Announcing Graylog v2.4.0-beta.1

Today we are releasing Graylog v2.4.0-beta.1. This release includes four new plugins that will be shipped with Core and new visualizations! If you are interested to see a first version of the new features, please download the new beta release and let us know if you have any feedback or run into problems.

Remember, this is a beta release so it might be a bit rough around the edges and things might change until the final release.

Please report bugs and any other issues in our GitHub issue tracker.

Download Links

Download Graylog v2.4.0-beta.1:

NEW DEFAULT PLUGINS

Beginning with the 2.4 release, we are shipping the following plugins by default. That means you don’t have to manually install and update them anymore. The plugins also got moved from graylog-labs into our official Graylog organization on GitHub.

QuickValue Widget Improvements

We have three big improvements to our visualizations!

The feature we are most excited about and the most requested is stacking or grouping of data with another field! Within the UI, you can take a quick value result value and stack it against another field. For example, take a source address and then get a new result set with all destination addresses of this field. This is one of the top methods for threat hunting.

In addition, you can now sort the result set based on the field value or count. This is important for threat hunting where you often want to find the most common or uncommon values. (For example, suspicious network connections will usually be found in the top or bottom 5% of all connections made.)

Lastly, you can build a chart of the result set over time. The aggregated result that we previously offered only gave you a view into the “now.” With this improvement, you can now see “how have these values changed over time” to detect important changes or past outliers.

GRAYLOG V2.4.0 PODCAST

For this release, we’ve introduced our new podcast! You can hear Bernd Ahlers, Lennart Koopmann, and Taylor Rhoades discuss the features of Graylog v2.4.0, give a sneak-peek of Graylog 3.0, talk bug-fixes in Graylog v2.3.2 and the open-source tool, Nzyme. You can listen on SoundCloud.

CHANGES

Please find the complete changelog in our documentation.

COMMUNITY CONTRIBUTIONS

The following community members contributed bug fixes and new features for this release:

Thank you very much!

Get the Monthly Tech Blog Roundup

Subscribe to the latest in log management, security, and all things Graylog blog delivered to your inbox once a month.