What I like about Graylog is that it's real-time and you have access to the raw data. So, you ingest it, and you have access to every message and every data item you ingest. You can then build analytics on top of that. You can look at the raw data, and you can do some volumetric estimations, such as how big traffic you have, how many messages of data of a type you have, etc.

Everything stands out as valuable, including the fact that I can quantify and qualify the logs, create pipelines and process the logs in any way I like, and create charts or data maps. One time, I created a geo map based on IP addresses accessing a website. The web server generates logs based on who's accessing the application, and we were able to extract the IPs from the logs and even create a chart on Graylog to map out exactly what countries the requests were coming from. Graylog is amazing. It's a beast.

One of the most valuable features is that you are able to do a very detailed search through the log messages in the overview. You are also able to attach a lot of details into your log messages. 

When it came to integrating the solution with Java, it was quite easy. My colleagues used Graylog for some dashboards to show how many bugs there were per day or the overall performance of the applications. For the developers it's not super important, but it was quite a good way for the project manager to see that everything was all right.

The best feature of Graylog is the Elasticsearch integration. We can integrate and we can run filters, such as an event of interest, and those logs we can send to any SIEM tool or as an analytic. Additionally, there are clear and well-documented implementation instructions on their website to follow if needed.

• Searching errors
• Alerting through Slack and OpsGenie using their plugins.

We run a containerized microservices environment. Being able to set up streams and search for errors and anomalies across hundreds of containers is why a log aggregation platform like Graylog is valuable to us. 

Allowing us to set up alerts and integrate with platforms we already use, such as Slack and OpsGenie to alert users of these errors proactively, is also a very useful feature. 

The solution's most valuable feature is its new interface. It enhances our cluster's performance as well.

Graylog's search functionality, alerting functionality, user management, and dashboards are useful. They also provide an easy way to create dashboards, and the interface is also quite easy to use.

The ability to write custom alerts is key to information security and compliance. Also, I love the improvements I can make on dashboard widgets. 

Real-time UDP/GELF logging and full text-based searching. Since UDP is a stateless, connectionless protocol, it simplifies error handling for the log sender/producer in the event that Graylog is not available. UDP is also a fast and lightweight protocol, perfect for sending large volumes of logs with minimal overhead. Storing logs in Elasticsearch means log retrieval is extremely fast, and full text search is available by default. Additionally, Graylog has support via plugins for Slack-based alerts. These have been wonderful for notifying us when exceptional log messages are encountered.

What I like most about this solution, is that it caches the log. I also like it's filtration because we have various layers of data that needs to be captured - from flat filing to Windows servers, Linux-based servers and the like. I like the diversity and the number of environments it can cover, including the switches.

We are using only a few parts of its functionality. Its most valuable functions for us are:

• Log collection
• Quick string search in central storage
• Message forwarding through the in-built module
• Message filters. 

We need all these function to fulfill law requirements for cyber security.

I like the correlation and the alerting. If I have multiple monitoring systems and I alert Graylog, Graylog will collect them and analyze them, and issue one alert.

We are only approximately four months into production and have not explored all of the features this solution offers. So far, it has everything we wanted.

• Logging aggregation and querying. We have multiple applications, therefore it is no longer feasible to check logs from our file system per each application.
• When adopting microservices architecture, centralized logging is a must have.

The most valuable part is an open source. The build is stable and requires little maintenance, even compared to some extremely expensive products.

The Stream Alert feature is a highlight of this. As for similar products, there are separate integrations, but Graylog ships this with the build.

I like the simplicity of the solution, the fact that it's open source and user friendly.

We're using the Community edition, but I know that it has really good dashboarding and alerts.