This release includes enhancements to search, events, and alerts that introduce greater efficiencies to your daily log management efforts and strengthen your audit and compliance capabilities.
It’s often the little things that make all the difference. Graylog’s new search enhancements focus on making some of the tasks performed on a regular basis more efficient. For example, users make content choices such as adding a limit on the total number of messages or pull data from multiple streams before exporting a CSV file.
Error messages offer a greater level of detail. For example, if you run a search across three streams but only have permission to access one of them, Graylog will display an error message letting you know. This also applies to saved searches. If a colleague shares a saved search, Graylog will display an error message if you do not have the appropriate permissions to view the results. Other enhancements include UI improvements for better performance and search execution. For the latter, this means if you make any changes to your search you can control when you want to re-execute it.Download Now
Identify outages and slowdowns sooner, even forecast the need for additional infrastructure such as another domain controller by correlating performance log data from throughout your environment.
Create flexible visualizations and transform data with our powerful new aggregation builder UI.
Time Range Selector
Every view has a time range selector to quickly change the time range you want to search in. Start with looking at only an hour of data and then switch to a full week of data with just a click.
Save and Re-uSe
Have a task that you or your colleagues are executing regularly? Create a view once and re-use it anytime. Have flexible parameters like an IP address or hostname? Substitute parts of the query with parameters and configure them easily before view execution.
Want to search across multiple streams at once or quickly add another one? The whole result set is now always based on all streams that you select in the streams selector box.
IT Security & Compliance
Reduce noise by identifying security issues by correlating log messages across time, endpoints, and different types of endpoints before sending alerts up the tech stack.
Reports are built using an intuitive GUI-based process. No complicated configuration language, and all the benefits of WYSIWYG.
Configure reports to be sent out at custom intervals. The report will be attached as a PDF to a customizable email.
See when scheduled reports were sent out and who received them.
Download a current PDF report at any time with a click from the web interface.
Network & Telecom
Bring together all your logs from all your networking equipment in one place so you can holistically see what’s loading up the network and create alerts based on a combination of factors across hardware.
Manage Any Collector
Deploy, configure, or restart any log collector. Collector configurations can be shared and imported using content packs.
New Configuration UI
The new configuration UI is text-based and much easier to use than the existing one. Apply different configurations easily, on all or only selected collectors and based on their type.
Improved Status Reporting
The sidecar process and the processes it manages are now reporting more status and error information to allow remote debugging and remediation from within the web interface and without ever logging in to the remote machine.
Planning ahead? Have alerts you only want to trigger at certain times? Need to pause in the middle of creating an alert? Have an alert creating too much noise and want to disable it and work on it? Now you can create Alert rules and save them for later. You can pause or disable an active Alert. And you can stop and save any time you are creating an alert.
AUDIT EVENTS (ENTERPRISE)
Graylog Audit Events now record when someone creates and executes a search along with the search content. This includes stream searches and dashboards as well. For example, if a developer debugs an application and that application has financial data, now you have an audit trail of exactly what and when the data was viewed.
NEW: INPUT FOR OKTA LOG EVENTS (ENTERPRISE)
In Graylog 3.3, we have added a new input for Okta Log Events. You simply enter your domain name and API key to pull your Okta event logs into Graylog. Keeping track of your authentication data in the cloud is critically important for monitoring employee activities. This new input will make this task easier. All logs collected will conform to the new Graylog schema. (Coming soon!)
ELASTICSEARCH DISK SPACE NOTIFICATIONS
If the disk space in an Elasticsearch cluster runs low or runs out, this can lead to data loss and other problems down the road. To prevent this from happening, Graylog has added visual identification to alert you to the problem and we provide a link to documentation that can guide on how to resolve it.