Clean, robust and intuitive central logging
Rating: 7 out of 10
January 18, 2022
Vetted Review
Verified User
6 years of experience
We have more than 60 applications, ranging from websites, Winforms, windows services, API's and console executables. All of them need to log their tracing and/or error information to a central location. It needs to be central because you don't want to search for this location, especially when you only have 5 minutes to solve a problem. We used to have a dedicated database for logging, but this does not eliminate the time lost searching for "the" logs. Also, [the] configuration used to be a manual and self-made business that wasn't always clear. Graylog is a dedicated logging solution that comes "out of the box" and is made accessible through a well-known plugin architecture (log4net if you're developing with the .NET framework).
- Nice search interface and powerful search options
- JSON extractor to "extract" variables and values from JSON input.
- Clear and intuitive dashboards
Cons
- In the front end, the search "tricks" could have been made a little easier to find. There seems to be some kind of "search language" where you can use keywords like "AND" and "OR," etc. (much like SQL language). But it's totally unclear what does work and what doesn't. If you don't know that it's there, you'll never find it. Of course, after you do know it, you can find many examples online on how to use it.
- The backend is not for the inexperienced. Graylog is based on elastic search and MongoDB. And it's Linux. This means that Graylog is actually 3 applications that you need to configure in a Linux environment. This means that you need quite some experience to get this running. Fortunately, though, things are kept as simple as possible. What I mean is that at first, the task seems daunting, but then you'll find that there's not much to it after all.
- We've had multiple occasions that disk size was full or indexes went larger than allowed. When this happens, the systems can become corrupt. The solution is to just delete the indexes, but it took quite some time to find this out.
- We disabled "Automatic updates" on the Linux server because unattended updates always lead to problems. This is not a real problem, or solely related to Graylog, but worth mentioning. Updates are best handled manually.
- Central (the fact that it's central), one place to log them all
- Multiple ways to log, one I already mentioned (log4net)
- AD support
- The fact that it's free
- Negative: None. There is no negative impact by using Graylog.
- Speed of solving bugs. Logging is so accessible and easy to search that we spend a lot less time [searching] for specific errors.
- Better health of applications. Since monitoring the logs is so easy, it's very easy to keep an eye on the tracing to see if things are going smoothly and according to plan.
Azure Monitor is not exactly what I mean, but I couldn't find Azure Application Insights. Anyway, for a large organization, Azure makes more sense than using Graylog because a lot of logging will already be inside Azure. And you don't want to have two "central" logging locations. But Azure is chaos and highly "not intuitive." So for small and mid-size organizations, Graylog is still the better option.