NOTE: Graylog has made many updates to the application since this release. We encourage you to update to the latest version and take advantage of the large number of new features and functionality.
We are excited to announce that the final release of Graylog v2.2 is now available! Our focus for this release was on improvement of four current features: data retention, alerting, the pipeline processor, and the collector sidecar. We’ve also fixed bugs along the way and have noted the full list of changes below. Thank you for all of your feedback and helping us reach this milestone.
Download Graylog v2.2.0:
- DEB or RPM packages are available in our repositories and our download page.
- Docker image
- OVA / Appliance
- Tarball (manual installation)
Let’s see what’s new!
We’ve made it easier to manage your alert notifications by adding an Alerts page in the navigation bar. The alerts overview page lets you view which alerts currently require your attention in an easy way. You can also easily check alerts that were triggered in the past and are now resolved. From within the alert details page, you can see a timeline of what occurred since Graylog detected an alert condition was satisfied. This includes the time when Graylog evaluated the condition that triggered the alert, the time when notifications were executed and the results of executing them, and the time when the alert was resolved (if that is the case).
With this release, we have introduced stateful notifications for our alerts. In previous Graylog versions, while an alert condition was satisfied, a new notification was sent every minute. The only way to influence this behavior was by using the grace time functionality, but this was not flexible enough. Alert conditions that were satisfied for longer periods of time would trigger a lot of unnecessary alerts and lead to alert fatigue.
With the new stateful notifications, you will not be notified again until the alert condition is no longer satisfied.
Custom Data Retention Times and Index Sets
The most requested feature since the early days of Graylog has always been the ability to configure different data retention times based on the type of data. For example, our users wanted to be able to keep firewall logs for 3 days, web application logs for 7 days and all other logs for 30 days. This feature is now available in Graylog v2.2.
This feature has been implemented using a new functionality we call Index Sets. Think about an index set like a custom index and data retention configuration for a stream. Create a stream called Firewall Logs and apply an index set on it that will clean old data after 3 days. In this index set, you can also define custom replica and shard configurations.
Other Notable Features
Introducing the explicit default stream! With the new default stream, non-admin users can be granted access to all messages.
Stabilized Pipeline Processor! We’ve improved performance with faster processing speed. The Pipeline Processor is now considered stable and we recommend to start moving to it from the old Extractors functionality.
Sidecar collector performance improvements with easier usability and the ability to restart single collectors from the web interface
UPGRADING FROM GRAYLOG 2.1.X TO 2.2.X
Please be sure to read the upgrade documentation before start the upgrading process!
For OVA users, please follow these instructions to upgrade your Virtual Machine Appliances.
The full Graylog 2.2.0 changelog is available here.
WE LOVE YOUR FEEDBACK
We are really excited about Graylog 2.2.0, and we want to hear what you think about it! There are a variety of ways to provide feedback, all of which can be found on our get involved page:
- Report bugs and other issues in our GitHub graylog-server repo
- Help with documentation in our GitHub documentation repo
- Join the chatter on our #graylog Freenode IRC channel
- New feature ideas are welcome in our product idea portal