NOTE: Graylog has made many updates to the application since this release. We encourage you to update to the latest version and take advantage of the large number of new features and functionality.

Happy New Year! Today we are releasing Graylog v2.4. In this release, you will see we’ve added four new default plugins and made three huge improvements to the QuickValues Widget.

DOWNLOAD LINKS

Download Graylog v2.4:

NEW DEFAULT PLUGINS

Beginning with the 2.4 release, we are shipping the following plugins by default. That means you don’t have to manually install and update them anymore. The plugins also got moved from graylog-labs into our official Graylog organization on GitHub.

QUICKVALUE WIDGET IMPROVEMENTS

We have three big improvements to our visualizations!

The feature we are most excited about and the most requested is stacking or grouping of data with another field! Within the UI, you can take a quick value result value and stack it against another field. For example, take a source address and then get a new result set with all destination addresses of this field. This is one of the top methods for threat hunting.

In addition, you can now sort the result set based on the field value or count. This is important for threat hunting where you often want to find the most common or uncommon values. (For example, suspicious network connections will usually be found in the top or bottom 5% of all connections made.)

Lastly, you can build a chart of the result set over time. The aggregated result that we previously offered only gave you a view into the “now.” With this improvement, you can now see “how have these values changed over time” to detect important changes or past outliers.

 

Please report bugs and any other issues in our GitHub issue tracker.

Thank you!

CHANGES

Please find the complete changelog in our documentation:

Get the Monthly Tech Blog Roundup

Subscribe to the latest in log management, security, and all things Graylog blog delivered to your inbox once a month.