Graylog 3.0

Views

Rethink the intersection of data queries and workflows when investigating issues and security threats. Graylog Views let you initiate common multi-step analyses with a single input parameter that generates a string of searches and presents the results in dashboard-like widgets on one screen. Easily share Views with the rest of the team to ensure consistency and empower more junior team members.

See what's new

Aggregation Builder

Create flexible visualizations and transform data with our powerful new aggregation builder UI.

Time Range Selector

Every view has a time range selector to quickly change the time range you want to search in. Start with looking at only an hour of data and then switch to a full week of data with just a click.

Save and Re-uSe

Have a task that you or your colleagues are executing regularly? Create a view once and re-use it anytime. Have flexible parameters like an IP address or hostname? Substitute parts of the query with parameters and configure them easily before view execution.

Streams Selector

Want to search across multiple streams at once or quickly add another one? The whole result set is now always based on all streams that you select in the streams selector box.

Reports

Okay, this is a big one that you’ve been asking for! You can now get a “dashboard in your mailbox.” Automatically send out reports on log data for review or compliance, and we expect our intuitive GUI-based report builder to surpass your expectations.

GUI Builder

Reports are built using an intuitive GUI-based process. No complicated configuration language, and all the benefits of WYSIWYG.

Scheduled Delivery

Configure reports to be sent out at custom intervals. The report will be attached as a PDF to a customizable email.

Report History

See what's new

See when scheduled reports were sent out and who received them.

Manual Download

Download a current PDF report at any time with a click from the web interface.

Sidecar 2.0

Our popular Sidecar feature allows you to use the Graylog web interface to centrally manage nxlog or filebeat log collectors on your endpoints. The new version of Sidecar comes with tons of improvements, but most importantly, it allows you to manage any remote process. Want to manage sysmon or auditd remotely? No problem.

See what's new

Manage Any Collector

Deploy, configure, or restart any log collector. Collector configurations can be shared and imported using content packs.

New Configuration UI

The new configuration UI is text-based and much easier to use than the existing one. Apply different configurations easily, on all or only selected collectors and based on their type.

Improved Status Reporting

The sidecar process and the processes it manages are now reporting more status and error information to allow remote debugging and remediation from within the web interface and without ever logging in to the remote machine.