Graylog

Score8.8 out of 10

33 Reviews and Ratings

Community insights

TrustRadius Insights for Graylog are summaries of user sentiment data from TrustRadius reviews and, when necessary, third party data sources.

Pros

Efficient log aggregation and intuitive dashboards: Multiple reviewers have praised Graylog for its efficient log aggregation pipeline, allowing users to easily collect and analyze logs from various sources. The clear and intuitive dashboards provided by Graylog were also highlighted as a positive aspect, making it easier for users to understand and monitor their logs effectively.

Powerful search options: Many reviewers have appreciated the powerful search capabilities offered by Graylog. Users mentioned that they can quickly search through large volumes of logs and easily find specific data without manual filtering. This feature enhances efficiency and saves time for users when troubleshooting or investigating issues.

Flexible configuration options: Users have commended Graylog for its flexibility in configuration. Some reviewers mentioned the ability to store everything on a single box, while others highlighted the option to scale out horizontally using a cluster of Elasticsearch nodes and MongoDB servers. This flexibility allows users to tailor their log management setup according to their specific needs and infrastructure requirements.

Reviews

9 Reviews

An invaluable tool to collect store and search logs

Rating: 8 out of 10

Incentivized

November 11, 2025

Use Cases and Deployment Scope

We are an ecommerce agency and, with multiple clients and multiple environments per client, having a centralized platform to collect log makes our life a lot easier. Instead of waiting for a developer or devops worker to check for issues, project managers can check the log themselves and then forward tasks quickly.

Pros

Log collection
Storage management
Log statistics

Cons

Configuration can be hard to understand
More quickly and easy ways to search for data
Auto-categorization of log entries would be excellent

Likelihood to Recommend

It's an excellent tool for companies with multiple services/environments to monitor, allowing for quick access to logs in a centralized way. However, searching for data can be complicated for new users, and it lacks features to proactivelly alert of new issues and to categorized issues in a way that is easier to monitor.

Verified User

Team Lead in Information Technology (11-50 employees)

Vetted Review

2 years of experience

Graylog is the one console you must have

Rating: 9 out of 10

Incentivized

November 7, 2025

Use Cases and Deployment Scope

We use Graylog to centralize and organize log data from our many applications running in our environment. Applications running in different operational systems and technologies can be very tricky to analyze their behavior, and that's where Graylog comes with its magic! We built fully functional and customizable dashboards, which makes our job easier, and fast to find, accurate, and act on several bad working applications in our environment.

Pros

Very fast process of hugh amounts of information
Easy to built dashboards with rich visual display
Intuitive filter string auto-complete
Alerts based on differents scenarios and triggers

Cons

Native plugins for more windows applications
Alerts integrations with third part applications
Cluster an high availability management

Likelihood to Recommend

I recommend Graylog to be used in scenarios where log data needs to be analyzed with a rich level of detail and explorability, very close to real-time information. Also, if you need to be alerted based on analyzed data, Graylog also does the job. With many ways to display the processed data, it is very helpful for the day-to-day duties of any IT team.

Luiz Eduardo Garcia

System Administrator in Information Technology at JET e-business (51-200 employees)

Vetted Review

4 years of experience

View profile

Useful and free SIEM tool

Rating: 8 out of 10

Incentivized

June 16, 2022

Use Cases and Deployment Scope

Allows insight into logs from various systems and products that would otherwise be time consuming to access and identify. Dashboards can be customised to your preferences and Alerts/emails can be defined when specific events or patterns occur, which is not possible directly from the log source. Our use case is primarily security related looking at access/sign-in logs from various platforms and then sending alerts as required.

Pros

Ingesting various log sources
Dashboards - Customisable
Event alerts/emails

Cons

Support for more log sources
Event alerts/emails - Some cases where unable to separate data from multiple clients, and no easy fix
API - Limits results to 10,000 and can cause server to lockup on queries that exceed the limit

Likelihood to Recommend

Well suited for scenarios such as:

Detecting user OS logins, or user logins from unknown IPs etc.
Access attempts made on a firewall or other network infrastructure
Monitoring changes to Active Directory Groups

Less suited for scenarios where logs and alerts are time critical, eg.as soon as an event occurs an alert is generated and sent

Verified User

Professional in Information Technology (11-50 employees)

Vetted Review

3 years of experience

Clean, robust and intuitive central logging

Rating: 7 out of 10

Incentivized

January 18, 2022

Use Cases and Deployment Scope

We have more than 60 applications, ranging from websites, Winforms, windows services, API's and console executables. All of them need to log their tracing and/or error information to a central location. It needs to be central because you don't want to search for this location, especially when you only have 5 minutes to solve a problem. We used to have a dedicated database for logging, but this does not eliminate the time lost searching for "the" logs. Also, [the] configuration used to be a manual and self-made business that wasn't always clear. Graylog is a dedicated logging solution that comes "out of the box" and is made accessible through a well-known plugin architecture (log4net if you're developing with the .NET framework).

Pros

Nice search interface and powerful search options
JSON extractor to "extract" variables and values from JSON input.
Clear and intuitive dashboards

Cons

In the front end, the search "tricks" could have been made a little easier to find. There seems to be some kind of "search language" where you can use keywords like "AND" and "OR," etc. (much like SQL language). But it's totally unclear what does work and what doesn't. If you don't know that it's there, you'll never find it. Of course, after you do know it, you can find many examples online on how to use it.
The backend is not for the inexperienced. Graylog is based on elastic search and MongoDB. And it's Linux. This means that Graylog is actually 3 applications that you need to configure in a Linux environment. This means that you need quite some experience to get this running. Fortunately, though, things are kept as simple as possible. What I mean is that at first, the task seems daunting, but then you'll find that there's not much to it after all.
We've had multiple occasions that disk size was full or indexes went larger than allowed. When this happens, the systems can become corrupt. The solution is to just delete the indexes, but it took quite some time to find this out.
We disabled "Automatic updates" on the Linux server because unattended updates always lead to problems. This is not a real problem, or solely related to Graylog, but worth mentioning. Updates are best handled manually.

Likelihood to Recommend

For small companies, Graylog is the best solution possible. It's easy to configure and "just works." Above everything else, it's free. The only thing I hold against it is the fact that it's Linux-based. [This] makes sense because Elasticsearch is Linux-based. But Linux adds a layer of complexity that we don't need for something basic as a logging server. I'm pretty sure that we would have had a logging server years earlier if I had to convince quite a few decision-making people to go ahead with it anyway.

Verified User

Team Lead in Information Technology (501-1000 employees)

Vetted Review

6 years of experience

Graylog, Free Vs. Paid

Rating: 9 out of 10

Incentivized

April 29, 2020

Use Cases and Deployment Scope

Graylog is currently implemented for use across the entire organization at each deployment that I have provisioned. However, Graylog is only referenced by myself, or Information Systems Staff. Graylog currently mainly addresses two separate needs for us. First, it allows the capture of NAT translations for DMCA related notifications for subscribers. Secondly, it addresses the need for an internal syslog server.

Pros

The free edition is extraordinarily powerful.
Log searching is quick.
The web interface is sleek, and the install is relatively quick.

Cons

Rotating the indexes are hard! It is also easy to brick your deployment. Purchase support, but it's so ludicrously expensive, that I'd go with a different vendor.
Community support dances around questions and points to documentation, which is there, but is not always accurate.
Searching logs uses logic that is not always easy to use.
There is not a good way to size how much space you need for a given log retention. It also does not tolerate running out of space using a smart feature or such to auto delete. The heap can also overflow.
It uses MangoDB instead of a different database.
The OVA is not approved for production use.
It is resource intensive.

Likelihood to Recommend

If you just need a logging server that will most likely work, and won't break the bank. This is it, you can stop looking. Period.

Verified User

Consultant in Information Technology (201-500 employees)

Vetted Review

1 year of experience

Graylog can compete against the big boys.

Rating: 9 out of 10

Incentivized

January 29, 2020

Use Cases and Deployment Scope

We currently use Graylog as a log aggregator and some light weight SEIM. However, we haven't had the cycles to use the other features of it. Presently solves our centralized log collection problem.

Pros

Log Aggregation pipeline
Dashboards

Cons

Pricing for Enterprise is a bit unrealistic.
Archiving should be a standard feature in the community edition.

Likelihood to Recommend

Graylog is suited for all environments. Its easy setup and use is great for small businesses. Its flexibility for configuration of ingested logs is excellent for medium to large scale, and its ingest capability is great for super-sized. One size fits all for Graylog. It's a great competitor to QRadar and Splunk, and even Alienvault USM/OSSIM

Jeremy Cejka

Principal Systems Engineer in Information Technology at Research Innovations (51-200 employees)

Vetted Review

3 years of experience

Liven up your logging with Graylog!

Rating: 9 out of 10

Incentivized

December 9, 2019

Use Cases and Deployment Scope

We use Graylog to collect messages from a variety of different systems like network switch and routers to wifi controllers. We use Graylog to group and create graphs to show specific information. We also use Graylog to send messages to us to alert of certain activities. Graylog is widely used in our office because it is cost-effective and the ability to be tweak for each team.

Pros

The ability to add and remove information to the messages. This makes it so you can customize each message and get the information you really want.
Being able to search for different criteria allows finding the exact data you want without having to manually filter the data.
Searching tends to be quick and is able to process large amounts of data quickly so you don't have to wait forever for your data.

Cons

The graphs and visualizations are limited on the dashboard if there were more options it would be better for different kinds of data.

Likelihood to Recommend

Graylog can collect messages and group them, so if you want to get alerted when there is an abnormal amount of particular messages, Graylog can do that. Graylog can be used to analyze traffic, and if traffic over a certain level and is sustained for an amount of time, it can send the information of which mac addresses are causing the traffic influx.

Verified User

Administrator in Engineering (1001-5000 employees)

Vetted Review

2 years of experience

Level Up Your Logging

Rating: 7 out of 10

Incentivized

June 30, 2019

Use Cases and Deployment Scope

Graylog is used to aggregate logs and SNMP traps from our network devices and Linux servers. We not only aggregate and store logs but extract values to make logging more searchable than using flat files with BASH utilities (grep, cut, awk, etc) to search. For our critical devices, we also use it to forward logs to a room in our private chat service via a custom integration.

Pros

Graylog does a great job of its core function: log aggregation, retention, and searching.
Graylog has a very flexible configuration. The backend for storage is Elasticsearch and MongoDB is used to store the configuration. You have to option to make your configuration as simple as possible by storing everything on one box, or you can scale everything out horizontally by using a cluster of Elasticsearch nodes and MongoDB servers with several Graylog servers pointed to all the necessary nodes.
Graylog does a good job of abstracting away a fair portion of Elasticsearch index management (sharding, creation, deletion, rotation, etc).

Cons

Some aspects of Graylog are less than intuitive. For example, if you want to run different extractor rules on different device types due to format differences, you need to create different inputs. Since inputs are their own processes that require ports to be bound to them, you either need different IP addresses for each input or a different (read: non-standard) port, which can make the device configuration more complicated.
Although Graylog abstracts quite a bit of Elasticsearch management away, it is by no means a turnkey solution. Upgrades to Graylog can require upgrades to Elasticsearch, which occasionally requires manual intervention to Elasticsearch. Same goes for mongo. If you're looking to scale out, there is some documentation to get you started, but the heavy lifting is on you.
As everything is stored in Elasticsearch, there are no more flat files to tail; moving from a "traditional" logging aggregator like Syslog(-ng), a culture change is going to be required.

Likelihood to Recommend

If you already have a basic understanding of Elasticsearch and/or MongoDB, Graylog will be a great fit when it comes to log aggregation. It will be a decent option even if you don't have any experience but have the time and willingness to roll up your sleeves that learning those tools will require. Graylog supports plugins to extend functionality for things like SNMP traps, telemetry collection, and solar flares. As is the case with most software with plugins, if the core functionality for which you are looking (i.e. not logging) is based on a plugin, Graylog probably isn't for you. The majority of the plugins in the marketplace are developed by third-parties looking to solve their specific use case so bug fixes and new features are not a given.

Verified User

Engineer in Information Technology (501-1000 employees)

Vetted Review

3 years of experience

Graylog is GREAT

Rating: 9 out of 10

Incentivized

December 5, 2018

Use Cases and Deployment Scope

We use Graylog to view all of our system logs in one place. We use this software to back up our logs so in the event we need to review them we can go back as far as we need to. This software allows us to collect all our data easily.

Pros

Manages logs for a variety of devices
Easy to set up
A great open source solution

Cons

If you don't know your way around Linux setup would be tricky. Some step by step videos would be helpful.

Likelihood to Recommend

This is well suited for a small to medium sized environment where you are looking to collect all your system logs. In larger scale environments it would be trickier to pull this software off. The software can only handle a certain amount of logs per second, if you have lots of devices you should invest in a more premium product.

Verified User

Technician in Information Technology (51-200 employees)

Vetted Review

1 year of experience

Loading Reviews List....

Level Up Your Logging

Rating: 7 out of 10

Incentivized

June 30, 2019

Use Cases and Deployment Scope

Pros

Graylog does a great job of its core function: log aggregation, retention, and searching.
Graylog has a very flexible configuration. The backend for storage is Elasticsearch and MongoDB is used to store the configuration. You have to option to make your configuration as simple as possible by storing everything on one box, or you can scale everything out horizontally by using a cluster of Elasticsearch nodes and MongoDB servers with several Graylog servers pointed to all the necessary nodes.
Graylog does a good job of abstracting away a fair portion of Elasticsearch index management (sharding, creation, deletion, rotation, etc).

Cons

Some aspects of Graylog are less than intuitive. For example, if you want to run different extractor rules on different device types due to format differences, you need to create different inputs. Since inputs are their own processes that require ports to be bound to them, you either need different IP addresses for each input or a different (read: non-standard) port, which can make the device configuration more complicated.
Although Graylog abstracts quite a bit of Elasticsearch management away, it is by no means a turnkey solution. Upgrades to Graylog can require upgrades to Elasticsearch, which occasionally requires manual intervention to Elasticsearch. Same goes for mongo. If you're looking to scale out, there is some documentation to get you started, but the heavy lifting is on you.
As everything is stored in Elasticsearch, there are no more flat files to tail; moving from a "traditional" logging aggregator like Syslog(-ng), a culture change is going to be required.

Likelihood to Recommend

Verified User

Engineer in Information Technology (501-1000 employees)

Vetted Review

3 years of experience