An improvement I would suggest is in Graylog's user interface, such as allowing for font size adjustments. A potential enhancement could be the integration with Ollama to run large language models locally, maintaining high privacy standards.
When it comes to configuring the processing pipeline, writing the rules can be very tedious, especially since the documentation isn't extensive on how the functions provided for these rules work. Parsing depends heavily on regular expressions, which makes the process somewhat tedious.
Since it's a free tool, I don't have much to say. Troubleshooting is important to me. The initial setup is complex. I hope to see improvements in Graylog for more interactivity, user-friendliness, and creating alerts.
They depleted the legacy alarm callback feature from the current version. They should make it available in the newest version as well. Also, they should include SSO integration in Graylog 5.0's community version, similar to its enterprise version. It would also be beneficial if they added a feature that scales the solution automatically when the load increases.
With Python, there was a problem where it was harder to attach extra information using the basic logging package. We had to build our own custom adapter for this to append that information to the log message. For Python developers, it would be great if Graylog could provide a better Python package in order to make it easier to use for the Python community.
Senior Marketing Specialist II at Harman International
Real User
Sep 21, 2022
Graylog could improve the process of creating rules. We have to create them manually by doing parses and applying them. Other SIEM solutions have basic rules and you can create and get more events of interest.
Senior DevOps Engineer at a financial services firm with 10,001+ employees
Real User
Dec 7, 2020
Graylog can improve the index rotation as it's quite complicated. They need to work on that because it's quite cumbersome to manage the index rotation with all the logs. The filtering of logs before ingestion also needs a bit of work. This is because you have to write some code to avoid certain things before ingesting. As it doesn't support certain AIX versions, you need to upgrade the servers to accommodate it.
Entrepreneur at a tech services company with 51-200 employees
Real User
May 10, 2020
It would be helpful if they would work more on the documentation because it's not very clear and ideally I'd like to be able to do more myself, but would need some additional guidelines and material for that.
Head of Infrastructure at a financial services firm with 201-500 employees
Real User
Aug 26, 2019
I would like to see a date and time in the Graylog Grok patterns so that I can save time when searching for a log. I like how the streams and the search query work, but adding a date and time will allow me to pull out a log in a milli-second.
Graylog Enterprise, recognized for log collection, real-time search, and enriched data handling, offers an open-source framework that integrates seamlessly with Elasticsearch. Its user-centric interface streamlines data correlation and log aggregation, supporting both backend services and comprehensive monitoring needs.Graylog Enterprise stands out for its stability and powerful log management capabilities, facilitating efficient log aggregation, real-time updates, and data analytics. Users...
An improvement I would suggest is in Graylog's user interface, such as allowing for font size adjustments. A potential enhancement could be the integration with Ollama to run large language models locally, maintaining high privacy standards.
When it comes to configuring the processing pipeline, writing the rules can be very tedious, especially since the documentation isn't extensive on how the functions provided for these rules work. Parsing depends heavily on regular expressions, which makes the process somewhat tedious.
Since it's a free tool, I don't have much to say. Troubleshooting is important to me. The initial setup is complex. I hope to see improvements in Graylog for more interactivity, user-friendliness, and creating alerts.
They depleted the legacy alarm callback feature from the current version. They should make it available in the newest version as well. Also, they should include SSO integration in Graylog 5.0's community version, similar to its enterprise version. It would also be beneficial if they added a feature that scales the solution automatically when the load increases.
With Python, there was a problem where it was harder to attach extra information using the basic logging package. We had to build our own custom adapter for this to append that information to the log message. For Python developers, it would be great if Graylog could provide a better Python package in order to make it easier to use for the Python community.
Graylog could improve the process of creating rules. We have to create them manually by doing parses and applying them. Other SIEM solutions have basic rules and you can create and get more events of interest.
More customization is always useful.
I would like to see some kind of visualization included in Graylog. The report is plain, they could be improved.
Graylog can improve the index rotation as it's quite complicated. They need to work on that because it's quite cumbersome to manage the index rotation with all the logs. The filtering of logs before ingestion also needs a bit of work. This is because you have to write some code to avoid certain things before ingesting. As it doesn't support certain AIX versions, you need to upgrade the servers to accommodate it.
It would be helpful if they would work more on the documentation because it's not very clear and ideally I'd like to be able to do more myself, but would need some additional guidelines and material for that.
I would like to see a date and time in the Graylog Grok patterns so that I can save time when searching for a log. I like how the streams and the search query work, but adding a date and time will allow me to pull out a log in a milli-second.