Graylog Room for Improvement

Head of Infrastructure
I would like to see a date and time in the Graylog Grok patterns so that I can save time when searching for a log. I like how the streams and the search query work, but adding a date and time will allow me to pull out a log in a milli-second. View full review »
Senior Architect at a tech vendor with 51-200 employees
Elasticsearch recommendations for tuning could be better. Graylog doesn't have direct support for running the system inside of Kubernetes, so it can be challenging to fill in the gaps and set up containers in a way that is both performant and stable. We ran into problems with Elasticsearch throwing a circuit-breaking exception due to field data size being too large. It turned out that the heap size directly impacted this size in a high-throughput environment, causing unexplained instability in Graylog. We were able to troubleshoot on the Elasticsearch size, but we should have been able to reference some minimum requirements for Graylog to know that our settings weren't sufficient. Otherwise, the documentation is great and there are a lot of options for configuration. Since container orchestration systems are popular and Graylog fits the niche well, perhaps they could officially support running in docker containers on Kubernetes as a StatefulSet as a use case. That way, the declarative nature of Kubernetes config files would document their best-case deployment scenario. View full review »
John Paul Dienst
Technology Consultant
* Backup and restore functionally for migrating instances. * Dashboard and search analytics (i.e., more complex visualizations and the ability to execute custom Elasticsearch queries would be great). * More flexible alert conditions View full review »
Find out what your peers are saying about Graylog, Elastic, Splunk and others in Log Management. Updated: January 2020.
396,296 professionals have used our research since 2012.