The Graylog Blog


Monitoring Logs for Insider Threats During Turbulent Times

March 24, 2021

In these turbulent times, IT teams leverage centralized log management solutions for making decisions. As the challenges change, the way you’re monitoring logs for insider threats needs to change, too. 

Using Pipelines for Windows Log Processing

June 23, 2020

Use Graylog pipelines to enrich your logs and make them easier to read.

What to Do When You Have 1000+ Fields?

June 16, 2020

When you have 1000+ fields, Graylog can collect all the logs and have them ready for you to search through in one place.

What is IT Operations Analytics (ITOA)?

August 29, 2019

IT Operations Analytics (ITOA) is a vital asset to extract those valuable insights buried in piles of highly articulated data, and a powerful asset to sift through all the complexities of the Big Data.

Keeping Graylog Secure

June 15, 2019

After you are up and running on Graylog, there are a few different areas where you can limit the attack surface. This a plan which includes best practices. CIA Triad has published some industry best practices which is a good starting framework.

An Introduction to Graylog Aggregation Charts

February 21, 2019

Aggregation charts are a great way to visualize your data to find anomalous behavior in your organization. By summarizing your data into simple visual depictions, you can easily spot out anything that’s out of place.

Log File Parsing

January 17, 2019

Learn the difference between structured and unstructured logs, the basics of the JSON log format, what kind of information you can get when you parse log files, and which tools and utilities to use to perform log file parsing.

How Graylog’s Advanced Functionalities Help You Make Sense of All Your Data

January 9, 2019

Graylog's advanced functionality and fully scalable model allow you to avoid picking only the most necessary and vital data to collect and analyze.

Large-Scale Log Management Deployment with Graylog: A User Perspective

July 9, 2018

See how a user in a large-scale cloud environment implemented Graylog to centralize log data from multiple data centers exceeding 1 TB/day.

Trend Analysis with Graylog

June 15, 2018

Trend analysis provides rich information and yields insights into the operational and security health of your network that are otherwise difficult to discern. Learn how to use Graylog to perform the types of trend analysis discussed previously.

Using Trend Analysis for Better Insights

June 4, 2018

A centralized repository of logs generated by your devices and applications stores a wealth of data. Trend analysis of that data gives you rich insight into activity in your environment.

Using a Hot/Warm Elasticsearch Cluster

August 3, 2017

Starting with Graylog v2.3, we've added support for Elasticsearch 5. As you may know, Elasticsearch 5 allows the use of the hot/warm cluster architecture. What is the hot/warm cluster architecture and why is it important to Graylog?

Introducing Graylog Labs

March 31, 2017

We want to introduce you to [Graylog Labs] (, a new Github organization created by the core team at Graylog! Graylog Labs will be the home for all repositories that are not production ready for Graylog.

Monitoring Graylog - Host Metrics that you should Monitor Regularly

February 9, 2017

Once you have Graylog fully up and running, it’s best to implement a plan for monitoring your system to make sure everything is operating correctly. Graylog already provides various ways to access internal metrics, but we are often asked what to monitor.

Growing From Single Server to Graylog Cluster

November 1, 2016

In our second Back to Basics post, we'll walk through the process of scaling your environment from one Graylog server to a Graylog cluster.

Connecting Sidecar and Processing Pipelines Using Graylog

October 13, 2016

We would like to introduce a new series from our blog that takes you back to the basics of Graylog. Written by your Graylog engineers, these installments will be a deep dive into the main components of our platform.

Writing your own Graylog Processing Pipeline functions

September 20, 2016

In this post, we will go through creating your own processing pipeline function. Some Java experience will be helpful, but not necessary. We will be taking it step-by-step from understanding a pipeline, to implementing and installing your function.

Visualize and Correlate IDS Alerts with Open Source Tools

August 10, 2016

We will walk through integrating the IDS tool, Snort, with Graylog in order to detect and analyze suspicious activity. We will then provide examples of correlating IDS alerts with both network connection and operating system logs using Graylog.

New Slack output feature: Short mode

February 22, 2016

The newest version of our popular Slack plugin comes with a new feature for the message output module: The short mode writes messages with as little overhead as possible. This is great for high frequency streams writing into Slack.

Troubleshoot Slow MongoDB Queries In Minutes With Graylog

November 12, 2015

Database application performance troubleshooting can be time consuming and frustrating. The good news is that many of these issues can be identified and resolved using the information stored in log data.

Slack Plug-in v2.0: Forward Stream Messages to Slack

November 11, 2015

We just released v2.0 of our popular Slack plugin. It has several changes, improvements and also a completely new message output module that allows you to forward messages that are routed into a stream to a Slack room in real-time.

Introducing Graylog Collector - The Comprehensive Log Collection Tool For Graylog

August 19, 2015

We started the Graylog project envisioning an end-to-end, purpose built log management solution. Over the last few years, we’ve been focused on fulfilling this mission of delivering the world’s best open source log management platform.

Centralized Docker Container Logging With Native Graylog Integration

August 3, 2015

Log collection from Docker containers has been difficult because containers do not persist for a long time, and don’t leave a reliable info history. As a result, tasks that rely on log data have become more difficult.

Tips & Tricks #1: How to Quickly Debug Your Stream Rules With One Click

July 21, 2015

In the first blog post of our new Tips & Tricks series, I want to show you a quick way to debug your stream rules to test whether your targeted messages will accurately be matched by a Graylog (

New OS package repositories for Debian 8 and CentOS 7

July 16, 2015

We now offer operating system packages tailored for Debian 8 and CentOS 7 including *systemd* support. Please see our updated documentation for details.

Ready to get started?

Get Graylog