Today, we are proud to announce Graylog v1.0 GA. This release delivers a mature, scalable, enterprise-ready platform to thetens of thousands of Graylog production deployments worldwide.
Users whotestedthe beta and release candidate versions of v1.0 reported huge improvements inperformance and stability. Here was one attemptto overload the server.
The new message journaling feature borrowscode from the open source Kafka message broker whichis known to be extremely efficient and fast. Every message that you sendinto Graylog is now written to disk without applying any further processing. Byimmediately takingthe message out of the fragile network stack and buffers, the system can now process hundreds of thousandsof messages per second without any problem. The appending disk journal is extremely fast, and your Graylog process requires much less memory. Messages are now queuing up on disk without occupying JVM heap space if you are sending more messages than you can process. As a result, this makes it very hard to overload the system.
The message journal feature allowed us to take complexity out of highly availableGraylog architectures. A Graylog Radio infrastructure with Kafka or AMQP brokers is no longer required because your Graylog servers are now effectively running embedded Kafka functionality. We have removed Graylog Radio at a few customers already, and have witnessed hugeimprovements and no problems. You can read more about this in the documentation.
Send your messages directly to Graylog (through a load balancer if required) and uninstall any buffering technology like AMQP, Kafka or Redis that might sit in front.
You can of course still use AMQP or Kafka in front of Graylog if you want to use their topic based subscribing for other use-cases. Good news: The internal and not very well documented Graylog Radio MsgPack format is no longer required to use the Kafka or AMQP message inputs.
A new stream routing engine matches your messages in a more intelligent way. If you have multiple streams configured, you will seedramatically lessCPU usage. We worked withcustomers writing 100,000’s of messages per second in their Graylog setupsto learn what we needed to do to enable you to collect as much data as you want.
You can now easily edit inputs and extractors from the web interface. This was a feature many usershave been waiting on for a long time.
In previous Graylog versions some visualization control elements were hard to use, or haddefault values that did not always make sense. The most annoying issues have been fixed or improved, and we also introduced new dashboard widget types for statistical values and trend analysis of numerical values.
Our extractors now support Grok for easy parsing of any log format. You can even import your existing pattern files to have a very easy transition to Graylog. Read more about this topic in the documentation.
The plugin API is now considered stable and most importantly has been properly documented. You can for example extend your Graylog setup with your own inputs, outputs, alert callbacks, filters, periodic tasks or even custom REST resources.
Our new documentationhas been completely restructured and extended based on user feedback. It is now also versioned and available as PDF, HTML or Epub download.
New and official virtual appliances now allow you to get started with Graylog extremely fast. You can learn more about them in the documentation.
All standard TCP and AMQP inputs now support TLS for encryption.
The built-in REST API browser is now documenting the response types you can expect.
We have renamed to “Graylog” and dropped the “2” at the end of it. The reason is simple: “Graylog2 v1.0″ sounded funny, and “Graylog2 v2.0″would be even worse.
Hundreds of bugfixes and general improvements improve the overall Graylog experience. We have learned a lot from our customers whoare running Graylog in very different scenarios and environments, and are proud of the product we are releasing today.
The packages are available on the download pages:
Ourofficial Graylog virtual machine OVA imagesareavailable for v1.0.0 and allow you to try out the new Graylog easily.
We published a post about the v1.0 operating system packageshere.
Upgrading from 0.20 and newer versionsor an earlier 1.0 beta or RC releases of Graylog is possible without any required data migration. We recommend that you compare your existing
graylog.confwith the shipped example config file to see if there are new parameters for which you want to change the default values.