What is Graylog Cloud?

Graylog Cloud is the simplest way to gain all the benefits of Graylog's logging platform without the need to self host and maintain your Graylog infrastructure. With Graylog Cloud, there are no Graylog servers to provision, secure, or manage yourself.

Once you have purchased a license, our Cloud team will make necessary provisions for your cloud instance and provide you with secure login credentials. You can then log in to your cloud instance and begin collecting and analyzing your log data.

Prerequisites

How Does Graylog Cloud Compare to a Self-Managed Instance?

Feature Self-Managed Cloud Comparison
Pre-Installed Illuminate Content No Yes

Graylog Cloud provides pre-installed Illuminate content. Cloud customers can choose which packs to activate.

Single-Sign-On (SSO) using SAML No

Yes

SAML can be used to authenticate with any existing identity provider supporting this protocol, e.g. Azure AD.

SAML can be set up by our Cloud team on a per-request basis.

LDAP Integration

Yes

No

Graylog Cloud does not support a direct integration with LDAP or Active Directory (AD). But SAML can be used with any existing identity provider supporting this protocol, e.g. Azure AD.

SAML can be set up by our Cloud team on a per request basis.

LDAP Groups Integration

Yes

No

As noted above, Graylog Cloud currently does not allow direct integration with LDAP, but we do offer SAML support. Our initial support for SAML will focus on SSO, not team sync.
Okta Authentication Support and Teams Sync

Yes

No

In Cloud, Okta can be configured as an identity provider using SAML. Our initial support for SAML will focus on SSO, not team sync.
Generic OIDC Authentication Support

Yes

No

For now, Graylog Cloud will focus on allowing SSO using SAML.
Notifications - Script Notification

Yes

No

We currently don’t provide access to the server file system in Cloud, so you cannot upload custom scripts to execute. The workaround is to host the script elsewhere and call it using a notification.
90-Day Live Storage

No

Yes

In self-managed environments, you are responsible for provisioning enough storage capacity to allow any desired data retention. In Cloud, we provision enough storage capacity to allow a retention of up to 90 days based on the contract’s daily ingest volume and monitor utilization to escalate in case of overuse.
24x7 Ops Support

No

Yes

This is one of the most significant advantages of utilizing a hosted cloud solution.
1 Year of Archived Data

No

Yes

In Cloud, we provide 1 year of Archived Data at no extra costs. These archives can be restored.Upon request we can change the configuration to store archives in a custom S3 bucket that you provide.
GeoIP Support Using IPinfo

No

Yes

In self-managed environments, you are responsible for obtaining a license and provisioning MaxMind or IPinfo files on all Graylog servers. In Graylog Cloud we provide IPinfo database files at no extra cost.
Inputs

Yes

No

Data ingest on Cloud is conducted either via the Forwarder or via specific pull-based inputs. (Since extractors are configured as part of direct inputs, Pipelines should be used instead.)
Outputs

Yes

No

The Output Framework currently is not supported in Cloud.
Managed SMTP Setup

No

Yes

In self-managed environments, you are responsible for configuring a working SMTP server to let Graylog send emails. In Cloud, this configuration is part of the included service.
Access to Server Log Files

Yes

No

In Cloud, you do not have access to the file systems of the Graylog, Data Node, or MongoDB servers.
SSH Access to Server Nodes

Yes

No

In Cloud, you do not have SSH access to any server nodes (Graylog, Data Node, MongoDB). You cannot log in to those nodes to execute commands, nor put custom files there. There is also no customer access to the MongoDB shell.
Flexible Index Rotation Settings

Yes

No

In Cloud, we limit the maximum rotation time of an index to 24h.
Access to All System Pages

Yes

No

In Cloud, a few pages in the System menu are hidden, as the related features are not supported or exposed:

  • Nodes
  • Inputs are managed using the Forwarder
  • Outputs
  • Logging
  • Authentication
  • Collectors (legacy)
Configurable Timeouts for Search Queries

Yes

No

In Cloud, the idle timeout for queries to your search backend is set to 300 seconds (and can not be increased). You receive errors on queries that need longer time to respond. The recommendation is to reduce the amount of data that is being queried, for example, by using a shorter time range.

In self-managed environments, you can set custom timeout values.

Custom Plugins

Yes

No

In Cloud, we cannot support 3rd party plugins for security reasons. Many of the available plugins (e.g. on the Graylog Marketplace) were written for old Graylog versions and use deprecated APIs.

If there is a strong demand for a specific integration or content, customers can reach out to their Customer Success agent and our Content and Integration team may be able to build official support for it.

Getting Started

After receiving your Graylog Cloud account credentials, it is recommended that you take a moment to review the most essential components that support your Graylog instance.

Forwarder

The Graylog Forwarder is what allows you to send log data into Graylog. Refer to the Graylog documentation that provides detailed instructions for installing and setting up the Forwarder.

Sidecar

You also have the option to use the Graylog Sidecar to manage different log collectors.

The Sidecar is a lightweight program that runs on your servers and collects log data from various sources. It then forwards this data to Graylog for processing. Refer to Graylog documentation for Sidecar configuration in the Cloud.

Streams

Now you have log data flowing into your Graylog Cloud instance. The next step is to create Graylog streams.

Graylog streams are powerful rules that can route, filter, and alert on log data based on your defined criteria. To learn more refer to the Graylog documentation on creating streams.