Graylog Review

Scales smoothly, but needs improvement in dashboards and parsing


How has it helped my organization?

It is used as a log manager/SIEM. It provides visibility into the infrastructure and security related events.

What is most valuable?

The most valuable part is an open source. The build is stable and requires little maintenance, even compared to some extremely expensive products.

What needs improvement?

There are places which could be improved:

  • Stream alerts
  • Dashboards
  • Parsing.

Some places were already improved in 2.4 with the threat intelligence add-on.

For how long have I used the solution?

Less than one year.

What do I think about the stability of the solution?

Over six months, I had two similar issues where searches were performed on field "messages". It exhausted all the memory of the ES node causing an ES crash and a Graylog halt.

What do I think about the scalability of the solution?

We have scaled from a single machine installation (a VM with a Graylog + ES + MongoDB) to (2 Graylog + 2 ES + 3 MongoDB). This was done smoothly with a minimal impact on logging.

How is customer service and technical support?

I have only used the community support (forum), but Graylog developers are quick to respond and assist with issues.

Which solutions did we use previously?

Splunk: The price was the factor for the switch.

How was the initial setup?

The initial setup is straightforward.

What about the implementation team?

Step-by-step installation walk-through is provided by the Graylog team.

What's my experience with pricing, setup cost, and licensing?

If you want something that works and do not have the money for Splunk or QRadar, take Graylog.

Which other solutions did I evaluate?

ELK was another option. However, Graylog appeared to be more robust and had less limitations at the time.

What other advice do I have?

Just go ahead with the product. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
1 Comment
Nick CVendor

FROM GRAYLOG: Thanks for the review of Graylog, We have recently released version 3.0 which fixes many of your improvement areas. We have release Views, which is a more interactive dashboard with parameters so you can create a workflow for your data, while visually seeing in the format you would like. Also, we are always expanding our Marketplace to have new content with parsing rules and pre-built content. Give 3.0 a try!

06 June 19
Guest
Sign Up with Email