Still using Graylog Open? Without advanced threat detection, automation, and compliance tools, your team is working harder than they need to. Upgrade now and experience the difference.
When Open Source Isn’t Enough Anymore
Graylog Enterprise and Graylog Security build on what you love with added automation, deeper visibility, and streamlined efficiency — all without losing flexibility or control.
The Trade-Off: Dropping data to cut costs risks missing something critical.
With Graylog Subscription: Keep all your logs — not just the ones you can afford to store. Route processed lower-priority data to a built-in data lake that doesn’t count toward your license. Use Data-Lake-Preview to search standby data before bringing it into active storage. Restore only what you need with selective retrieval, and gain full visibility without second-guessing what you dropped.
The Trade-Off: More alerts often means more noise, not more insight.
With Graylog Subscription: Cut through the noise with smarter correlation and risk-based prioritization. Adversary Campaign Intelligence connects related alerts, surfaces high-risk behavior, and factors in asset value and recent vulnerabilities to calculate threat severity. And with Graylog Illuminate, you get ready-to-use parsers, dashboards, alerts, and detection rules for dozens of the most common IT and cybersecurity platforms — all curated and maintained by Graylog experts.
The Trade-Off: Deep investigations delay response — or get skipped entirely.
With Graylog Subscription: Pivot from alert to action in seconds. Timeline views, case management, and easy evidence capture help analysts move faster — without missing context. Investigate once. Generate full investigation reports instantly with our AI-assisted writer. Move on.
The Trade-Off: Compliance eats up time with scripts and spreadsheets.
With Graylog Subscription: Meet regulatory requirements without the busywork. Role-based access control, audit logging, and automated compliance reports simplify enforcement, reduce risk, and free your team from manual processes.
The Trade-Off: Stay stuck on an outdated setup, or risk breaking what works by upgrading alone.
With Graylog Subscription: Our onboarding isn’t one-size-fits-all. For existing Open users, we offer expert-led architecture reviews, deployment tuning, and best-practice guidance tailored to your current setup. You’ll streamline ingestion, boost performance, and get more value from what you’ve already built — faster.
The Trade-Off: Running an unsupported open source tool in production can put your team — and your compliance posture — at risk.
With Graylog Subscription: Paid subscriptions include 24/5 enterprise support with access to product experts who can help you resolve critical issues fast. You’ll also gain access to on-demand training through Graylog Academy, with the option to purchase live sessions, customized training, or a Technical Account Manager (TAM) for ongoing strategic guidance. Need deeper help? Professional services are also available to support complex use cases and accelerate results.
*Graylog Open only supports a very limited number of Parsers and Spotlights. Graylog Open users must first upgrade their 6.1+ instance to include the Enterprise plug-in before being able to install the Illuminate Content Hub.
Feature |
Graylog Open |
Graylog Enterprise |
Graylog Security |
|---|---|---|---|
|
|
|
|
|
|
Support for Syslog, CEF, GELF, BEATS, HTTP-JSON, IPFIX, Netflow, Plain Text |
✓ |
✓ |
✓ |
|
Log Collection & Fleet Management |
✓ |
✓ |
✓ |
|
Index Field Type Profiles |
✓ |
✓ |
✓ |
|
Pipelines & Streams |
✓ |
✓ |
✓ |
|
Data Normalization |
✓ |
✓ |
✓ |
|
|
|
|
|
|
Visualization Widgets |
✓ |
✓ |
✓ |
|
Save To Dashboard |
✓ |
✓ |
✓ |
|
Guided Search |
✓ |
✓ |
✓ |
|
Save & Share |
✓ |
✓ |
✓ |
|
Filters |
× |
✓ |
✓ |
|
Parameters |
× |
✓ |
✓ |
|
|
|
|
|
|
Customizable Data Visualization Widgets |
✓ |
✓ |
✓ |
|
Save & Share |
✓ |
✓ |
✓ |
|
Right-click Graylog & Custom Saved Searches |
× |
✓ |
✓ |
|
Scheduled E-mail Reports |
× |
✓ |
✓ |
|
Custom Reports |
× |
✓ |
✓ |
|
|
|
|
|
|
REST API |
✓ |
✓ |
✓ |
|
Content Pack Import/Export |
✓ |
✓ |
✓ |
|
TCP Raw & TCP Syslog Outputs |
✓ |
✓ |
✓ |
|
Direct Ingest |
Basic |
Advanced |
Advanced |
|
Direct Output |
GELF Output |
GELF, STDOUT-Enterprise, Google Cloud Big Query |
GELF, STDOUT-Enterprise, Google Cloud Big Query |
|
Graylog Schema |
Manual |
Illuminate |
Illuminate |
|
Input Wizard |
× |
✓ |
✓ |
|
Illuminate Content Hub |
× |
✓ |
✓ |
|
Illuminate Content |
Basic Parsers |
Ops Content |
All Content |
|
|
|
|
|
|
Data Enrichment Connectors |
✓ |
✓ |
✓ |
|
Support for IPinfo, MaxMind GeoIP Integration |
✓ |
✓ |
✓ |
|
IPinfo GeoIP Data |
× |
Cloud |
Cloud |
|
Lookup Tables |
Static |
Dynamic |
Dynamic |
|
Asset Data |
× |
× |
✓ |
Feature |
Graylog Open |
Graylog Enterprise |
Graylog Security |
|---|---|---|---|
|
|
|
|
|
|
Support for Syslog, CEF, GELF, BEATS, HTTP-JSON, IPFIX, Netflow, Plain Text |
✓ |
✓ |
✓ |
|
Log Collection & Fleet Management |
✓ |
✓ |
✓ |
|
Index Field Type Profiles |
✓ |
✓ |
✓ |
|
Pipelines & Streams |
✓ |
✓ |
✓ |
|
Data Normalization |
✓ |
✓ |
✓ |
|
|
|
|
|
|
Visualization Widgets |
✓ |
✓ |
✓ |
|
Save To Dashboard |
✓ |
✓ |
✓ |
|
Guided Search |
✓ |
✓ |
✓ |
|
Save & Share |
✓ |
✓ |
✓ |
|
Filters |
× |
✓ |
✓ |
|
Parameters |
× |
✓ |
✓ |
|
|
|
|
|
|
Customizable Data Visualization Widgets |
✓ |
✓ |
✓ |
|
Save & Share |
✓ |
✓ |
✓ |
|
Right-click Graylog & Custom Saved Searches |
× |
✓ |
✓ |
|
Scheduled E-mail Reports |
× |
✓ |
✓ |
|
Custom Reports |
× |
✓ |
✓ |
|
|
|
|
|
|
REST API |
✓ |
✓ |
✓ |
|
Content Pack Import/Export |
✓ |
✓ |
✓ |
|
TCP Raw & TCP Syslog Outputs |
✓ |
✓ |
✓ |
|
Direct Ingest |
Basic |
Advanced |
Advanced |
|
Direct Output |
GELF Output |
GELF, STDOUT-Enterprise, Google Cloud Big Query |
GELF, STDOUT-Enterprise, Google Cloud Big Query |
|
Graylog Schema |
Manual |
Illuminate |
Illuminate |
|
Input Wizard |
× |
✓ |
✓ |
|
Illuminate Content Hub |
× |
✓ |
✓ |
|
Illuminate Content |
Basic Parsers |
Ops Content |
All Content |
|
|
|
|
|
|
Data Enrichment Connectors |
✓ |
✓ |
✓ |
|
Support for IPinfo, MaxMind GeoIP Integration |
✓ |
✓ |
✓ |
|
IPinfo GeoIP Data |
× |
Cloud |
Cloud |
|
Lookup Tables |
Static |
Dynamic |
Dynamic |
|
Asset Data |
× |
× |
✓ |
Feature |
Graylog Open |
Graylog Enterprise |
Graylog Security |
|---|---|---|---|
|
|
|
|
|
|
Basic Triggers & Aggregations |
✓ |
✓ |
✓ |
|
Alerting |
✓ |
✓ |
✓ |
|
Notifications |
Basic |
Advanced |
Advanced |
|
Automated Script Triggers |
× |
✓ |
✓ |
|
Correlation Engine |
× |
✓ |
✓ |
|
Sigma Rules |
× |
× |
✓ |
|
MITRE ATT&CK Framework |
× |
× |
✓ |
|
|
|
|
|
|
User Activity |
× |
× |
✓ |
|
Suspicious Data Movement |
× |
× |
✓ |
|
File & System Integrity |
× |
× |
✓ |
|
Network / Perimeter Threats |
× |
× |
✓ |
|
Custom Detectors |
× |
× |
✓ |
|
|
|
|
|
|
Evidence Collection |
× |
× |
✓ |
|
AI Report Generation |
× |
× |
✓ |
|
Investigation Timeline Visualization |
× |
× |
✓ |
|
Investigations Analytics |
× |
× |
✓ |
|
|
|
|
|
|
Automation |
× |
× |
✓ |
|
Guided Response |
× |
× |
✓ |
|
|
× |
× |
✓ |
|
3rd Party SOAR, Ticketing Integration (custom add-on) |
× |
× |
✓ |
Feature |
Graylog Open |
Graylog Enterprise |
Graylog Security |
|---|---|---|---|
|
|
|
|
|
|
Basic Triggers & Aggregations |
✓ |
✓ |
✓ |
|
Alerting |
✓ |
✓ |
✓ |
|
Notifications |
Basic |
Advanced |
Advanced |
|
Automated Script Triggers |
× |
✓ |
✓ |
|
Correlation Engine |
× |
✓ |
✓ |
|
Sigma Rules |
× |
× |
✓ |
|
MITRE ATT&CK Framework |
× |
× |
✓ |
|
|
|
|
|
|
User Activity |
× |
× |
✓ |
|
Suspicious Data Movement |
× |
× |
✓ |
|
File & System Integrity |
× |
× |
✓ |
|
Network / Perimeter Threats |
× |
× |
✓ |
|
Custom Detectors |
× |
× |
✓ |
|
|
|
|
|
|
Evidence Collection |
× |
× |
✓ |
|
AI Report Generation |
× |
× |
✓ |
|
Investigation Timeline Visualization |
× |
× |
✓ |
|
Investigations Analytics |
× |
× |
✓ |
|
|
|
|
|
|
Automation |
× |
× |
✓ |
|
Guided Response |
× |
× |
✓ |
|
|
× |
× |
✓ |
|
3rd Party SOAR, Ticketing Integration (custom add-on) |
× |
× |
✓ |
Feature |
Graylog Open |
Graylog Enterprise |
Graylog Security |
|---|---|---|---|
|
|
|
|
|
|
Asset-based Risk Scoring |
× |
× |
✓ |
|
Events & Alerts Risk Scoring |
× |
× |
✓ |
|
Adversary Campaign Intelligence |
× |
× |
✓ |
|
Field Action Menus with Threat Intel Lookups and Watchlists |
× |
× |
✓ |
|
Threat Coverage Analyzer |
× |
× |
✓ |
|
Threat Coverage Visualization |
× |
× |
✓ |
|
Vulnerability Scan Ingest |
× |
× |
✓ |
|
|
|
|
|
|
Compliance Reports |
× |
✓ |
✓ |
|
|
|
|
|
|
Role-based |
Internal |
AD/LDAP |
AD/LDAP |
|
Teams Management |
× |
✓ |
✓ |
|
OIDC, OKTA, Auth0, AzureAD, Google, Keycloak, PingIdentity, OneLogin Support |
× |
✓ |
✓ |
|
Graylog User Audit Logs |
× |
✓ |
✓ |
Feature |
Graylog Open |
Graylog Enterprise |
Graylog Security |
|---|---|---|---|
|
|
|
|
|
|
Asset-based Risk Scoring |
× |
× |
✓ |
|
Events & Alerts Risk Scoring |
× |
× |
✓ |
|
Adversary Campaign Intelligence |
× |
× |
✓ |
|
Field Action Menus with Threat Intel Lookups and Watchlists |
× |
× |
✓ |
|
Threat Coverage Analyzer |
× |
× |
✓ |
|
Threat Coverage Visualization |
× |
× |
✓ |
|
Vulnerability Scan Ingest |
× |
× |
✓ |
|
|
|
|
|
|
Compliance Reports |
× |
✓ |
✓ |
|
|
|
|
|
|
Role-based |
Internal |
AD/LDAP |
AD/LDAP |
|
Teams Management |
× |
✓ |
✓ |
|
OIDC, OKTA, Auth0, AzureAD, Google, Keycloak, PingIdentity, OneLogin Support |
× |
✓ |
✓ |
|
Graylog User Audit Logs |
× |
✓ |
✓ |
Feature |
Graylog Open |
Graylog Enterprise |
Graylog Security |
|---|---|---|---|
|
|
|
|
|
|
Multi-Cluster |
✓ |
✓ |
✓ |
|
Enterprise Forwarder |
× |
✓ |
✓ |
|
Cluster-to-Cluster Forwarder |
× |
✓ |
✓ |
|
Cloud Forwarder |
× |
✓ |
✓ |
|
Data Node |
× |
✓ |
✓ |
|
|
|
|
|
|
Data Pipeline Management / Data Routing |
× |
✓ |
✓ |
|
Data Lake |
× |
✓ |
✓ |
|
Data Lake Preview |
× |
✓ |
✓ |
|
Selective Retrieval |
× |
✓ |
✓ |
|
Data Tiering - Hot, Warm, Archive |
× |
✓ |
✓ |
|
Searchable Snapshots |
× |
✓ |
✓ |
Feature |
Graylog Open |
Graylog Enterprise |
Graylog Security |
|---|---|---|---|
|
|
|
|
|
|
Multi-Cluster |
✓ |
✓ |
✓ |
|
Enterprise Forwarder |
× |
✓ |
✓ |
|
Cluster-to-Cluster Forwarder |
× |
✓ |
✓ |
|
Cloud Forwarder |
× |
✓ |
✓ |
|
Data Node |
× |
✓ |
✓ |
|
|
|
|
|
|
Data Pipeline Management / Data Routing |
× |
✓ |
✓ |
|
Data Lake |
× |
✓ |
✓ |
|
Data Lake Preview |
× |
✓ |
✓ |
|
Selective Retrieval |
× |
✓ |
✓ |
|
Data Tiering - Hot, Warm, Archive |
× |
✓ |
✓ |
|
Searchable Snapshots |
× |
✓ |
✓ |
Feature |
Graylog Open |
Graylog Enterprise |
Graylog Security |
|---|---|---|---|
|
Documentation |
✓ |
✓ |
✓ |
|
Graylog Academy |
✓ |
✓ |
✓ |
|
Graylog Community |
✓ |
✓ |
✓ |
|
Onboarding & Architecture Review Services |
× |
✓ |
✓ |
|
TAM Services (optional add-on) |
× |
✓ |
✓ |
|
Access To Professional Services (SOW required) |
× |
✓ |
✓ |
|
24x5 Global Technical Support
|
× |
✓ |
✓ |
Feature |
Graylog Open |
Graylog Enterprise |
Graylog Security |
|---|---|---|---|
|
Documentation |
✓ |
✓ |
✓ |
|
Graylog Academy |
✓ |
✓ |
✓ |
|
Graylog Community |
✓ |
✓ |
✓ |
|
Onboarding & Architecture Review Services |
× |
✓ |
✓ |
|
TAM Services (optional add-on) |
× |
✓ |
✓ |
|
Access To Professional Services (SOW required) |
× |
✓ |
✓ |
|
24x5 Global Technical Support
|
× |
✓ |
✓ |
Products
Follow Us:
GRAYLOG HEADQUARTERS
1301 Fannin St, Ste. 2000
Houston, TX 77002
GRAYLOG COLORADO
1919 14th Street, Suite 700, Office 18
Boulder, CO 80302
GRAYLOG UNITED KINGDOM
34-37 Liverpool Street, 7th Floor
London, EC2M 1PP
United Kingdom
GRAYLOG GERMANY GMBH
Poolstraße 21
20355 Hamburg, Germany
© 2025 Graylog, Inc. All rights reserved