The Graylog Blog

Announcing Graylog 1.2 GA Release: Includes 30+ New Features

We are happy to announce that Graylog 1.2 is now generally available. This is a milestone release with over 30 new features and bug fixes. We have made significant improvements in usability, performance, and LDAP group integration.

A big thanks to the community for the code contributions and bug testing!

In this release, we optimized our stream processing engine while adding the new OR operator feature, and the results speak for themselves. In some cases, Graylog users reported a nearly 20% reduction in average CPU utilization. This improvement could enable you to collect more log data or reduce your infrastructure costs.

The release candidate feedback from the community has been very positive, and we were able incorporate several additional improvements as a result, including better LDAP group filtering for very large LDAP deployments.

Read on for Graylog 1.2 feature highlights.


Access Control, Management & Scalability

  • User Roles & LDAP Group Support: Map user roles to LDAP groups and use LDAP groups to manage user access to Graylog. This makes user management in large environments much easier, since your already-defined LDAP groups can be automatically mapped to Graylog roles.

Roles LDAP

  • Faster Stream Router Engine: The new stream router engine, with better stream matching performance, is up to 6 times faster than previous versions. This will improve message processing throughput and Graylog server utilization.

  • OR Rule Stream Support: Stream rules can now use both OR/AND operators, resulting in more flexible stream rules and fewer streams to manage.

OR Stream Support

  • Improved Graylog Service Availability: Graylog server can now start without Elasticsearch. This results in less potential data loss if Elasticsearch is unavailable because the Graylog server can buffer messages until Elasticsearch is available again.

User Interface

  • Stacked chart widget support: When you create a stacked chart, you can now add it as a widget to a dashboard.

Stacked Chart Widget

  • Cardinality Field Statistics: Sometimes you want to know how many unique values are included in a field results set. This number is now included in the statistics widget.

Cardinality Field Statistics

  • Alarm Callback History: When an alarm callback fails, you can now debug why it failed.

Alert Callback History

  • Simplified Grok import/export with content pack support: You can now include Grok patterns in content packs. This helps community members share complete content packs in the new Graylog Marketplace.
  • Time zone support for date converter: Date converters now use your Graylog time zone to convert dates correctly. This makes parsing of dates with extractors much easier and less error prone.
  • Several Dashboard UI improvements

Inputs, Outputs and Extractors

  • New Raw AMQP input
  • New Syslog AMQP input
  • TLS client certificate authentication to all TCP based inputs
  • TLS support for GELF HTTP input/output (many thanks to Georg Buschbeck for contributing this feature)
  • New MessageListCodec interface: For codec implementations that can decode multiple messages from one raw message.
  • Keepalive configuration option for all TCP transports
  • New JSON field extractor

JSON field extractor


Try it out!

Download Information

The Graylog packages are available on our download page in the “All releases” section.

Our virtual appliance in OVA format has been updated for this release, too.

Docker packages of this release are available on Docker Hub and our DEB/RPM packages can be found here.

Feedback is welcome!

Please report any bugs you find or questions you have through one of our community channels. Feature ideas are welcome in our product idea portal.

Release Notes (changes since Graylog 1.2.0-rc.4)

Previous 1.2 Release Notes

comments powered by Disqus