Announcing Graylog v4.0

November 18, 2020

Announcing Graylog v4.0 

Today we are officially releasing Graylog v4.0.

This release introduces productivity gains with new Teams Management. Enterprise-sized organizations have a greater degree of flexibility to share dashboards and search templates within a team and across the organization by controlling access to content creation at a Team level. Other enhancements include Dark Mode, Slack and Script Notification Plugin, and support for Elasticsearch 7. And these are just the highlights of everything that’s waiting for you in this new release.

Beginning with v4.0, Graylog Open Source will be licensed under the Server Side Public License (SSPL). First introduced by MongoDB, the SSPL license provides similar open source rights to GPL v3, and additionally extends those rights to cover cloud and SaaS offerings. For more information about this upcoming license change, see


Upgrading from a previous Graylog release? You can find the upgrade notes here.

Please report bugs and any other issues in our GitHub issue tracker. Thank you!


Teams Management allows Graylog Enterprise users and teams to manage access to their own Graylog content. This new feature replaces the current Role-based Access Control (RBAC) and reduces the amount of time administrators spend managing user access.

How it Works

Teams now encompass users and roles. Roles indicate what the user can do/what actions that user can take. Associated view, edit, create privileges are set at the entity level through sharing. 

To pull this all together, Graylog syncs with your organization’s authoritative identity source to automatically provision users with the appropriate rights and permissions. Graylog Enterprise maintains this synchronization when you activate the specific authentication service. Graylog will continue to update team members when necessary upon login. Next, Graylog uses the current roles and AD groups to auto-populate access that reflects the organizational permissions structure. 

Administrators can create teams that are easily found by a search for standard names and/or terms. For example, the admin can create teams such as “Security Team,” making it easier to find users with similar data needs through lists of users, groups, or a combination of both. Also, the global setting capabilities enable Admins to limit who views data more precisely, ultimately mitigating privacy risk. Organizations can still manually manage access and permissions if necessary.

NOTE: You cannot manually manage synchronized Teams in Graylog. You have to manage them in the original identity provider. For example, if you create a team in LDAP, you cannot add or remove team members in Graylog. You can, (and we recommend that you do) configure the roles that accompany the team.

Graylog OS will continue to offer LDAP and Active Directory out-of-the-box because we believe user access control is an essential feature for successful log management and it should be included in every logging solution. We have also added the “trusted HTTP header” authentication method to Graylog. This feature paired with a proxy server can enable authentication providers (e.g., keycard systems, Kerberos, etc.) that Graylog does currently support. Because teams are only available in Graylog Enterprise, the Open Source product no longer has Group Mapping. 


The Dark Mode option is a common popular request in technology because of the benefits to your eyes and the battery life for your devices. The option is now included in Graylog. Enjoy!


Graylog v4.0 now includes support for Elasticsearch 7. Elasticsearch 7 will only work with Graylog v4.0. All nodes need to go to Elasticsearch 7. 

NOTE: You can continue to use Elasticsearch 6, but we always recommend that you run the latest supported version of the application. 


In the 4.0 release, we have added support for several new Event Notification types, including Slack Notifications that will send a custom message to any Slack channel when an Event is triggered and Script Notifications which allow you to execute your own script in response to Events. The addition of Script Notifications, an Enterprise-only feature, allows users depending on legacy Alarm Callbacks to fully migrate of this deprecated functionality.


Let us know what you’d like to have included in our GitHub issue tracker.

Get Graylog

See Demo