The Graylog blog

Graylog 5.0 – A New Day for IT & SecOps

We are excited to announce the release of Graylog 5.0! Graylog 5.0 brings updates across our entire product line, including changes to infrastructure, Security, Operations, and our Open offerings. For more detailed information on what’s changed, visit our changelog pages for Graylog Open and Graylog Operations/Graylog Security.

Infrastructure Enhancements

  • JREs have been bundled with our respective installation packages to make it easier to deploy with the correct Java version (Java 17 will be required to build and run Graylog from now on)
  • Support for OpenSearch 2.x has been added, for both self-managed and hosted versions.
  • Additionally, we have bundled the integration plugins with the install package to simplify the installation process.
  • Support for MongoDB 5.0 and 6.0 has been added (the minimum version for MongoDB is now 5.0) 

Features & Capabilities 

UI Updates

Graylog 5.0 sports a new look and feel that helps to improve the overall Analyst Experience (AX) and engagement. Users can look forward to additional enhancements in future releases.

Sigma Rule Support (Graylog Security only)

Graylog Security adds native Sigma rule support, allowing users to incorporate up-to-date rules directly from the well-known GitHub repository into their Graylog Security instance. Note – Please use the most recent Illuminate release to make use of pre-canned and customizable field mappings for Sigma rules.

Graylog Sidecar

Sidecar has been updated to support configuration tags and multiple configurations per collector to allow for more efficient and convenient management of larger fleets.


New search filters greatly reduce the effort involved with enabling, disabling, or inverting parts of a search by providing the ability to separate these parts out and turn them on and off with a single click. They can even be saved and shared among team members, and that way consistently reused across ad-hoc and saved searches and dashboards. 

Archiving (Graylog Operations & Graylog Security only)

Graylog 5.0 now allows the bulk restoration of archives for situations where extensive investigations or auditing requires searching across a larger time range. Previously, each archive had to be restored manually, one after the other, but Graylog will now sequentially restore the selected archives, making sure not to cause sudden load spikes by the restored traffic. Similarly, bulk deletion of old archives is now enabled via UI.


We are also excited to announce the launch of our new technical documentation knowledge base, located at

Our goal is to improve your experience with documentation, whether you’re reading through the user guides to learn more about Graylog or you have specific questions or tasks for which you need more information. The new navigational structure tells the story of how to plan for, download, utilize, and optimize your Graylog environment, all with a sleek and modern look and feel. 

Additionally, this new site affords us the opportunity to provide you with documentation catered to your specific Graylog version. You can now choose between our 4.x documentation, which includes the content from our old site for versions 4.0 to 4.3, and our brand new 5.0 documentation. As we continue to improve our documentation repository, we will be able to offer more version-specific content. And, as always, legacy documentation for versions prior to 4.0 remain available at

If you have questions about Graylog documentation, we invite you to post in our Documentation Campfire community forum. Happy reading! 

Want to learn more about what’s new in Graylog 5.0?

Graylog 5.0 is bursting at the seams with capabilities and enhancements designed to help strengthen security and performance for your organization while making your life easier. Register today for the webinar on Wednesday, January 11, 2023 at 11 am ET, where our experts will take you under the hood for a closer look. 

IT and SecOps just got a makeover. Download Graylog 5.0 now. 


Get the Monthly Tech Blog Roundup

Subscribe to the latest in log management, security, and all things Graylog Blog delivered to your inbox once a month.