Today we are officially releasing Graylog v4.1.

This release introduces productivity gains and a greater degree of flexibility with a number of new features and enhancements. Read on to find out what is waiting for you in Graylog v4.1.

DOWNLOAD LINKS

GRAYLOG CORE

Tarballs (manual installation):

NOTE: Docker Compose has replaced OVA/Appliance.

GRAYLOG FORWARDER

Tarball (manual installation):

OS Packages

Please report bugs and any other issues in our GitHub issue tracker. Thank you!

IMPORTANT NOTE

We caution you not to install or upgrade Elasticsearch to 7.11 and later! To do so, will break your instance. Also, it is not supported, and it is not possible to downgrade without restoring from backups.

New: Log View (Enterprise)

Graylog v4.1 comes with a new Log View Widget that lets you streamline investigations and communicate your findings and tailor them to the right internal audience with our reporting features. Log View provides visualizations that make it easier for teams to find patterns and track issues by putting the message in the window. When you are familiar with what log messages are present, the Log View Widget will show the complete log line in raw text allowing you to see the entire message.

Log View

New: Forwarder (Enterprise & Cloud)

The Graylog Forwarder is a lightweight and fast standalone solution for sending data to Graylog Cloud or an on-premise Graylog Server cluster. You can configure your Forwarder to send data from one Graylog instance to Graylog Cloud or to an on-premise Graylog Server instance. In other words, one tool supports any deployment model to centralize log messages from a distributed architecture into one cluster. This supports local teams and enables organization-wide data analysis no matter where employees are located.

UI Enhancements for Visibility and Ease (Open Source, Enterprise, & Cloud)

Customize how you see your data by adding color and presenting data the way you want it with editing and viewing. Want to get even more excited? Read on for more details.

Aggregation Builder

Change, edit, build, and configure aggregations to combine “Group By” fields, “Metrics” fields, or both for more flexibility in your log management. Once you’re done, you can use the “Update Preview” button to see how your new aggregation will look.

Widget Focusing

Maximize and minimize your widget screens when you have a lot of data to view and you need the flexibility to present it in the way that makes the most sense.

Widget focusing

Search Time Range Picker

Vary your relative time ranges, absolute time ranges, and keyword time ranges for a more comprehensive view of your data.

Value Widgets on Pie and Bar Charts

You now have the option to trigger actions for field values in bar and pie charts for a varied way to explore your search results.

Highlighting Rule Gradient Option

Highlight any field or value in a search result with gradient colors so you can pinpoint your key data. Pair this with the new Log View widget for greater visibility.

Highlighting Rule Gradient option

Parameter Options Selection (Enterprise)

Creating parameters is now even easier with predefined values in the dropdown menu.

Heatmap color scale

Scanning your aggregations just got easier with an expanded color palette. You no longer need to be an interior designer to make the right color choices.

Time range info for dashboard widgets

Widgets often use different time ranges, and now you have an indicator that lets you display the time range of a widget, and test to make sure the time range is always correct. For example, when defining a time range for a widget or when using the dashboard filter.

NEW export formats (Enterprise)

JSON, NDJSON, Plain Text (enterprise) for your search results.

NEW Okta authentication support and teams sync (Enterprise & Cloud)

We now support multi-factor authentication for users with Okta credentials for enhanced security and integration with Graylog Cloud. This is very similar to the existing LDAP feature, minus the LDAP complexities of the path hierarchy.

NEW Custom theming and Notifications (Enterprise & Cloud)

It’s the little things that matter, and in this case, we’ve added the ability for you to recolor all of Graylog’s light and dark mode to you desired color palette. In addition, you can customize your public notifications–e.g., announce your public server is going down at a preplanned time, or to notify users of compliance statements upon login, etc.

NEW S3 Archiving (Enterprise & Cloud)

Now you have the flexibility to log to any S3 compliance storage you like directly from the Graylog UI. This means that users can archive their Elastic indexes to an S3 bucket to back up data and meet compliance requirements. If you have access to an AWS account where you can create new S3 buckets, you can try setting up S3 as a back-end for archiving and manually archiving an index.

New Data Adapters (Open Source, Enterprise, & Cloud)

We’ve added new data adapters for open source, enterprise, and cloud.

  • Active Directory User Lookup that lets you lookup users in your AD (Enterprise)
  • GreyNoise basic adapter allows you to filter out traffic so you can focus on real threats. In addition, the Enterprise version gives you even more information so you can fine tune your filtering.
  • Abuse.ch URLhaus data adapter lets you check if anyone on your network is downloading malware. (Enterprise)

Also, we added the MongoDB storage for data adapter, eliminating the need to download everything to memory, which makes Graylog more efficient and cost-effective. (Enterprise)

CHANGELOGS

Let us know what you’d like to have included in our GitHub issue tracker.

Get the Monthly Tech Blog Roundup

Subscribe to the latest in log management, security, and all things Graylog blog delivered to your inbox once a month.