Today we are releasing the first alpha version of Graylog v2.1. Why alpha.2? We made improvements to alpha.1, before it was released. Every tag starts an automatic release and we are strictly following Semantic Versioning here at Graylog.
TESTING THE ALPHA
This Alpha release is not fully feature complete, but many important changes are ready to be tested, and we would definitely appreciate your help! Please submit issues at our GitHub graylog-server repository.
Below is the first changelog of this early release. We’ll be announcing more features and changes with each subsequent release.
Graylog v2.1-alpha.2 can be downloaded from here.
Our virtual appliance in OVA format has also been updated for this release.
Docker images are available on Docker Hub.
Here are some new features that we’d like to highlight. Make sure to test them and let us know about any issues you experience!
BEATS SUPPORT FOR COLLECTOR SIDECAR AND MESSAGE INPUT
The Graylog Collector Sidecar now supports Elastic Beats. This means you can control the deployment and configuration of your Beats fleet automatically and template-based from your Graylog Web Interface.
Pretty cool, eh? While nxlog has already been supported by the Collector Sidecar for Microsoft Windows log collection, we are adding more supported log collectors in future releases.
COLLECTOR STATUS DISPLAY IN WEB INTERFACE
Collectors can now send their internal status back to Graylog. A status page is listing all running collectors for each host and in case of an error, the host is marked with a small red badge to indicate the problem together with a message to get an idea why the collector is failing. Besides that the user can find general information on the status page like the tags that are configured for the Sidecar or a list of available log files. A real headless administration is now possible with these changes.
The Graylog Processing Pipelines feature that was introduced in v2.0 now comes with a complete simulator user interface that allows you to test your pipeline and rule compositions.
When a test or example log message is fed into the simulator, you will immediately see the following:
- The resulting, fully processed and parsed log message
- An overview of what fields were transformed and why
- A microsecond resolution trace of the performed actions
We put a lot of work into this feature to make the parsing, transformation and enrichment of any log message as intuitive and easy as possible. We hope you will enjoy it and save a lot of time!
STREAM RULE DESCRIPTIONS AND ALERT CONDITION TITLES
Stream rules and alert conditions can now be annotated with more information. This is extremely useful when working in a team, where another team member might look at stream rules or alert conditions and needs some context about why they were created or what they are intended to do.
- Throttle LB status if journal utilization is too high. Graylog2/graylog2-server#1100, Graylog2/graylog2-server#1952 and Graylog2/graylog2-server#2312. Thank you @mikkolehtisalo!
- TLS ciphers for inputs should probably be configurable. Graylog2/graylog2-server#2051.
- SelfSignedCertificate should migrate from sun.security.*. Graylog2/graylog2-server#2132 and Graylog2/graylog2-server#2316. Thank you @mikkolehtisalo!
- Fix formatting metric names including more than one namespace prefix. Graylog2/graylog2-server#2254 and Graylog2/graylog2-server#2425.
- Waiting for index range calculation before switching deflector alias. Graylog2/graylog2-server#2264 and Graylog2/graylog2-server#2278.
- Specify application.context. Graylog2/graylog2-server#2271 and Graylog2/graylog2-server#2440.
- Add handler for / in the Graylog REST API. Graylog2/graylog2-server#2376 and Graylog2/graylog2-server#2377.
- User preferred timezone not saved. Graylog2/graylog2-server#2393 and Graylog2/graylog2-server#2395.
- Unable to delete closed index. Graylog2/graylog2-server#2419 and Graylog2/graylog2-server#2437.
- Absolute search results in widget using wrong time. Graylog2/graylog2-server#2428 and Graylog2/graylog2-server#2452.
- Upgrade to Kafka 0.9.0.1. Graylog2/graylog2-server#1912.
- RestAccessLogFilter to use X-Forwarded-For set by trusted proxies. Graylog2/graylog2-server#1981. Thank you @mikkolehtisalo! Wow, that’s the third time in the same release
- Upgrade to Drools 6.4.0.Final. Graylog2/graylog2-server#2106.
- Stream Rule Titles. Graylog2/graylog2-server#2244.
- Improve search with no results page. Graylog2/graylog2-server#2253.
- Refactor Version class to use com.github.zafarkhaja.semver.Version. Graylog2/graylog2-server#2275.
- Alert condition titles. Graylog2/graylog2-server#2282.
- Upgrade to Jackson 2.7.4. Graylog2/graylog2-server#2304.
- Support changes for pipeline processor simulator. Graylog2/graylog2-server#2320.
- Add dependency on jna to fix chatty Elasticseach log message. Graylog2/graylog2-server#2342.
- Interfaces and simple implementations of an audit log. Graylog2/graylog2-server#2344.
- Do not init available alarm callback types, fetch them explicitly. Graylog2/graylog2-server#2353.
- Move custom analyzer into index template. Graylog2/graylog2-server#2354.
- Remove automatic private key/certificate generation. Graylog2/graylog2-server#2355.
- Improved feedback. Graylog2/graylog2-server#2357.
- Longer retention interval for journal tests. Graylog2/graylog2-server#2388.
- Remove “elasticsearch_discovery_zen_ping_multicast_enabled” setting. Graylog2/graylog2-server#2394.
- Fix unrequested refresh of configuration forms/Reset configuration forms on cancel. Graylog2/graylog2-server#2399.
- Web If: Updating a few dependencies which are safe to update. Graylog2/graylog2-server#2407.
- Added Information for journal partitions. Graylog2/graylog2-server#2412.
- Fix memory problems with webpack-dev-server in development mode. Graylog2/graylog2-server#2433.
- Remove “_ttl” in index mapping. Graylog2/graylog2-server#2435.
- Add raw message loader. Graylog2/graylog2-server#2438.
- Extracting our customized ESLint config into separate module. Graylog2/graylog2-server#2441.
- Remove deprecated MongoDB metrics reporter. Graylog2/graylog2-server#2443.
- Allow access to MongoDatabase in MongoConnection. Graylog2/graylog2-server#2444.
- Add some useful FindBugs plugins. Graylog2/graylog2-server#2447.
- Proxies deflector cycle call to make it available on every node. Graylog2/graylog2-server#2448.
PIPELINE PROCESSOR PLUGIN
- Add syslog-related functions. Graylog2/graylog-plugin-pipeline-processor#19.
- Add concat() function. Graylog2/graylog-plugin-pipeline-processor#20.
- NPE during preProcessArgs using Grok pattern. Graylog2/graylog-plugin-pipeline-processor#24 and Graylog2/graylog-plugin-pipeline-processor#26.
- Streams without connections stay visible. Graylog2/graylog2-server#2322.
- Add pipeline simulator. Graylog2/graylog-plugin-pipeline-processor#34, Graylog2/graylog-plugin-pipeline-processor#36 and Graylog2/graylog-plugin-pipeline-processor#42.
COLLECTOR SIDECAR PLUGIN
- Add support for Beats. Filebeat, Winlogbeat.
- Beats binaries are bundled with the Collector-Sidecar package
- Improve server side validation. Graylog2/graylog2-server#2247 and Graylog2/graylog-plugin-collector#7.
- Add NXlog GELF TCP and TCP/TLS output
- Add support to clone input, outputs and snippets
- Optionally display collector status information in web interface
- Optionally display log directory listing on status page
- If no node-id is given use the hostname as identification
- Linux distribution is detected and can be used in Snippet template
- Silent install on Windows works now
- Collector log files are now auto-rotated
- Collector processes are supervised and restarted on crashes
- NXlog Inputs and Outputs support free text configuration
WE LOVE YOUR FEEDBACK
We need feedback about what’s working and what’s broken in order to help everyone get the most out of Graylog v2.1. There are a variety of ways to provide feedback, all of which can be found on our community resources page:
- Report bugs and other issues in our GitHub graylog-server repo.
- Help with documentation in our GitHub documentation repo.
- Start a discussion in our Google Group mailing list.
- Or join the chatter on our #graylog Freenode IRC channel.
- New feature ideas are welcome in our product idea portal.
We’re super excited about releasing 2.1, and we value your feedback. So please go try out the Alpha and let us know what you think!