API Security adds Continuous Discovery and Risk Scoring PLUS a Free Version | LEARN MORE>

The Graylog blog

NOTE: Graylog has made many updates to the application since this release. We encourage you to update to the latest version and take advantage of the large number of new features and functionality.

We are excited to announce that the final release of Graylog v2.2 is now available! Our focus for this release was on improvement of four current features: data retention, alerting, the pipeline processor, and the collector sidecar. We’ve also fixed bugs along the way and have noted the full list of changes below. Thank you for all of your feedback and helping us reach this milestone.

Download links

Download Graylog v2.2.0:

Let’s see what’s new!

Alerts Page

We’ve made it easier to manage your alert notifications by adding an Alerts page in the navigation bar. The alerts overview page lets you view which alerts currently require your attention in an easy way. You can also easily check alerts that were triggered in the past and are now resolved. From within the alert details page, you can see a timeline of what occurred since Graylog detected an alert condition was satisfied. This includes the time when Graylog evaluated the condition that triggered the alert, the time when notifications were executed and the results of executing them, and the time when the alert was resolved (if that is the case).

Stateful Notification

With this release, we have introduced stateful notifications for our alerts. In previous Graylog versions, while an alert condition was satisfied, a new notification was sent every minute. The only way to influence this behavior was by using the grace time functionality, but this was not flexible enough. Alert conditions that were satisfied for longer periods of time would trigger a lot of unnecessary alerts and lead to alert fatigue.

With the new stateful notifications, you will not be notified again until the alert condition is no longer satisfied.

Custom Data Retention Times and Index Sets

The most requested feature since the early days of Graylog has always been the ability to configure different data retention times based on the type of data. For example, our users wanted to be able to keep firewall logs for 3 days, web application logs for 7 days and all other logs for 30 days. This feature is now available in Graylog v2.2.

This feature has been implemented using a new functionality we call Index Sets. Think about an index set like a custom index and data retention configuration for a stream. Create a stream called Firewall Logs and apply an index set on it that will clean old data after 3 days. In this index set, you can also define custom replica and shard configurations.

Other Notable Features

Introducing the explicit default stream! With the new default stream, non-admin users can be granted access to all messages.

Stabilized Pipeline Processor! We’ve improved performance with faster processing speed. The Pipeline Processor is now considered stable and we recommend to start moving to it from the old Extractors functionality.

Sidecar collector performance improvements with easier usability and the ability to restart single collectors from the web interface

 

UPGRADING FROM GRAYLOG 2.1.X TO 2.2.X

Please be sure to read the upgrade documentation before start the upgrading process!

For OVA users, please follow these instructions to upgrade your Virtual Machine Appliances.

CHANGES

The full Graylog 2.2.0 changelog is available here.

WE LOVE YOUR FEEDBACK

We are really excited about Graylog 2.2.0, and we want to hear what you think about it! There are a variety of ways to provide feedback, all of which can be found on our get involved page:

Get the Monthly Tech Blog Roundup

Subscribe to the latest in log management, security, and all things Graylog Blog delivered to your inbox once a month.