Starting at $15,000/yr*
Enterprise Log Management for SecOps, ITOps, and DevOps teams. Built on the Graylog Platform, Graylog Enterprise is designed to maximize your systems’ uptime, alert you to issues and outages, enhance productivity, and meet data retention requirements for larger teams and complex situations.
Learn More
*Paid annually
Starting at $18,000/yr*
Graylog Security delivers on the promise of SIEM without all the complexity, alert fatigue, and high costs. Built on the Graylog platform, Graylog Security reduces the strain on your cybersecurity staff, improves your overall security posture, and reduces risk. Technical support included.
Learn More
*Paid annually
Starting at $18,000/yr*
Graylog API Security is a comprehensive solution designed to offer discovery and end-to-end protection for your business-critical APIs and peace of mind as your business thrives, safe in the knowledge you are guarded by a state-of-the-art, adaptable shield against the most sophisticated cyber threats.
Learn More
*Paid annually
*Graylog Open only supports a very limited number of Parsers and Spotlights. Graylog Open users must first upgrade their 6.2+ instance to include the Enterprise plug-in before being able to install the Illuminate Content Hub.
Feature | Graylog Open | Graylog Enterprise | Graylog Security |
|---|---|---|---|
| | | | |
| Support for Syslog, CEF, GELF, BEATS, HTTP-JSON, IPFIX, Netflow, Plain Text | ✓ | ✓ | ✓ |
| Log Collection & Fleet Management | ✓ | ✓ | ✓ |
| Index Field Type Profiles | ✓ | ✓ | ✓ |
| Pipelines & Streams | ✓ | ✓ | ✓ |
| Data Normalization | ✓ | ✓ | ✓ |
| | | | |
| Visualization Widgets | ✓ | ✓ | ✓ |
| Save To Dashboard | ✓ | ✓ | ✓ |
| Guided Search | ✓ | ✓ | ✓ |
| Save & Share | ✓ | ✓ | ✓ |
| Filters | × | ✓ | ✓ |
| Parameters | × | ✓ | ✓ |
| | | | |
| Customizable Data Visualization Widgets | ✓ | ✓ | ✓ |
| Save & Share | ✓ | ✓ | ✓ |
| Right-click Graylog & Custom Saved Searches | × | ✓ | ✓ |
| Scheduled E-mail Reports | × | ✓ | ✓ |
| Custom Reports | × | ✓ | ✓ |
| | | | |
| REST API | ✓ | ✓ | ✓ |
| Content Pack Import/Export | ✓ | ✓ | ✓ |
| TCP Raw & TCP Syslog Outputs | ✓ | ✓ | ✓ |
| Direct Ingest | Basic | Advanced | Advanced |
| Direct Output | GELF Output | GELF, STDOUT-Enterprise, Google Cloud Big Query | GELF, STDOUT-Enterprise, Google Cloud Big Query |
| Graylog Schema | Manual | Illuminate | Illuminate |
| Input Wizard | × | ✓ | ✓ |
| Illuminate Content Hub | × | ✓ | ✓ |
| Illuminate Content | Basic Parsers | Ops Content | All Content |
| | | | |
| Data Enrichment Connectors | ✓ | ✓ | ✓ |
| Support for IPinfo, MaxMind GeoIP Integration | ✓ | ✓ | ✓ |
| IPinfo GeoIP Data | × | Cloud | Cloud |
| Lookup Tables | Static | Dynamic | Dynamic |
| Asset Data | × | × | ✓ |
Feature | Graylog Open | Graylog Enterprise | Graylog Security |
|---|---|---|---|
| | | | |
| Support for Syslog, CEF, GELF, BEATS, HTTP-JSON, IPFIX, Netflow, Plain Text | ✓ | ✓ | ✓ |
| Log Collection & Fleet Management | ✓ | ✓ | ✓ |
| Index Field Type Profiles | ✓ | ✓ | ✓ |
| Pipelines & Streams | ✓ | ✓ | ✓ |
| Data Normalization | ✓ | ✓ | ✓ |
| | | | |
| Visualization Widgets | ✓ | ✓ | ✓ |
| Save To Dashboard | ✓ | ✓ | ✓ |
| Guided Search | ✓ | ✓ | ✓ |
| Save & Share | ✓ | ✓ | ✓ |
| Filters | × | ✓ | ✓ |
| Parameters | × | ✓ | ✓ |
| | | | |
| Customizable Data Visualization Widgets | ✓ | ✓ | ✓ |
| Save & Share | ✓ | ✓ | ✓ |
| Right-click Graylog & Custom Saved Searches | × | ✓ | ✓ |
| Scheduled E-mail Reports | × | ✓ | ✓ |
| Custom Reports | × | ✓ | ✓ |
| | | | |
| REST API | ✓ | ✓ | ✓ |
| Content Pack Import/Export | ✓ | ✓ | ✓ |
| TCP Raw & TCP Syslog Outputs | ✓ | ✓ | ✓ |
| Direct Ingest | Basic | Advanced | Advanced |
| Direct Output | GELF Output | GELF, STDOUT-Enterprise, Google Cloud Big Query | GELF, STDOUT-Enterprise, Google Cloud Big Query |
| Graylog Schema | Manual | Illuminate | Illuminate |
| Input Wizard | × | ✓ | ✓ |
| Illuminate Content Hub | × | ✓ | ✓ |
| Illuminate Content | Basic Parsers | Ops Content | All Content |
| | | | |
| Data Enrichment Connectors | ✓ | ✓ | ✓ |
| Support for IPinfo, MaxMind GeoIP Integration | ✓ | ✓ | ✓ |
| IPinfo GeoIP Data | × | Cloud | Cloud |
| Lookup Tables | Static | Dynamic | Dynamic |
| Asset Data | × | × | ✓ |
Feature | Graylog Open | Graylog Enterprise | Graylog Security |
|---|---|---|---|
| | | | |
| Basic Triggers & Aggregations | ✓ | ✓ | ✓ |
| Alerting | ✓ | ✓ | ✓ |
| Notifications | Basic | Advanced | Advanced |
| Automated Script Triggers | × | ✓ | ✓ |
| Correlation Engine | × | ✓ | ✓ |
| Sigma Rules | × | × | ✓ |
| MITRE ATT&CK Framework | × | × | ✓ |
| | | | |
| User Activity | × | × | ✓ |
| Suspicious Data Movement | × | × | ✓ |
| File & System Integrity | × | × | ✓ |
| Network / Perimeter Threats | × | × | ✓ |
| Custom Detectors | × | × | ✓ |
| | | | |
| Evidence Collection | × | × | ✓ |
| AI Report Generation | × | × | ✓ |
| Investigation Timeline Visualization | × | × | ✓ |
| Investigations Analytics | × | × | ✓ |
| | | | |
| Automation | × | × | ✓ |
| Guided Response | × | × | ✓ |
|
| × | × | ✓ |
| 3rd Party SOAR, Ticketing Integration (custom add-on) | × | × | ✓ |
Feature | Graylog Open | Graylog Enterprise | Graylog Security |
|---|---|---|---|
| | | | |
| Basic Triggers & Aggregations | ✓ | ✓ | ✓ |
| Alerting | ✓ | ✓ | ✓ |
| Notifications | Basic | Advanced | Advanced |
| Automated Script Triggers | × | ✓ | ✓ |
| Correlation Engine | × | ✓ | ✓ |
| Sigma Rules | × | × | ✓ |
| MITRE ATT&CK Framework | × | × | ✓ |
| | | | |
| User Activity | × | × | ✓ |
| Suspicious Data Movement | × | × | ✓ |
| File & System Integrity | × | × | ✓ |
| Network / Perimeter Threats | × | × | ✓ |
| Custom Detectors | × | × | ✓ |
| | | | |
| Evidence Collection | × | × | ✓ |
| AI Report Generation | × | × | ✓ |
| Investigation Timeline Visualization | × | × | ✓ |
| Investigations Analytics | × | × | ✓ |
| | | | |
| Automation | × | × | ✓ |
| Guided Response | × | × | ✓ |
|
| × | × | ✓ |
| 3rd Party SOAR, Ticketing Integration (custom add-on) | × | × | ✓ |
Feature | Graylog Open | Graylog Enterprise | Graylog Security |
|---|---|---|---|
| | | | |
| Asset-based Risk Scoring | × | × | ✓ |
| Events & Alerts Risk Scoring | × | × | ✓ |
| Adversary Campaign Intelligence | × | × | ✓ |
| Field Action Menus with Threat Intel Lookups and Watchlists | × | × | ✓ |
| Threat Coverage Analyzer | × | × | ✓ |
| Threat Coverage Visualization | × | × | ✓ |
| Vulnerability Scan Ingest | × | × | ✓ |
| | | | |
| Compliance Reports | × | ✓ | ✓ |
| | | | |
| Role-based | Internal | AD/LDAP | AD/LDAP |
| Teams Management | × | ✓ | ✓ |
| OIDC, OKTA, Auth0, AzureAD, Google, Keycloak, PingIdentity, OneLogin Support | × | ✓ | ✓ |
| Graylog User Audit Logs | × | ✓ | ✓ |
Feature | Graylog Open | Graylog Enterprise | Graylog Security |
|---|---|---|---|
| | | | |
| Asset-based Risk Scoring | × | × | ✓ |
| Events & Alerts Risk Scoring | × | × | ✓ |
| Adversary Campaign Intelligence | × | × | ✓ |
| Field Action Menus with Threat Intel Lookups and Watchlists | × | × | ✓ |
| Threat Coverage Analyzer | × | × | ✓ |
| Threat Coverage Visualization | × | × | ✓ |
| Vulnerability Scan Ingest | × | × | ✓ |
| | | | |
| Compliance Reports | × | ✓ | ✓ |
| | | | |
| Role-based | Internal | AD/LDAP | AD/LDAP |
| Teams Management | × | ✓ | ✓ |
| OIDC, OKTA, Auth0, AzureAD, Google, Keycloak, PingIdentity, OneLogin Support | × | ✓ | ✓ |
| Graylog User Audit Logs | × | ✓ | ✓ |
Feature | Graylog Open | Graylog Enterprise | Graylog Security |
|---|---|---|---|
| | | | |
| Multi-Cluster | ✓ | ✓ | ✓ |
| Enterprise Forwarder | × | ✓ | ✓ |
| Cluster-to-Cluster Forwarder | × | ✓ | ✓ |
| Cloud Forwarder | × | ✓ | ✓ |
| Data Node | × | ✓ | ✓ |
| | | | |
| Data Pipeline Management / Data Routing | × | ✓ | ✓ |
| Data Lake | × | ✓ | ✓ |
| Data Lake Preview | × | ✓ | ✓ |
| Selective Retrieval | × | ✓ | ✓ |
| Data Tiering - Hot, Warm, Archive | × | ✓ | ✓ |
| Searchable Snapshots | × | ✓ | ✓ |
Feature | Graylog Open | Graylog Enterprise | Graylog Security |
|---|---|---|---|
| | | | |
| Multi-Cluster | ✓ | ✓ | ✓ |
| Enterprise Forwarder | × | ✓ | ✓ |
| Cluster-to-Cluster Forwarder | × | ✓ | ✓ |
| Cloud Forwarder | × | ✓ | ✓ |
| Data Node | × | ✓ | ✓ |
| | | | |
| Data Pipeline Management / Data Routing | × | ✓ | ✓ |
| Data Lake | × | ✓ | ✓ |
| Data Lake Preview | × | ✓ | ✓ |
| Selective Retrieval | × | ✓ | ✓ |
| Data Tiering - Hot, Warm, Archive | × | ✓ | ✓ |
| Searchable Snapshots | × | ✓ | ✓ |
Feature | Graylog Open | Graylog Enterprise | Graylog Security |
|---|---|---|---|
| Documentation | ✓ | ✓ | ✓ |
| Graylog Academy | ✓ | ✓ | ✓ |
| Graylog Community | ✓ | ✓ | ✓ |
| Onboarding & Architecture Review Services | × | ✓ | ✓ |
| TAM Services (optional add-on) | × | ✓ | ✓ |
| Access To Professional Services (SOW required) | × | ✓ | ✓ |
| 24x5 Global Technical Support | × | ✓ | ✓ |
Feature | Graylog Open | Graylog Enterprise | Graylog Security |
|---|---|---|---|
| Documentation | ✓ | ✓ | ✓ |
| Graylog Academy | ✓ | ✓ | ✓ |
| Graylog Community | ✓ | ✓ | ✓ |
| Onboarding & Architecture Review Services | × | ✓ | ✓ |
| TAM Services (optional add-on) | × | ✓ | ✓ |
| Access To Professional Services (SOW required) | × | ✓ | ✓ |
| 24x5 Global Technical Support | × | ✓ | ✓ |
Products
Follow Us:
GRAYLOG HEADQUARTERS
1301 Fannin St, Ste. 2000
Houston, TX 77002
GRAYLOG COLORADO
1919 14th Street, Suite 700, Office 18
Boulder, CO 80302
GRAYLOG UNITED KINGDOM
34-37 Liverpool Street, 7th Floor
London, EC2M 1PP
United Kingdom
GRAYLOG GERMANY GMBH
Poolstraße 21
20355 Hamburg, Germany
© 2025 Graylog, Inc. All rights reserved
