We are happy to announce that Graylog 1.2 is now generally available. This is a milestone release with over 30 new features and bug fixes. We have made significant improvements in usability, performance, and LDAP group integration.
A big thanks to the community for the code contributions and bug testing!
In this release, we optimized our stream processing engine while adding the new OR operator feature, and the results speak for themselves. In some cases, Graylog users reported a nearly 20% reduction in average CPU utilization. This improvement could enable you to collect more log data or reduce your infrastructure costs.
The release candidate feedback from the community has been very positive, and we were able incorporate several additional improvements as a result, including better LDAP group filtering for very large LDAP deployments.
Read on for Graylog 1.2 feature highlights.
Access Control, Management & Scalability
- User Roles & LDAP Group Support: Map user roles to LDAP groups and use LDAP groups to manage user access to Graylog. This makes user management in large environments much easier, since your already-defined LDAP groups can be automatically mapped to Graylog roles.
Faster Stream Router Engine: The new stream router engine, with better stream matching performance, is up to 6 times faster than previous versions. This will improve message processing throughput and Graylog server utilization.
OR Rule Stream Support: Stream rules can now use both OR/AND operators, resulting in more flexible stream rules and fewer streams to manage.
- Improved Graylog Service Availability: Graylog server can now start without Elasticsearch. This results in less potential data loss if Elasticsearch is unavailable because the Graylog server can buffer messages until Elasticsearch is available again.
- Stacked chart widget support: When you create a stacked chart, you can now add it as a widget to a dashboard.
- Cardinality Field Statistics: Sometimes you want to know how many unique values are included in a field results set. This number is now included in the statistics widget.
- Alarm Callback History: When an alarm callback fails, you can now debug why it failed.
- Simplified Grok import/export with content pack support: You can now include Grok patterns in content packs. This helps community members share complete content packs in the new Graylog Marketplace.
- Time zone support for date converter: Date converters now use your Graylog time zone to convert dates correctly. This makes parsing of dates with extractors much easier and less error prone.
- Several Dashboard UI improvements
Inputs, Outputs and Extractors
- New Raw AMQP input
- New Syslog AMQP input
- TLS client certificate authentication to all TCP based inputs
- TLS support for GELF HTTP input/output (many thanks to Georg Buschbeck for contributing this feature)
- New MessageListCodec interface: For codec implementations that can decode multiple messages from one raw message.
- Keepalive configuration option for all TCP transports
- New JSON field extractor
Try it out!
The Graylog packages are available on our download page in the “All releases” section.
Our virtual appliance in OVA format has been updated for this release, too.
Feedback is welcome!
Release Notes (changes since Graylog 1.2.0-rc.4)
- Make sure existing role assignments survive on LDAP account sync. Graylog2/graylog2-server#1405 | Graylog2/graylog2-server#1406
- Use memberOf query for ActiveDirectory to speed up LDAP queries. Graylog2/graylog2-server#1407
- Removed disableindexrange_calculation configuration option. Graylog2/graylog2-server#1411
- Avoid potentially long-running Elasticsearch cluster-level operations by only saving an index range if it actually changed. Graylog2/graylog2-server#1412
- Allow editing the roles of LDAP users. Graylog2/graylog2-web-interface#1598
- Improved quick values widget. Graylog2/graylog2-web-interface#1487