement?
There should be some user groups and an auto sign-in feature.
For how long have I used the solution?
One to three years.
What do I think about the stability of the solution?
No issues.
What do I think about the scalability of the solution?
Not yet.
How are customer service and technical support?
We are not using any technical support.
Which solution did I use previously and why did I switch?
No.
How was the initial setup?
It was pretty straightforward.
What's my experience with pricing, setup cost, and licensing?
None, as we are not using an enterprise solution.
Which other solutions did I evaluate?
We had evaluated ELK Stack, but found Graylog more useful for our use case.
What other advice do I have?
I will say that if you are using this, then explore all the features. You will find this like a swiss army knife.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Network Engineer at a media company with 10,001+ employees
Good correlation and alerting capabilities, helpful community support, and easy to install
Pros and Cons
- "I like the correlation and the alerting."
- "I would like to see some kind of visualization included in Graylog."
What is most valuable?
I like the correlation and the alerting. If I have multiple monitoring systems and I alert Graylog, Graylog will collect them and analyze them, and issue one alert.
We are only approximately four months into production and have not explored all of the features this solution offers. So far, it has everything we wanted.
What needs improvement?
I would like to see some kind of visualization included in Graylog. The report is plain, they could be improved.
For how long have I used the solution?
I have been using Graylog for approximately five months.
We are using the latest version.
How are customer service and technical support?
Graylog community is very good.
Which solution did I use previously and why did I switch?
We are also using Zenoss.
How was the initial setup?
The initial setup is straightforward.
What's my experience with pricing, setup cost, and licensing?
It's an open-source solution that can be used free of charge.
What other advice do I have?
I would definitely recommend Graylog to others who are interested in using it.
At this point with the features that I have used, I would rate Graylog a ten out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Graylog Report and get advice and tips from experienced pros
sharing their opinions.
Updated: November 2024
Product Categories
Log ManagementPopular Comparisons
Wazuh
Splunk Enterprise Security
Dynatrace
Datadog
IBM Security QRadar
Elastic Security
LogRhythm SIEM
Grafana Loki
Security Onion
Devo
Fortinet FortiAnalyzer
syslog-ng
Amazon CloudWatch
Google Cloud's operations suite (formerly Stackdriver)
USM Anywhere
Buyer's Guide
Download our free Graylog Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- When evaluating Log Management tools and software, what aspect do you think is the most important to look for?
- Datadog vs ELK: which one is good in terms of performance, cost and efficiency?
- Which Windows event log monitoring tool do you recommend?
- What is the difference between log management and SIEM?
- Splunk vs. Elastic Stack
- How can Cloudtrail logs be used effectively to improve log monitoring?
- Why hot data and cold data differences in SIEM solutions are not discussed sufficiently?
- When evaluating Log Management solutions, what aspect do you think is the most important to look for?
- When evaluating Log Management solutions, what aspects do you think are the most important to look for?
- Why are Log Management tools important for companies?
FROM GRAYLOG: Thank you for your review of Graylog, I encourage everyone to try out Graylog 3.0+ as we have added in a new Sidecar implementation, which would simplify the issues you were having. Creating templates for enterprise deployment, and the ability to manage any collector make Graylog easier to use.