Graylog Enterprise Reviews

I have my own recipe for an infrastructure code where I integrate Fluent Bit with Kubernetes. It scrapes the logs off of all the member nodes of Kubernetes and then it chips that to an input on Graylog. That way, when developers want to troubleshoot an application but don't want to use anything Kubernetes CLI-related, they can jump straight to Graylog. They can type the name and the type of deployment that they're looking for and get all of the logs pulled into one place. Essentially I use this solution to give developers a way to look at all the logs in an aggregated form. It's very helpful.

I also use the solution to extract and quantify data and metrics from the logs. For example, let's say you're running the wallet application and you want to make sure that you are getting the minimum 404's when somebody is trying to make a payment. You can essentially extract the code on Graylog and it will give you a really nice view of how often your wallet times out, or overall performance. If you're looking specifically from a security standpoint, if the application is seeing something that should not be seen, you have a way to log that.

I also use it for building charts and live logging. Also, the pipelines allow you to take a raw log, create something out of it, and transform it into something else, so I use that for streams, presentations, metrics, and health checks from an app runtime standpoint.

Everything stands out as valuable, including the fact that I can quantify and qualify the logs, create pipelines and process the logs in any way I like, and create charts or data maps. One time, I created a geo map based on IP addresses accessing a website. The web server generates logs based on who's accessing the application, and we were able to extract the IPs from the logs and even create a chart on Graylog to map out exactly what countries the requests were coming from. Graylog is amazing. It's a beast.

Graylog needs to improve their authentication. Their AD integration is really bad. When it comes to ACL's, access control lists, where you want to have different group memberships and control who gets access to what, it really could use major improvements. It seems like a beta authentication version that they came up with in a hurry and said, "Hey guys, we've got something going for you. Use it until we think of something later on." I believe their enterprise version has improved some of these features, but I use the open source version.

The second thing would be the way they handle live logging. The fact that Graylog displays logs from the top down is just ridiculous. I've never seen anything that logs this way except for Graylog. I believe this is an issue because they have the selector going in that direction, so it would make sense that they have to implement it that way, but it's definitely not cool. When you're looking at Graylog's live logging, whether it's doing a one-second or five-second pull, you'll notice that new log lines are placed at the top of the screen, not the bottom of the screen. I find this ridiculous because normally when you're looking at logs anywhere, on Linux, even in Windows, you're going to see that the logs are generated at the bottom. That's one thing that Graylog definitely needs to improve. 

Graylog also needs to invest some time to improve the performance and how they handle the maintenance of Elasticsearch.

An added feature I would like to see is the capacity to delegate most of the backend maintenance to the frontend UI. When you have somebody from the service desk working on the solution or somebody who's not a technical person, they could run some of the maintenance stuff directly from the UI.

Another thing is something that I saw in LogDNA, where you could have a color based on log regex. For example, it would color the timestamps next to the log lines orange, make the source of the log purple, and then make the actual log content black. That would be very nice to see in Graylog.

I have been using this solution for about four to five years.

I would give this solution a six out of ten for stability. It has quite a few hiccups. I usually try to avoid them the best I can, but sometimes they just happen and you have to deal with it.

Graylog can scale, but technically, Graylog's scalability mainly depends on Elasticsearch because it uses Elasticsearch as the backend. I would say the question should probably be about how well Elasticsearch can scale. The answer to that would be that it is pretty scalable, but it's not simple. It's not like Kubernetes, where you just add a few extra replicas and you get performance right of the box. It's a bit complex to scale it, but it is scalable.

I would rate the technical support as a four out of five. From an experience standpoint, they're pretty good.

Positive

It really depends. If you're going to slap Graylog into a very small environment and do a standalone instance, it's super easy and straightforward. You have to install Mongo, Elasticsearch, and Graylog and connect them to each other, which is super simple. There are tons of easy tutorials online available to help you do that. 

However, if you want to set up a highly scalable cluster, things will get a little bit complex. It's still very manageable, but it's definitely complex.

It took me about 30 minutes to deploy Graylog. 

There is an open source version and an enterprise version. The authentication is bad in the open source version, but I believe they have improved that in the enterprise version. 

I wouldn't recommend the enterprise version, but as an open source solution, it is solid and works really well.

My advice to people considering this solution is to first determine where they can use it. The server sizing depends on the amount of logs generated and where you get the logs from. For example, it it a Kubernetes cluster with a lot of things on it, or just a bunch of VMs, or just a couple of VMs? What's the size of that? Based off of this, you would then decide the server sizing and how big your Elasticsearch needs to be and how scalable it needs to be. Graylog is like ELK Stack. It's very, very resource hungry.

I would rate this solution as a seven out of ten. 

We are using the solution to store all the logs from different sources. Also, we use it to monitor the logs for system errors.

The solution's most valuable feature is its new interface. It enhances our cluster's performance as well.

They depleted the legacy alarm callback feature from the current version. They should make it available in the newest version as well. Also, they should include SSO integration in Graylog 5.0's community version, similar to its enterprise version. It would also be beneficial if they added a feature that scales the solution automatically when the load increases.

We have been using the solution for five to six years.

The solution's current version that I am using is stable.

We have 50-60 users of the solution. Its scalability gets complicated when we have to update or edit multiple nodes. It is a very tedious task to add new nodes to the cluster. I rate its scalability a six.

We use Graylog's community support forum. It helps us solve our queries.

The solution's initial setup is easy. The deployment process for the new version takes 10-15 days.

Our in-house technical staff has seven years of experience working with Graylog. With their guidance, we configure and maintain the solution.

The solution's community version works well for a lesser workload. It will help if you opt for the solution's enterprise version if you plan to increase the load.

I recommend the solution to others and rate it as a seven.

I used this solution for bug tracking, checking to see if an application was running correctly or not.

I was working at a big comparison platform in Germany and was part of a  financial services department where we built multibanking applications. I know that in other departments they used different logging tools like TeamCity, so this was not something that was used companywide. There were probably about 50 developers using it, from app developers to Java/Python backend developers and the data science team. The extent of log messages and verbosity was varying from team to team.

One of the most valuable features is that you are able to do a very detailed search through the log messages in the overview. You are also able to attach a lot of details into your log messages. 

When it came to integrating the solution with Java, it was quite easy. My colleagues used Graylog for some dashboards to show how many bugs there were per day or the overall performance of the applications. For the developers it's not super important, but it was quite a good way for the project manager to see that everything was all right.

With Python, there was a problem where it was harder to attach extra information using the basic logging package. We had to build our own custom adapter for this to append that information to the log message. For Python developers, it would be great if Graylog could provide a better Python package in order to make it easier to use for the Python community.

I used this solution for about two years. 

This solution is definitely stable. 

This solution was definitely scalable to our needs. 

I would say the initial setup is quite straightforward, but it's pretty straightforward for any kind of logging tool out there. The difference is in how you integrate it into the project, but I don't think there's much of a difference between all of the tools, at least from my perspective. 

I used Graylog until a few months ago, and I'm currently using Sentry. With Sentry it is quite easy to filter, for example, errors for a specific project just by clicking a drop down. On Graylog, we had to perform active filtering through the search bar. The filtering process was a bit different. I wouldn't say they differ too much, but Sentry also allows me to do some bug tracking and mark them like, "Okay, now I have to review this," or "This has been resolved", which is not something I would ask for in a log tool, but it's available.

I would say that it's definitely worth looking into the extensive search and filtering functionality of Graylog in order to make the most out of it. I would also suggest having a look into the dashboard view functionalities for doing some kind of quick performance overview on the application set. I think the coolest feature of Graylog if you're a developer is that you are able to really narrow down or to specify the search.

For TeamCity, for example, there is specific query language and you can build dashboards and queries there as well, but this feature was kind of limited when I was using it. Even though it was available, I didn't like the feature overly much. I know that there are other similar tools available, but I enjoy using Graylog the most.

I would rate this solution as an eight out of ten because the integration with Python isn't perfect, but if that's fixed in the future, I would say it would be a nine or ten.

We have one SIEM tool to integrate the log source for other containers and user-related logs. Those logs were integrated into Graylog. When required those logs Graylog gets sent to a SIEM tool. 

The best feature of Graylog is the Elasticsearch integration. We can integrate and we can run filters, such as an event of interest, and those logs we can send to any SIEM tool or as an analytic. Additionally, there are clear and well-documented implementation instructions on their website to follow if needed.

Graylog could improve the process of creating rules. We have to create them manually by doing parses and applying them. Other SIEM solutions have basic rules and you can create and get more events of interest.

I have been using Graylog for approximately three years.

Graylog is a stable solution. However, while using some microservices it may go down.

Graylog

We have approximately 40 to 45 people using the solution in my company. There are three different teams using it, such as developers and testing teams. The teams use the solution on a daily basis.

We are working in India, and sometimes it takes a while to receive a response from the support. However, the solutions they provide are can do them. Their support is good.

I rate the support from Graylog a four out of five.

Positive

I have previously used Logstash. The main difference between Graylog and Logstash is in Logstash it takes a longer time for searching logs.

We had some struggles with the initial setup of Graylog. However, after using the support it works fine.

I rate the initial setup of Graylog a four out of five.

We use the support from the Graylog team for the implementation of the solution.

Graylog is a free open-source solution. The free version has a capacity limitation of 2 GB daily, if you want to go above this you have to purchase a license.

I rate Graylog a seven out of ten.

I like the correlation and the alerting. If I have multiple monitoring systems and I alert Graylog, Graylog will collect them and analyze them, and issue one alert.

We are only approximately four months into production and have not explored all of the features this solution offers. So far, it has everything we wanted.

I would like to see some kind of visualization included in Graylog. The report is plain, they could be improved.

I have been using Graylog for approximately five months.

We are using the latest version.

Graylog community is very good.

We are also using Zenoss.

The initial setup is straightforward.

It's an open-source solution that can be used free of charge.

I would definitely recommend Graylog to others who are interested in using it.

At this point with the features that I have used, I would rate Graylog a ten out of ten.

We use Graylog for developer login to assist developers and help them find issues faster, and for certain applications in production.

The centralized logs where one can find bugs quicker and find the line of code that is a problem has made us more efficient. The turn around time for production support is quite high when using this kind of solution.

Graylog's search functionality, alerting functionality, user management, and dashboards are useful. They also provide an easy way to create dashboards, and the interface is also quite easy to use.

Graylog can improve the index rotation as it's quite complicated. They need to work on that because it's quite cumbersome to manage the index rotation with all the logs.

The filtering of logs before ingestion also needs a bit of work. This is because you have to write some code to avoid certain things before ingesting. As it doesn't support certain AIX versions, you need to upgrade the servers to accommodate it.

I have been using Graylog for about three years.

Graylog is quite stable, and the only issue is the index rotation.

Graylog is scalable and can be deployed in a clustered distributed environment.

The support from the Graylog community is helpful, but they can do better. The enterprise support doesn't really cater to open-source solutions. They only support you if you are an enterprise working on a POC. If you want to do a POC for an enterprise solution, they need assurances that you'll buy their enterprise solution. 

I have used different solutions like Nagios before. These solutions are more like manual processes where logging and viewing of logs are conducted on the server.

Others like ELK are difficult to use because it isn't straightforward and requires a lot of reading. You have to learn quite a lot before using it.

Graylog is quite easy to set up. As it comes with a prepackaged installation file, it's not complex to install and takes one to three days to deploy. If you have to study the documentation and then implement it, I think you can do it within a week.

All implementation was handled in-house.

Graylog is straightforward to install and easy to maintain. It also comes with alerting. But one has to be mindful of the support and disadvantages like the index rotation.

On a scale from one to ten, I give Graylog an eight.

I use this solution regularly for analyzing incidents, collecting them to figure out what's going on. For now, I'm using it myself but would like to also deploy for some of my customers in the near future. I'm an entrepreneur in a security solutions company and a customer of Graylog. 

I like the simplicity of the solution, the fact that it's open source and user friendly.

It would be helpful if they would work more on the documentation because it's not very clear and ideally I'd like to be able to do more myself, but would need some additional guidelines and material for that.

I've been using this solution for a year. 

It's a stable solution. 

I believe it's a scalable solution but haven't tested it yet. 

The technical support is a weak point in this product. It's not so easy to contact them and they don't answer immediately. Sometimes it takes a lot of time and the wait is difficult. If I had enough documentation I might not need the support. 

The initial setup was relatively straightforward. I was able to deploy it myself in a couple of days. For now, I'm the only user. I know it can be scaled for free for up to five users and I'll test that soon. 

This is a good product and I would rate it an eight out of 10. 

Our primary use case of this solution is for logging. Because we have financial systems, we also use it for audit trailing.

I basically run the entire program in our company. Whenever there's an audit, I get the people on board and give them the information they require.

Graylog captures our financial logs and preserves them, mainly for any audit that may come up. The compliance is very good.

What I like most about this solution, is that it caches the log. I also like it's filtration because we have various layers of data that needs to be captured - from flat filing to Windows servers, Linux-based servers and the like. I like the diversity and the number of environments it can cover, including the switches.

I would like to see a date and time in the Graylog Grok patterns so that I can save time when searching for a log. I like how the streams and the search query work, but adding a date and time will allow me to pull out a log in a milli-second.

I am very proud of how very stable the solution is. One time I had an entire node on my VxRail VMware collapse, so I basically restored the template, gave it the same IP address and everything was working again.

We've grown from 500 to 2,000 independent devices on this solution, and it captures them all. We even plan to increase our usage. So, yes, the program is scalable.

There hasn't been a need for me to call support, because I only went through the forums and hundreds of pages of manuals to get to understand it. 

The initial setup was really complex because I did it myself. I had no support and I didn't understand the whole ecosystem. The first deployment took about a month because I had to figure out exactly what I'm capturing, and how to query it afterwards. I also had to manage the clientele, client installations, and the like. After a month or so I had an overall view of everything.

I am responsible for the deployment and maintenance of Graylog. I've even done smaller setups and deployments for other people. 

I use the free version of Graylog.

In the next version I would perhaps like to see less overlapping in in the interface. Some users feel that it is still very rigid and boxy. Pretty old school. So a more user-friendly interface with less overlapping in the structures would be great. I rate this solution 9.5 out of 10.