Deprecation Note

We published the last version of Graylog Documentation before the release of Graylog 4.2. Now, all documentation and help content for Graylog products are available at https://docs.graylog.org/.

There will be no further updates to these pages as of October 2021.

Do you have questions about our documentation? You may place comments or start discussions about documentation here: https://community.graylog.org/c/documentation-campfire/30

IntroductionΒΆ

Graylog Enterprise is made of the combination of the open source core and several plugins that contribute functionality. This way someone coming from open source can add Enterprise simply by installing a new operating system package.

When the Graylog enterprise plugins and Graylog enterprise integrations plugin is installed the some additional features are added to Graylog. The following list should give a brief overview what is added to Graylog. All of this will only work with a valid enterprise license.

  • Archiving

    • Archiving allows you to store the data to long term retention location, for an infinite amount of time. This can be local or removable media. This will allow most users to meet compliance regulation around data retention

  • Audit log

    • Audit log enables Graylog to keep a record about changes done in-product, on all levels of users.

  • Reporting - Extension of Dashboards

    • Take any of your current dashboard widgets, and put them into a scheduled report you can have delivered to your Inbox.

  • Search extensions

    • Parameter support - placeholders in the query, which asks users for values to put into queries, without having to copy&paste queries themselves

  • Alerting extensions (basic Alerting is part of open source)

    • Event Correlation

    • Dynamic Lists - allows Graylog to lookup values in lookup tables and use the result in the alert query field in the correlation rule. This feature is based on Search Parameters.

    • Cluster-wide scheduler - Open Source runs alerts on a single node only, Enterprise runs them on all Graylog nodes, increasing capacity.

    • Script Notification - ability to run a custom native program in response to a generated alert, useful for the integration of third-party systems.

  • MongoDB Lookup Table

    • This allows settings values from pipelines, e.g. to maintain a list of suspicious IP addresses to be used in Dynamic Lists

  • Forwarding

    • Cluster-to-cluster forwarder output - requires two fully functioning Graylog clusters. The forwarder adds the ability to forward specific data streams to remote locations with journaling support incase of outages.

Please see the Graylog Enterprise Page for more details.