Today we are officially releasing Graylog v3.2.3.
This release includes the ability to share searches in real-time and the return of our popular “surrounding search” function that had to be temporarily removed due to work on consolidating all the search functions in 3.2.
Many thanks to our community for reporting issues and contributing fixes!
- Docker image
- DEB and RPM packages are available in our repositories
- OVA / Appliance
- Tarballs (manual installation):
Please report bugs and any other issues in our GitHub issue tracker. Thank you!
NEW: REAL-TIME SHARING OF SAVED SEARCHES
Many times two sets of eyes are better than one when you’re exploring data. Now with Graylog, you can accelerate investigations by sharing saved searches in real-time. For example, you’re investigating a processing timeout across multiple systems but having no luck pinpointing the cause. You need help to find and fix it fast. With the new sharing feature, you can immediately share your search with a colleague. You can view the same data simultaneously, even if you’re in different locations, and explore the data together.
UPDATE: SURROUNDING SEARCH
Threat hunting and incident response are more powerful with surrounding search.
In the search window, pinpoint the log message that interests you, specify the parameters, and then the specifications for additional log messages. Graylog will return the results in a new search window, highlighting the message from the original log, and the surrounding messages before and after it based on time, ip address, or other parameter.
Surrounding search is a great way to get real-time answers, then explore your data once you have a starting point. For example, if you have a malicious code execute on an endpoint, you can initiate a query to retrieve the relevant log message from that endpoint, plus request a list of all log messages for the 5 minutes before and after on that endpoint or retrieve log data on all surrounding ip addresses within a 10 minute window at the same time. This gives you the ability to quickly see what else was happening to that machine or nearby machines within the relevant time frame all in one step.
UPDATE: REPLAY SEARCH
Press play to explore information on your graph results. For example, if you see something out of the ordinary on the Dashboard visualization (e.g., a performance spike) and you want a closer look at the logs represented in the widget, you can click play and Graylog will initiate a new search and return the results in a separate tab, replaying the event with all relevant log messages in order.
UPDATE: SUPPORT FOR NEWER KAFKA VERSION
To provide users with more customization options, Graylog v3.2.3 added support for newer Kafka versions.
GRAYLOG ENTERPRISE 3.2.3
- Fixed issue with custom fields and correlation event definitions.
- Add back auto-completion for _exists_ queries. Graylog2/graylog2-server#7441 Graylog2/graylog2-server#7604
- Add back field sorting for the message table widget. Graylog2/graylog2-server#7645
- Improve chart rendering for zero values. Graylog2/graylog2-server#7605
- Rename “Aggregate” field option to “Show top values” to make it more clear. (this was previously called quick values) Graylog2/graylog2-server#7663
- Fix widget error “n.find is not a function”. Graylog2/graylog2-server#7365 Graylog2/graylog2-server#7538
- Fix problem with rendering table widgets. Graylog2/graylog2-server#7565 Graylog2/graylog2-server#7611
- Fix aggregation event definitions when no streams are selected. Graylog2/graylog2-server#7619 Graylog2/graylog2-server#7625
- Fix problem with showing message journal statistics on the node details page. Graylog2/graylog2-server#7521 Graylog2/graylog2-server#7633
- Fix sorting problem when sorting over different streams. Graylog2/graylog2-server#6490 Graylog2/graylog2-server#7569
- Fix search and dashboard issues with Internet Explorer 11. Graylog2/graylog2-server#7660
- Fix search page refresh handling. Graylog2/graylog2-server#7661