The next generation of Graylog is here! Based on thousands of suggestions from our community, it comes with a ton of new features that make your job faster and easier - from troubleshooting to threat hunting to compliance. Whether you’re an Enterprise customer or an Open Source user, you’ll find plenty of reasons to upgrade.Download Now
Rethink the intersection of data queries and workflows when investigating issues and security threats. Graylog Views let you initiate common multi-step analyses with a single input parameter that generates a string of searches and presents the results in dashboard-like widgets on one screen. Easily share Views with the rest of the team to ensure consistency and empower more junior team members.
Create flexible visualizations and transform data with our powerful new aggregation builder UI.
Every view has a time range selector to quickly change the time range you want to search in. Start with looking at only an hour of data and then switch to a full week of data with just a click.
Have a task that you or your colleagues are executing regularly? Create a view once and re-use it anytime. Have flexible parameters like an IP address or hostname? Substitute parts of the query with parameters and configure them easily before view execution.
Want to search across multiple streams at once or quickly add another one? The whole result set is now always based on all streams that you select in the streams selector box.
Okay, this is a big one that you’ve been asking for! You can now get a “dashboard in your mailbox.” Automatically send out reports on log data for review or compliance, and we expect our intuitive GUI-based report builder to surpass your expectations.
Reports are built using an intuitive GUI-based process. No complicated configuration language, and all the benefits of WYSIWYG.
Configure reports to be sent out at custom intervals. The report will be attached as a PDF to a customizable email.
See when scheduled reports were sent out and who received them.
Download a current PDF report at any time with a click from the web interface.
Our popular Sidecar feature allows you to use the Graylog web interface to centrally manage nxlog or filebeat log collectors on your endpoints. The new version of Sidecar comes with tons of improvements, but most importantly, it allows you to manage any remote process. Want to manage sysmon or auditd remotely? No problem.
Deploy, configure, or restart any log collector. Collector configurations can be shared and imported using content packs.
The new configuration UI is text-based and much easier to use than the existing one. Apply different configurations easily, on all or only selected collectors and based on their type.
The sidecar process and the processes it manages are now reporting more status and error information to allow remote debugging and remediation from within the web interface and without ever logging in to the remote machine.
There are numerous other updates in v3.0, but here are a couple more to note:
After multiple years of availability, Content Packs have been re-built from the ground up. They are now much easier to use and work with all Graylog entities - including processing pipelines. A drastically improved and wizard-based process lets you create and export content packs, and imported content packs now have revisions. Parameters can be used to customize content during import. Ever wanted to ask the user what port to launch a certain input on? No problem.Learn More
We have received a number of requests for security-specific content including out-of-the-box integrations with the most common security-related software packages and network hardware. In 2019 we will offer a premium version of Graylog that includes these integrations and other security-related content.
To get you up and running as fast as possible, we will soon be offering a version of Enterprise that includes additional security-related content in the default installation.Contact Our Sales Team