Clean, robust and intuitive central logging
January 18, 2022

Clean, robust and intuitive central logging

Anonymous | TrustRadius Reviewer
Score 7 out of 10
Vetted Review
Verified User

Software Version

Graylog Small Business

Overall Satisfaction with Graylog

We have more than 60 applications, ranging from websites, Winforms, windows services, API's and console executables. All of them need to log their tracing and/or error information to a central location. It needs to be central because you don't want to search for this location, especially when you only have 5 minutes to solve a problem. We used to have a dedicated database for logging, but this does not eliminate the time lost searching for "the" logs. Also, [the] configuration used to be a manual and self-made business that wasn't always clear. Graylog is a dedicated logging solution that comes "out of the box" and is made accessible through a well-known plugin architecture (log4net if you're developing with the .NET framework).
  • Nice search interface and powerful search options
  • JSON extractor to "extract" variables and values from JSON input.
  • Clear and intuitive dashboards
  • In the front end, the search "tricks" could have been made a little easier to find. There seems to be some kind of "search language" where you can use keywords like "AND" and "OR," etc. (much like SQL language). But it's totally unclear what does work and what doesn't. If you don't know that it's there, you'll never find it. Of course, after you do know it, you can find many examples online on how to use it.
  • The backend is not for the inexperienced. Graylog is based on elastic search and MongoDB. And it's Linux. This means that Graylog is actually 3 applications that you need to configure in a Linux environment. This means that you need quite some experience to get this running. Fortunately, though, things are kept as simple as possible. What I mean is that at first, the task seems daunting, but then you'll find that there's not much to it after all.
  • We've had multiple occasions that disk size was full or indexes went larger than allowed. When this happens, the systems can become corrupt. The solution is to just delete the indexes, but it took quite some time to find this out.
  • We disabled "Automatic updates" on the Linux server because unattended updates always lead to problems. This is not a real problem, or solely related to Graylog, but worth mentioning. Updates are best handled manually.
  • Central (the fact that it's central), one place to log them all
  • Multiple ways to log, one I already mentioned (log4net)
  • AD support
  • The fact that it's free
  • Negative: None. There is no negative impact by using Graylog.
  • Speed of solving bugs. Logging is so accessible and easy to search that we spend a lot less time [searching] for specific errors.
  • Better health of applications. Since monitoring the logs is so easy, it's very easy to keep an eye on the tracing to see if things are going smoothly and according to plan.
Azure Monitor is not exactly what I mean, but I couldn't find Azure Application Insights. Anyway, for a large organization, Azure makes more sense than using Graylog because a lot of logging will already be inside Azure. And you don't want to have two "central" logging locations. But Azure is chaos and highly "not intuitive." So for small and mid-size organizations, Graylog is still the better option.

Do you think Graylog delivers good value for the price?


Are you happy with Graylog's feature set?


Did Graylog live up to sales and marketing promises?


Did implementation of Graylog go as expected?


Would you buy Graylog again?


For small companies, Graylog is the best solution possible. It's easy to configure and "just works." Above everything else, it's free. The only thing I hold against it is the fact that it's Linux-based. [This] makes sense because Elasticsearch is Linux-based. But Linux adds a layer of complexity that we don't need for something basic as a logging server. I'm pretty sure that we would have had a logging server years earlier if I had to convince quite a few decision-making people to go ahead with it anyway.