Do more with your log data

Finally, all your log data available and accessible in one central location

Discover and resolve issues faster. Keep end users happy with less downtime and better performance by proactively monitoring key indicators and exceptions across the entire stack.

Message Processing Pipeline

It's easy to parse and enrich logs from any data source using Graylog's flexible processing engine. Reuse code and simplify rule management by composing stages in named pipelines. Add your own enrichment and parsing functions for additional flexibility.

Ideas: Enrich a log message with geo-coordinates translated from an IP address. Map a user ID to a user name. Split a log message containing metrics into separate messages.


Search through terabytes of log data to discover and analyze important information. Use the powerful search syntax to find exactly what you are looking for. Save search queries to share.

Ideas: Find application errors across all servers with a single query. Investigate the activity of a suspicious user ID in the last hour. Discover the single misconfigured firewall in your network.


Create dashboards to visualize metrics and observe trends in one central location. The simple user interface enables team members to easily access the wealth of information and add new charts.

Drill-Down Analysis

Use field statistics, quick values, and charts from the search results page to dive in for deeper analysis of your data.

Ideas: Find all IP addresses that were blocked by a specific firewall. Get the average response time of your application components. Discover users with the most failed logins within the last 24 hours.

Archive (Available in Graylog Enterprise)

Automatically archive the data that you do not search through very often. Store this data on more cost-effective, slower hard disks and make it available for search in Graylog only when you need it.

Pro Tip: Auditors will love this.

Alerts and Triggers

Trigger actions or get notified when something needs attention, such as failed login attempts, exceptions or performance degradation.

Ideas: Send an email or Slack message to your team. Spawn a new machine to balance the processing load. Block IP ranges in your firewalls automatically when an attack is detected.

Collector Sidecar

Control and configure popular log collectors and agents via the Graylog Web Interface.

The Sidecar runs next to your favorite log collector (like fluentd or nxlog) and configures it for you. Enjoy central configuration from the Graylog web interface, as well as no more tinkering with configuration files.

“Using Graylog, we are able to provide a better user experience for our gamers. Our reaction time is much faster than before, and our players experience less outages and other error-related problems.”

Felix Oechsler, Lead Windows System Administrator (Gameforge) | Read case study

Eliminate the information bottleneck between your teams

Tear down the walls. Give everyone secure access to the real-time data when they need it to collaborate effectively while maintaining compliance.

Central Management

Give your teams access to runtime configuration and the log data they need without touching the Graylog servers. No need to restart the system.

DevOps: Let developers set up parsing of their own messages. Configure streams on the fly. Route messages to your own workstation for debugging.

Users and Roles

Group users into roles to simplify permission management. You can also restrict what kind of log messages certain users are allowed to access, using our real-time categorization functionality.

Pro Tip: Create system user roles that can only spawn new inputs and cannot access any log data. Use these for scripts that access the Graylog REST API.


Graylog can be integrated with your existing LDAP user directories.

Use your data log anywhere, in any way

Use the REST API to access log data and configuration programatically. Forward data to specialized systems or anything else that needs a real-time stream of data.


Both configuration settings and log data are available through the Graylog REST API. Integrate Graylog seamlessly into your evolving architecture, and build your own reports and analysis. The REST API is the only dependency of our web interface, so high quality and completeness is guaranteed.

Ideas: Pull data into customized reports. A stream could be created automatically every time a new virtual machine is spawned.


Forward data to specialized systems or anything else that needs a real-time stream of data.

Ideas: Forward metrics to a time series database or an APM tool. Stream log data temporarily to your workstation for ad-hoc debugging.

“Some people may view Graylog as an alerting and root cause analysis engine, but it is much more than that. It provides real-time data and leading indicators to address issues before there is any noticeable impact to users. This isn’t even something theoretical. We are doing this today.”

Drew Miranda, Systems Engineer (Ochsner Health System) | Read case study

Ready to try Graylog?

Download now