Graylog Operations is built on the Graylog platform for IT, Network, and DevOps professionals. Available in a self-managed or cloud experience, Graylog Operations offers a powerful, flexible, and seamless centralized log management experience.

The following list details the features Operations installation adds to Graylog. A valid operations license is required to access the features included in this list.

• Archiving
  • Stores your data in a long-term retention location for an infinite period of time and can be local or removable media. The archiving feature allows most users to meet compliance regulations around data retention.
• Audit log
  • Keeps a record of changes done in-product by all users.
• Reporting
  • Places current dashboard widgets into a scheduled report that can be delivered to your inbox.
• Search extensions
  • Parameter support - Search extensions serve as placeholders in the query and ask users for values to put into queries to eliminate the need to copy and paste queries themselves.
• Alerting extensions
  • Event Correlation
  • Dynamic Lists - Looks up values in lookup tables and uses the results in the alert query field within the correlation rule. This feature is based on search parameters.
  • Cluster-Wide Scheduler - Open Source runs alerts on a single node. Operations runs alerts on all Graylog nodes, increasing capacity.
  • Script Notification - Allows a custom native program to run in response to a generated alert, simplifying the integration of third-party systems.
• MongoDB Lookup Table
  • Collects settings values from pipelines and other sources to maintain a list of suspicious IP addresses for Dynamic Lists.
• Forwarding
  • Forwards specific data streams to remote locations with journaling support in case of outages. Cluster-to-cluster forwarder output requires two fully functioning Graylog clusters.
• Indexing and Processing Failures
  • A feature that allows you to log and receive notifications of indexing and processing failures that occur in log data.
• Output Framework
  • A plugable solution that forwards events from Graylog to any other system. Output Framework includes advanced options to manipulate the events before handover and format them as a Syslog message, JSON, and any other formart.
• Inputs
  • Okta Events Input - Move Okta events into Graylog.
  • O365 Events Input - Move O365 events into Graylog.

Please see the Graylog Operations page for more details.