Graylog Review

Enables us to set up streams and error/anomaly searches across hundreds of containers

What is our primary use case?

Use for log aggregation, alerting, and monitoring in a container environment

What is most valuable?

  • Searching errors
  • Alerting through Slack and OpsGenie using their plugins.

We run a containerized microservices environment. Being able to set up streams and search for errors and anomalies across hundreds of containers is why a log aggregation platform like Graylog is valuable to us. 

Allowing us to set up alerts and integrate with platforms we already use, such as Slack and OpsGenie to alert users of these errors proactively, is also a very useful feature. 

What needs improvement?

Elasticsearch recommendations for tuning could be better. Graylog doesn't have direct support for running the system inside of Kubernetes, so it can be challenging to fill in the gaps and set up containers in a way that is both performant and stable.

We ran into problems with Elasticsearch throwing a circuit-breaking exception due to field data size being too large. It turned out that the heap size directly impacted this size in a high-throughput environment, causing unexplained instability in Graylog. We were able to troubleshoot on the Elasticsearch size, but we should have been able to reference some minimum requirements for Graylog to know that our settings weren't sufficient.

Otherwise, the documentation is great and there are a lot of options for configuration. Since container orchestration systems are popular and Graylog fits the niche well, perhaps they could officially support running in docker containers on Kubernetes as a StatefulSet as a use case. That way, the declarative nature of Kubernetes config files would document their best-case deployment scenario.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

Yes, with Elasticsearch.

What do I think about the scalability of the solution?

No issues with scalability.

How are customer service and technical support?

Never used.

Which solution did I use previously and why did I switch?

Splunk, Logstash, and Elasticsearch.

How was the initial setup?

Set up in Kubernetes; not complex once the configuration is right.

What's my experience with pricing, setup cost, and licensing?

We use the free version.

Which other solutions did I evaluate?

Splunk, Logstash, and Elasticsearch.

What other advice do I have?

Make sure your Elasticsearch cluster is sized right, memory-wise.

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment