

Graylog2 v0.20.0 released - lennartkoopmann
http://graylog2.org/wow/such/0.20.0/

======
atmosx
By going through the page I understood:

* Graylog2 is probably version 2 of Graylog (fair enough) * It's a data analytics platform, where you can feed your syslog. * Has a REST interface

What I would like to understand but was not able to:

* Do they open source both client and server? * Is it only a server app with a web interface? * To they sell anything at all? (support, plans, etc)

~~~
lennartkoopmann
It's all open source, you can feed _any_ data, not only sylog and TORCH
([http://www.torch.sh](http://www.torch.sh)) is selling commercial services.

Also take a look at:
[http://support.torch.sh/help/kb/general/graylog2-architectur...](http://support.torch.sh/help/kb/general/graylog2-architecture-
high-level-overview)

The feedback here definitely helped us identify that we need to make our
websites more obvious about what Graylog2 is actually doing. Thanks!

------
Don_E
We are heavy users of both Graylog2 and Logstash and they both shine at
different things at the moment.

In an enterprise context with lots and lots of logs Graylog2 is making the
process of segregating access to certain logs very,very easy. It's interface
is a lot less "bling bling" than Kibana but much easier to use for a certain
type of users.

Logstash is still king for parsing logs into structured events (and we use it
a LOT - our current config file is ~2.5k lines) but we had issues with
stability and loosing messages (crashes due to character issues, etc).

The core of Graylog2 rocks - it's stable and very performant (we are pushing
30k+ msgs/s over a single node with room to spare) and the support we have
received from the Graylog2 team has been nothing but awesome.

I am confident that they will catch up with Kibana (in terms of
visualisations) very, very quickly.

------
cdelsolar
I have been unable to use Graylog for a long time now; if anyone can provide
any pointers I'd greatly appreciate it. No matter what installation method I
try, eventually my Graylog instance crashes, or Mongo crashes, or
Elasticsearch crashes, or my hard drive gets filled up with huge amounts of
error logs and the whole system grinds to a halt, etc etc etc. I am using an
Azure "large" instance and trying to log about 300 or so messages per second.
I make sure to only log enough messages so that old ones get thrown away
before the hard drive fills up, but it doesn't matter, it still crashes. It
also crashes if I add an external large drive and log to there, eventually I
will get an insanely large number of elasticsearch errors.

I eventually had to take it down because it keeps crashing but now I have no
error information. Any help would be greatly appreciated.

~~~
lennartkoopmann
Please contact the mailing list and we are happy to help. 300 msgs/sec is not
much and we should easily get that unter control. :)

------
btgeekboy
I started playing with this over the weekend. Great stuff.

Also, if you're on the fence about whether to use this or Kibana, they're
compatible with each other, so give them both a try. (Set up Graylog2, point
Kibana at G2's elasticsearch instance, profit.)

------
izzydata
I don't know if it is just my browser, but at the top of the page where it
says "everything we learned from users" the "d" in learned and the "f" in
users are on-top of eachother.

Sorry I don't have anything constructive to post.

~~~
lennartkoopmann
oh, what browser is that?

~~~
izzydata
Chrome on Fedora Linux. Here is a screenshot.
[https://dl.dropboxusercontent.com/u/58437091/Selection_016.p...](https://dl.dropboxusercontent.com/u/58437091/Selection_016.png)

~~~
lennartkoopmann
Thank you! I'll look into that.

------
tweiss
Great to see that there is (almost) always a great open source alternative to
expensive proprietary IP products! Splunk can become very expensive very
quickly if you have a lot of data, so this is great news. Wish they would have
shorter release cycles though...

~~~
lennartkoopmann
Thanks! :) Regarding the release cycles: We just released v0.20.1 - just a
week after v0.20.0.

It took us a while to build us this foundation but now we are constantly
releasing updates on top.

------
tomsthumb
It would be nice to know what Graylog actually is after reading the entire
linked page. It left a fluffy impression, but most (all) of the information
there is explaining nice things _about_ Graylog.

This seems suboptimal from a marketing perspective.

~~~
rossjudson
It has 2000 commits and a REST interface. Was there something else you needed
to know?

~~~
eeeeeeeeeeeee
That page seems to be targeted more at people who already know or have used
graylog in the past. If you go to the main website it's more clear and there
is a screencast.

------
hijinks
This has come a long way since I last used it around 3 or so years ago. I'm
looking forward to trying it now since it's re-done and ditched mongodb for
elasticsearch.

------
bdcravens
in the URL: "/wow/such/0.20.0/"

in one of the first screen shots: "wow such monitor"

I'm guessing that was just a test name for the purpose of the screenshot, or
so I hope.

However, speaking in general (and not just aiming it at this project), can we
please leave the cutesy little Doge talk out of documentation and marketing?
I'd say that's true of all "memes" in general. In theory anyone can look at a
project if it's useful, and believe it or not, not everyone spends enough time
on Reddit or 4Chan to have a clue about what a Doge or a Harlem Shake is.

tldr; such dogetalk. much child-like. so annoy. wow.

~~~
meritt
I'm ambivalent on this topic. The dogespeak in this particular announcement
made me chuckle and envisioned the team as people I'd personally get along
with. They're catering to like-minded individuals.

If I had opened an IBM-enterprise-blah wall of text, I'd probably have not
spent nearly as much time learning about their product.

~~~
bdcravens
I think the project is a great one whether you work in an enterprise or wear
thick plastic glasses and an ironic t-shirt from some startup no one has heard
of.

"catering to like-minded individuals": yes, people with logs they need to
analyze. That could be a 20 year-old with a MBA stickered up, or a 53 year old
analyst working inside of a Active Domain enterprise.

------
cstuder
Has anyone compared Kibana with Graylog 0.20 series recently?

My use case is (currently) more in exceptions catching than performance
monitoring. Judging from that screenshots alone, I would say that Graylog is a
better fit for me.

~~~
lennartkoopmann
Kibana is a great product for very dynamic analysis and is definitely still
better there than Graylog2. However, we hear from a lot of people that they
prefer Graylog2 for monitoring and searching.

Also Graylog2 has stuff like a user/role model, (authenticated) REST APIs and
generally a more integrated approach.

I suggest you give both a spin and decide. :) Both products are easy to setup.

~~~
ysleepy
No Kerberos auth via reverse Proxy. Nobody uses it in our team because its the
only app where they need to enter a password.

A shame since it should be very easy to implement similar to the REMOTE_USER
env in other langs, maybe via X-Authenticated header or something for play.

~~~
btgeekboy
There's an issue on GitHub for this; I've wanted it as well.

[https://github.com/Graylog2/graylog2-web-
interface/issues/56...](https://github.com/Graylog2/graylog2-web-
interface/issues/560)

------
xfalcox
Does this compare to logstash? I'm trying to decide what log aggregator use,
and I don't have much time to test both. BTW, I'm running SLES 11 SP 2.

------
e12e
Oh, this is great news. One more project off my never-ending todo-list (write
log aggregator backed by elastic search). Nice to see binary packages for
Debian too!

------
scotth
Is the graylog beast still the logo? I love that guy.

~~~
lennartkoopmann
Unfortunately not! It came with permission from theoatmeal but now that we
approach bigger things with Graylog2 we felt like we have to get an own logo.

You can still expect stuff like the famous Party Gorilla (aka "That drunk
sloth") though. ...and rumors are that he might come back in some way.

------
meritt
Never heard of Graylog and after some introductory reading, I'll be giving it
a spin today. Thanks!

------
kordless
Congratulations to you and the team Lennart. It looks awesome. Will try it
out!

------
reiz
Great news. Many Thanks for all the hard work.

