The Graylog blog

Get ready to dive into the public release candidate of Graylog v3.2 with expanded search capabilities, saved search, search workflows, full screen mode, further enhancements to alerting and other minor updates.

Read on for all the details.


Upgrading from a previous Graylog release? You can find the upgrade notes here.

Please report bugs and any other issues in our GitHub issue tracker. Thank you!


The threat hunting process just became more efficient with the unification of views, dashboards, and search.

With Graylog’s expanded search, you can now explore your data by building and combining multiple searches into one single action and review your delivered results on one screen. Then you can begin the hunt for the information needed to address issues, threats, outages, and customer support calls by drilling into the data.


Streamline IT Operations, shorten customer service response time, and free up your team to do other things.

Graylog has just made it easier to reuse searches that you need to run on a regular basis by integrating Views and Searches, by adding parametrization as a part of saving, searches which means you can fill in different values every time you run that search.

Combining searches, including feeding the results of one search into the next, lets you prepare Search Workflows for a broad range of team members, extending the value of Graylog out to Level 1 Tech Support, junior Security Analysts, network engineers, and system administrators.


Two significant changes to alerts that make a significant and positive impact on your searches. 

Alerts now utilize dynamic lists as well as alerting against multiple conditions at once.

The new dynamic lists are a combination of alert parameters and look up tables. (think searching and correlating across third party databases like active directory or threat intelligence feeds). Automatically update alert criteria based on a dynamically created list in a lookup table.

Supporting more than one condition for alert events is another way Graylog saves you time.


Maximize dashboards for Operations Center monitors.

V3.2 gives you full screen mode inside Graylog for viewing dashboards for those times you need all the surrounding elements on your laptops, computers, and/or monitors.

Get the Monthly Tech Blog Roundup

Subscribe to the latest in log management, security, and all things Graylog Blog delivered to your inbox once a month.