TrustRadius Insights
Graylog has proven to be a valuable solution for users in various industries, offering a range of use cases that address common challenges …
Overview
What is Graylog?
Graylog, headquartered in Houston, offers their eponymous platform for centralized log management that helps users find meaning in data faster so as to take action immediately. Graylog is available via Enterprise and Cloud plans, but also has a Small Business…
Recent Reviews
Product Demos
Demo GrayLog 2 with Laravel5 app
YouTube
Demo GrayLog 2 with Rails app
YouTube
Send Syslog from MuleSoft RTF to GrayLog
YouTube
Graylog Security
YouTube
Product Details
- About
- Competitors
- Tech Details
- FAQs
What is Graylog?
Graylog Video
Tour of Graylog v4.0
Graylog Competitors
Graylog Technical Details
| Deployment Types | On-premise, Software as a Service (SaaS), Cloud, or Web-Based |
|---|---|
| Operating Systems | Windows, Linux, , |
| Mobile Application | No |
Frequently Asked Questions
Graylog, headquartered in Houston, offers their eponymous platform for centralized log management that helps users find meaning in data faster so as to take action immediately. Graylog is available via Enterprise and Cloud plans, but also has a Small Business Plan, and an Open (free) plan with limited features.
Reviewers rate Support Rating highest, with a score of 3.6.
The most common users of Graylog are from Mid-sized Companies (51-1,000 employees).
Comparisons
Compare with
Reviews and Ratings
(29)
Community Insights
TrustRadius Insights are summaries of user sentiment data from TrustRadius reviews and, when necessary, 3rd-party data sources. Have feedback on this content? Let us know!
- Business Problems Solved
- Pros
- Cons
- Recommendations
Graylog has proven to be a valuable solution for users in various industries, offering a range of use cases that address common challenges in log management and security monitoring. Users have successfully utilized Graylog as a centralized log aggregator and SEIM, enabling them to collect logs from multiple applications and sources in one central location. This has greatly simplified the process of tracking and tracing errors, saving valuable time when troubleshooting problems across their systems.
With Graylog's well-known plugin architecture, such as log4net for .NET developers, users have found it easy to integrate and utilize the platform. Additionally, Graylog's ability to extract values from logs and customize dashboards has enhanced its usability and provided users with greater searchability. By defining alerts for specific events or patterns, they are able to promptly identify and address potential issues.
Another significant use case for Graylog is its value in security-related tasks. Users have successfully employed Graylog to analyze access sign-in logs from various platforms and receive alerts when necessary. Additionally, its capability to collect messages from network devices like switches, routers, and wifi controllers has allowed users to group and visualize important information through graphs. This feature has proven particularly useful for monitoring critical events and ensuring prompt action.
The cost-effectiveness of Graylog combined with its customization options has contributed to its widespread adoption within organizations. Users across different teams are able to tailor the platform to their specific needs, making it a valuable tool for both log management and security monitoring purposes. From capturing NAT translations for DMCA-related notifications to serving as an internal syslog server, Graylog provides an efficient and accessible solution for aggregating logs and organizing them in a searchable manner.
Efficient log aggregation and intuitive dashboards: Multiple reviewers have praised Graylog for its efficient log aggregation pipeline, allowing users to easily collect and analyze logs from various sources. The clear and intuitive dashboards provided by Graylog were also highlighted as a positive aspect, making it easier for users to understand and monitor their logs effectively.
Powerful search options: Many reviewers have appreciated the powerful search capabilities offered by Graylog. Users mentioned that they can quickly search through large volumes of logs and easily find specific data without manual filtering. This feature enhances efficiency and saves time for users when troubleshooting or investigating issues.
Flexible configuration options: Users have commended Graylog for its flexibility in configuration. Some reviewers mentioned the ability to store everything on a single box, while others highlighted the option to scale out horizontally using a cluster of Elasticsearch nodes and MongoDB servers. This flexibility allows users to tailor their log management setup according to their specific needs and infrastructure requirements.
Unrealistic Pricing: Some users have expressed dissatisfaction with the pricing of the Enterprise version, considering it unrealistic for their needs.
Lack of Intuitive Configuration: Several reviewers have mentioned that configuring Graylog's backend, which relies on Elasticsearch and MongoDB, can be challenging for inexperienced users. It requires Linux knowledge and configuring three separate applications.
Difficulties in Log Management: Users have encountered difficulties in rotating indexes and managing log retention. They feel that there is no built-in feature to auto-delete logs or accurately estimate storage space needed, making log management a challenging task.
Users highly recommend Graylog for its efficiency in collecting information and managing records, emphasizing that it is suitable for any department and helps save time and increase productivity. It is particularly recommended for organizations dealing with large amounts of data.
Graylog is praised for fulfilling users' expectations at a low price point. It offers many useful features, making it a highly recommended logging and monitoring tool. Users find it easy to access and install, making it one of the best tools for log analysis and understanding product details at runtime.
Graylog is considered a good software for collecting records and analyzing data efficiently. It is particularly recommended for companies looking to monitor threats and analyze data effectively. Users appreciate its high functionality, optimal performance, and ability to handle large amounts of different data. Moreover, it generates confidence in its users while offering an economical price for its services.
Overall, users recommend carefully evaluating data requirements, having a solid understanding of Linux and the basics of MongoDB and Elasticsearch before using Graylog, as well as configuring a retention profile to avoid storage issues. It is also advised to research the competition before deciding on a logging solution and consider the deployment and system requirements before using Graylog.
Attribute Ratings
Reviews
(1-5 of 5)Companies can't remove reviews or game the system. Here's why
June 16, 2022
Useful and free SIEM tool
Allows insight into logs from various systems and products that would otherwise be time consuming to access and identify. Dashboards can be customised to your preferences and Alerts/emails can be defined when specific events or patterns occur, which is not possible directly from the log source. Our use case is primarily security related looking at access/sign-in logs from various platforms and then sending alerts as required.
- Ingesting various log sources
- Dashboards - Customisable
- Event alerts/emails
- Support for more log sources
- Event alerts/emails - Some cases where unable to separate data from multiple clients, and no easy fix
- API - Limits results to 10,000 and can cause server to lockup on queries that exceed the limit
- Multiple log sources
- Customisable Dashboards
- Event alerts/emails
- Able to offer monitoring services to new and existing clients to increase revenue
- Staff have increased billing percentage
- Potential to expand security services
January 18, 2022
Clean, robust and intuitive central logging
We have more than 60 applications, ranging from websites, Winforms, windows services, API's and console executables. All of them need to log their tracing and/or error information to a central location. It needs to be central because you don't want to search for this location, especially when you only have 5 minutes to solve a problem. We used to have a dedicated database for logging, but this does not eliminate the time lost searching for "the" logs. Also, [the] configuration used to be a manual and self-made business that wasn't always clear. Graylog is a dedicated logging solution that comes "out of the box" and is made accessible through a well-known plugin architecture (log4net if you're developing with the .NET framework).
- Nice search interface and powerful search options
- JSON extractor to "extract" variables and values from JSON input.
- Clear and intuitive dashboards
- In the front end, the search "tricks" could have been made a little easier to find. There seems to be some kind of "search language" where you can use keywords like "AND" and "OR," etc. (much like SQL language). But it's totally unclear what does work and what doesn't. If you don't know that it's there, you'll never find it. Of course, after you do know it, you can find many examples online on how to use it.
- The backend is not for the inexperienced. Graylog is based on elastic search and MongoDB. And it's Linux. This means that Graylog is actually 3 applications that you need to configure in a Linux environment. This means that you need quite some experience to get this running. Fortunately, though, things are kept as simple as possible. What I mean is that at first, the task seems daunting, but then you'll find that there's not much to it after all.
- We've had multiple occasions that disk size was full or indexes went larger than allowed. When this happens, the systems can become corrupt. The solution is to just delete the indexes, but it took quite some time to find this out.
- We disabled "Automatic updates" on the Linux server because unattended updates always lead to problems. This is not a real problem, or solely related to Graylog, but worth mentioning. Updates are best handled manually.
- Central (the fact that it's central), one place to log them all
- Multiple ways to log, one I already mentioned (log4net)
- AD support
- The fact that it's free
- Negative: None. There is no negative impact by using Graylog.
- Speed of solving bugs. Logging is so accessible and easy to search that we spend a lot less time [searching] for specific errors.
- Better health of applications. Since monitoring the logs is so easy, it's very easy to keep an eye on the tracing to see if things are going smoothly and according to plan.
Azure Monitor is not exactly what I mean, but I couldn't find Azure Application Insights. Anyway, for a large organization, Azure makes more sense than using Graylog because a lot of logging will already be inside Azure. And you don't want to have two "central" logging locations. But Azure is chaos and highly "not intuitive." So for small and mid-size organizations, Graylog is still the better option.
April 29, 2020
Graylog, Free Vs. Paid
Graylog is currently implemented for use across the entire organization at each deployment that I have provisioned. However, Graylog is only referenced by myself, or Information Systems Staff. Graylog currently mainly addresses two separate needs for us. First, it allows the capture of NAT translations for DMCA related notifications for subscribers. Secondly, it addresses the need for an internal syslog server.
- The free edition is extraordinarily powerful.
- Log searching is quick.
- The web interface is sleek, and the install is relatively quick.
- Rotating the indexes are hard! It is also easy to brick your deployment. Purchase support, but it's so ludicrously expensive, that I'd go with a different vendor.
- Community support dances around questions and points to documentation, which is there, but is not always accurate.
- Searching logs uses logic that is not always easy to use.
- There is not a good way to size how much space you need for a given log retention. It also does not tolerate running out of space using a smart feature or such to auto delete. The heap can also overflow.
- It uses MangoDB instead of a different database.
- The OVA is not approved for production use.
- It is resource intensive.
- Graylog has allowed our clients to successfully log NAT translations and comply with the DMCA, protecting us in terms of Safe Harbor.
- Graylog allows us to have a central server for syslog, which saves time rather than checking each machine, or figuring out events if we experience a unresponsive failure, lowering downtime.
- We have also spent a lot of time learning Graylog, which was a considerable investment. However, it is now starting to pay its dividends.
We use the free edition, because it is free and open source. We evaluated numerous other products, but we decided to go down the Graylog track because of initial costs. While the competition (Splunk, AlienVault, etc.) are very good products and come highly recommended, it simply was not in the budget to choose one of those products at this time. I have many clients who have used both, and decided to go with AlienVault, however.
January 29, 2020
Graylog can compete against the big boys.
We currently use Graylog as a log aggregator and some light weight SEIM. However, we haven't had the cycles to use the other features of it. Presently solves our centralized log collection problem.
- Log Aggregation pipeline
- Dashboards
- Pricing for Enterprise is a bit unrealistic.
- Archiving should be a standard feature in the community edition.
- Full return on investment for the free version.
- Paid features aren't fully justifiable at the enterprise cost.
In terms of log aggregation, the free product fully stacks up with the competitors listed. Full control over the data ingests for flexible configuration. Graylog even better on that front than AlienVault USM because you cannot configure the variable mapping. We haven't used the threat exchange stuff or correlation. But with regex searches, we have created function dashboards that show threat theater pictures of our network based on logs from our firewall.
December 05, 2018
Graylog is GREAT
We use Graylog to view all of our system logs in one place. We use this software to back up our logs so in the event we need to review them we can go back as far as we need to. This software allows us to collect all our data easily.
- Manages logs for a variety of devices
- Easy to set up
- A great open source solution
- If you don't know your way around Linux setup would be tricky. Some step by step videos would be helpful.
- This is a perfect solution for us and didn't cost us a dime.
Graylog provides some great functionality for free. There are some more premium products that would handle more logs and would be a little easier to configure.