Graylog Enterprise is a centralized log management (CLM) solution designed to harness the vast amounts of log data generated by your IT infrastructure. However, just collecting data is not enough. Enterprise provides the tools you need to work with disparate logs in one place so you can identify, troubleshoot, and resolve issues—and get value out of your data.

Graylog Enterprise provides all the features of Graylog Open plus additional advanced features essential for managing complex IT infrastructures. While some of the Enterprise capabilities add functionality to existing Open features, others are available exclusively in Enterprise.

See below for a list of specific areas and features where Graylog Enterprise helps you meet the challenges of enterprise log management along with providing enhanced security and compliance. A valid Enterprise license is required to access the features included in this list.

Advanced Search Capabilities

Graylog Enterprise extends the core search capabilities from Open with powerful functionality to improve search results as well as meaningful methods for presenting your data.

  • Correlation engine: This feature allows you to analyze complex sequences of events to identify meaningful incidents. Use the correlation engine to define alerts that trigger based on information from different sources. You can also use time-based alerts for information that is received—or not received—within the specified range of an initial event.

  • Search and dashboard parameters: Parameters allow you to define complex, reusable queries based on placeholder values. The parameter value can be set each time based on context or the results of other queries. Parameters can be inserted wherever you build queries, including saved searches and dashboard widgets.

  • Search filters: This feature lets you reuse query snippets to refine your search results. When you have properties that you frequently need to either include or exclude from queries, you can create a search filter, which makes those properties easy to filter across different searches.

Effective Collaboration

Graylog Enterprise includes the features you need for effective team collaboration in large or distributed environments while using the same data sets.

  • User authentication: User access can be controlled by your existing environment’s Active Directory/LDAP or OIDC authentication, which extends to include team or group management capabilities.

  • Teams management: Graylog includes robust permissions management, which allows you to institute role-based access control (RBAC) for your Graylog environment. Enterprise adds teams creation and management, which you can integrate with your existing LDAP or Active Directory to manage the same users and teams across your organization.

  • Reporting: Graylog Enterprise provides a configurable reporting feature that lets you send relevant dashboard widgets in customizable layouts, either on demand or on a schedule to your chosen recipients.

Integration

Graylog Enterprise provides the tools you need to ensure seamless compatibility with cloud services, applications, and other enterprise solutions for information gathering and alerting across your IT infrastructure.

  • Inputs: Graylog accepts log messages in many formats through the use of inputs. Enterprise adds inputs that support integration with cloud solutions such as Office 365, Google Cloud Platform (GCP), and Amazon Web Services (AWS), and common enterprise applications such as Okta, Palo Alto Networks, Salesforce, and many others.

  • Illuminate: Illuminate provides seamless integration with many common tools, such as authentication services and endpoints, web services, cloud services, and on-premises applications. Illuminate content packs provide pipelines, parsing rules, lookup tables, and more to help enrich and normalize your log data from a wide array of sources.

  • Outputs: The Enterprise Output Framework enables data forwarding from Graylog clusters to external systems through a variety of network transport methods and payload formats. With Enterprise, you can output based on Google Cloud BigQuery, TCP Raw/Plaintext, and TCP Syslog, as well as STDOUT.

  • Notifications: Graylog Enterprise extends the alert notification options so that you can trigger alerts through a Slack channel, a Discord channel, or a Microsoft Teams channel, or create new incidents in PagerDuty. You can also configure a custom script to be executed when an alert is triggered.

Scalability and Flexibility

Graylog Enterprise includes features to help with growing data volumes and expanding IT environments, ensuring consistent and effective log management as well as operational security and compliance.

  • Archiving: Graylog allows you to archive inactive data to help lower storage costs and maximize retention. The archive stores your data in a long-term retention location, which can be configured on local or removable media. The archiving feature allows most users to meet compliance regulations for data retention.

  • Forwarder: The Graylog Forwarder is a standalone agent that continuously streams data to the destination, which can be a Graylog Cloud or an on-premises Graylog server cluster. The specialized Cluster-to-Cluster Forwarder forwards messages from one Graylog cluster to another over HTTP/2, logging messages from multiple distributed Graylog source clusters into one centralized destination cluster, enabling centralized alerting, reporting, and oversight.

  • User audit logs: The audit log tracks changes made to the Graylog system by users, records all state changes into the database, and makes it possible to search and filter audit log entries, then export results as either JSON or plan text.

Available in a self-managed or cloud experience, Graylog Enterprise offers a powerful, flexible, and seamless CLM. See the Graylog Enterprise page for even more details.