ContactSupportPartner Portal

Graylog Enterprise Edition


Graylog is a centralized log management (CLM) platform that seamlessly collects, enhances, stores, and analyzes log data. Logs are fundamental to any IT operations or security program, and placing them all in a single location greatly simplifies their use.


Graylog is composed of three components: Graylog, MongoDB, and Elasticsearch. All components can be installed on one server for evaluation or POC deployments. For production installations, we recommend that you separate the Elasticsearch component onto a separate server.

System Requirements

For a typical installation we recommend the following minimum system requirements:

  • 4 CPU Cores
  • 8 GB RAM
  • SSD Hard Disk Space with High IOPS for Elasticsearch Log Storage

About Graylog

We love logs. Purpose-built for modern log analytics, Graylog removes complexity from data exploration, compliance audits, and threat hunting so you can find meaning in data easily and take action faster. Founded in 2013, and primarily operating out of Houston, Texas and Germany, Graylog is used to ingest and analyze terabytes of log data across the globe by tens of thousands of users every day.


Role-Based Access Control
Control who can access what data and Graylog capabilities, includes LDAP/Active Directory integration.
Extract data and Graylog alerts to other systems to automate reporting, workflow, and research across your entire Operations Center tech stack.
Content Packs
Import collections of parsers, alerts, dashboards, and reports tied to a specific data source from Graylog or the Graylog Marketplace. Export all or parts of the configuration of a Graylog instance to move easily from Test to Production. You can also share your custom solutions in the Marketplace.
User Audit Logs
Log the log management system! Compliance and security best practices require tracking of who accessed what log data and what actions they took against that data.

Collection & Processing

Data Enrichment & Lookup Tables
Add data such as threat intelligence, WHOIS, IP geolocation, or other structured data to assist in analytics. Use to whitelist/blacklist data to remove noise or known “ignore this” situations, and perform faster research.
Convert raw machine data into structured data for storage, search, and analysis.
Control data processing with staged processing rules to ensure the right parser, data enrichment, and lookup table(s) are applied.
Centralize deployment and management of 3rd party, and custom log collectors.
Route log messages into categories in real time while they are processed to make it easy to target queries, dashboards, and reports for faster results.

Search & Visualization

Correlation Engine & Event Management
Add data such as threat intelligence, WHOIS, IP geolocation, or other structured data to assist in analytics. Use to Be alerted via email, text, Slack, or other mechanisms based on a single event, many combined events, or even a lack of events.whitelist/blacklist data to remove noise or known “ignore this” situations, and perform faster research.
Interactive Dashboards
Customize data visualization using widgets with sophisticated data aggregation for result counts, histograms, statistical values, field value charts, stacked charts, pie charts, and pivot tables.
Automate the delivery of key dashboard widgets to your inbox.
Scalable Search
Build complex, even chained queries in minutes, with many different data visualization output options using Graylog’s web console. No proprietary query language needed. Use Elasticsearch with Graylog’s architecture of multiple processors, and multiple buffers on a single machine, that then multiplies that threaded search across the number of participating nodes in the cluster for immense scalability and speed.
Search Workflow
Explore your data by building and combining multiple searches into one single action and review your delivered results on one screen. Using a single or multiple input parameters, initiate common multi-step analyses and present the results on dashboard-like widget screen. Also, you can easily create and save common Search Workflows for the team to ensure consistency and empower more junior team members, with pre-configured workflows.

"Best performance, user friendly interface, very smart charts, lot of functionality, cross-platform compatibility, data very speed searching, very clear indices management, easy to configure dashboard, a very clear and easy message setup and streaming configuration, graylog server configuration is not complicated."

— Andy Larry R.

"Moved to Graylog for ease of managing log data. Great for generating reports to deliver on business security and audit requirements. Ease of moving logs from Microsoft and Linux devices."

— Data Storage Engineer - Education

"We run a containerized microservices environment. Being able to set up streams and search for errors and anomalies across hundreds of containers is why a log aggregation platform like Graylog is valuable to us."

— Jason Crow
Contact Sales