Get in Log Data

Efficiently ingesting log data into Graylog is the first step in building a centralized, actionable observability and security platform. Graylog offers several flexible methods for collecting and forwarding log data from diverse sources across cloud, on-premises, and hybrid environments. Choosing the right method ensures you can scale your ingestion, maintain data quality, and optimize your environment for real-time analysis.

Inputs

Inputs are the primary way Graylog receives data directly from external sources. Each input type listens for specific protocols or formats—such as Syslog, Beats, GELF, or HTTP—and accepts incoming log data into the Graylog server. Inputs are configurable for each node or globally across the cluster, allowing users to tailor ingestion settings such as port numbers, authentication, and parsing options. Using inputs is ideal when applications or network devices are capable of sending logs natively to Graylog.

Graylog Illuminate

Graylog Illuminate is available for use with Graylog Enterprise and Graylog Security. Contact sales to learn more about obtaining Graylog Illuminate.

Graylog Illuminate enhances log analysis by providing prebuilt packs that include parsing rules, dashboards, alerts, and more all tailored for common log sources. Illuminate helps users accelerate log processing and gain actionable insights without extensive manual configuration.

Sidecar

Graylog Sidecar acts as a centralized management system for log shipper agents such as Filebeat, Winlogbeat, and NXLog. It provides a seamless way to deploy, configure, and monitor log shippers across multiple servers or endpoints without needing to manage each individually. Sidecar ensures consistent log collection practices across environments, simplifies configuration changes, and reduces operational overhead when handling large fleets of systems.

Forwarder

Graylog Forwarder is designed to securely collect and forward logs from distributed or remote environments back to your central Graylog cluster. The Forwarder handles log transport efficiently, providing encryption, buffering, and queuing capabilities to ensure reliable data delivery even in low-bandwidth or high-latency scenarios.