Clean, robust and intuitive central logging
Rating: 7 out of 10
January 18, 2022
Vetted Review
Verified User
6 years of experience
We have more than 60 applications, ranging from websites, Winforms, windows services, API's and console executables. All of them need to log their tracing and/or error information to a central location. It needs to be central because you don't want to search for this location, especially when you only have 5 minutes to solve a problem. We used to have a dedicated database for logging, but this does not eliminate the time lost searching for "the" logs. Also, [the] configuration used to be a manual and self-made business that wasn't always clear. Graylog is a dedicated logging solution that comes "out of the box" and is made accessible through a well-known plugin architecture (log4net if you're developing with the .NET framework).
- Nice search interface and powerful search options
- JSON extractor to "extract" variables and values from JSON input.
- Clear and intuitive dashboards
Cons
- In the front end, the search "tricks" could have been made a little easier to find. There seems to be some kind of "search language" where you can use keywords like "AND" and "OR," etc. (much like SQL language). But it's totally unclear what does work and what doesn't. If you don't know that it's there, you'll never find it. Of course, after you do know it, you can find many examples online on how to use it.
- The backend is not for the inexperienced. Graylog is based on elastic search and MongoDB. And it's Linux. This means that Graylog is actually 3 applications that you need to configure in a Linux environment. This means that you need quite some experience to get this running. Fortunately, though, things are kept as simple as possible. What I mean is that at first, the task seems daunting, but then you'll find that there's not much to it after all.
- We've had multiple occasions that disk size was full or indexes went larger than allowed. When this happens, the systems can become corrupt. The solution is to just delete the indexes, but it took quite some time to find this out.
- We disabled "Automatic updates" on the Linux server because unattended updates always lead to problems. This is not a real problem, or solely related to Graylog, but worth mentioning. Updates are best handled manually.