This release unifies views, dashboards, and search for a more flexible and comprehensive approach to threat hunting. The expanded search introduces greater efficiency by making it easier to reuse searches you need to run on a regular basis with saved search and search workflows. Other enhancements such as full screen dashboards, and updates to alerting round out v3.2.
As data continues to grow in size and complexity, the ability to explore that data becomes more important. With Graylog’s expanded search you can build and combine multiple searches into one single action and review your delivered results on one screen.
Begin the hunt for the information needed to address issues, threats, outages, and customer support calls by drilling into the data on different dashboards, and when necessary, override the parameters and get new results in your dashboard widgets. Using a single or multiple input parameters, initiate common multi-step analyses present the results on dashboard-like widget screen.Download Now
Identify outages and slowdowns sooner, even forecast the need for additional infrastructure such as another domain controller by correlating performance log data from throughout your environment.
Create flexible visualizations and transform data with our powerful new aggregation builder UI.
Time Range Selector
Every view has a time range selector to quickly change the time range you want to search in. Start with looking at only an hour of data and then switch to a full week of data with just a click.
Save and Re-uSe
Have a task that you or your colleagues are executing regularly? Create a view once and re-use it anytime. Have flexible parameters like an IP address or hostname? Substitute parts of the query with parameters and configure them easily before view execution.
Want to search across multiple streams at once or quickly add another one? The whole result set is now always based on all streams that you select in the streams selector box.
IT Security & Compliance
Reduce noise by identifying security issues by correlating log messages across time, endpoints, and different types of endpoints before sending alerts up the tech stack.
Reports are built using an intuitive GUI-based process. No complicated configuration language, and all the benefits of WYSIWYG.
Configure reports to be sent out at custom intervals. The report will be attached as a PDF to a customizable email.
See when scheduled reports were sent out and who received them.
Download a current PDF report at any time with a click from the web interface.
Network & Telecom
Bring together all your logs from all your networking equipment in one place so you can holistically see what’s loading up the network and create alerts based on a combination of factors across hardware.
Manage Any Collector
Deploy, configure, or restart any log collector. Collector configurations can be shared and imported using content packs.
New Configuration UI
The new configuration UI is text-based and much easier to use than the existing one. Apply different configurations easily, on all or only selected collectors and based on their type.
Improved Status Reporting
The sidecar process and the processes it manages are now reporting more status and error information to allow remote debugging and remediation from within the web interface and without ever logging in to the remote machine.
Saved Searches, Parameterization, and search Workflows (Enterprise)
Graylog has just made it easier to reuse searches that you need to run on a regular basis by integrating Views and Searches. Enterprise users can take advantage of the new parametrization features that let you enter one or more search criteria for a more comprehensive search. You can combine searches by creating a search workflow, and you can save this workflow so that a broad range of team members can use it on a regular basis. Finally, you can monitor your results with dashboards and you can have your results delivered to your inbox on a regular basis.
Alerts in the Enterprise version 3.2 now utilize dynamic lists as well as alerting against multiple conditions at once. The new dynamic lists are a combination of alert parameters and look up tables. (Think searching and correlating across third party databases like active directory or threat intelligence feeds). Supporting more than one condition for alert events is another way Graylog adds efficiency to your work day.
V3.2 gives you the option of a full screen dashboard inside Graylog for those times you need all the surrounding elements on your laptops, computers, and/or monitors.