What is the Graylog Search Query Language?

Welcome to This Week in Log Management!

Every week we get many great questions through support, the community, social media, and our weekly demo. On Fridays, I like to share the most common questions and answers, tips, insights, a closer look at Graylog, interviews, etc.

If you have any questions for me, drop them on Twitter, and I’ll do my best to fold them into upcoming Friday posts. Our handle is @graylog2.

 

WHAT IS YOUR SEARCH QUERY LANGUAGE? DO MOST PEOPLE USE THE WEB QUERY TO BUILD SEARCHES?

The Graylog Web Search query is one of the most powerful features in Graylog and one of the easiest to use. The query interface uses something very close to the Lucene Syntax. In the web interface, the query syntax will enable you to build very fast, simple queries. For example, if you wanted to look in all of your logs for SSH logins throughout your logs. You can run a random search with “ssh” in it, and tada, you found it. You can run this search in all messages streams or by selecting a specific stream to narrow down your logs by stream. Once log data is returned, you can view everything that is found with “ssh”. Now you can find specific messages with messages containing “ssh login”.

Using a specific term like “ssh login” in search will further narrow down the logs containing everything related to SSH logins.

For more on this topic, check out this content on the Graylog website:

Blog Post: Monitoring Logs for Insider Threats in Turbulent Times

Video: Extended Search

 

IF I AM RUNNING THE OPEN VERSION, DO I NEED TO RE-INSTALL TO DEPLOY THE ENTERPRISE VERSION?

Installing Graylog on DEB, RPM, and Docker-based deployments allows you to upgrade your license with ease. If you prefer deployment of Graylog via configuration management tools, you can and currently is available with Chef, Puppet, and Ansible. OVA setups in an Enterprise environment are not suitable for production deployments out of the box. They do not have sufficient storage or offer capabilities like index replication that meet high availability requirements.

For more on this topic, check out this content in the Graylog Documentation:

Getting Started

 

DOES GRAYLOG HAVE A CLOUD VERSION?

Yes, Graylog has a Cloud version. It comes with all the Open and Enterprise-only features users enjoy and rely on without the infrastructure and operational headaches. There are so many advantages to Graylog Cloud, including the fact that you can offload infrastructure, maintenance like patching and upgrades, redundancy, scaling, and support to the Graylog team. Also, with Graylog Cloud, you get the latest as soon as they are released.

Checkout Cloud is here!

Thanks for joining us, and Happy Logging With Graylog!

Categories

Get the Monthly Tech Blog Roundup

Subscribe to the latest in log management, security, and all things Graylog blog delivered to your inbox once a month.