Ohai. The brand new Graylog2 is here!

Welcome v0.9.6! Taking open source log management to a new level.

There is no future for Graylog2 without being more enterprise they said. No problem: I searched for (and bought) the most awkward stock photo I could find. - „That Party Gorilla is gonna stay! The management.”

Graylog2 v0.9.6

It has been a long time since the last release of Graylog2 in April this year. There were almost 25.000 downloads of Graylog2 v0.9.5 in this time and more and more companies started using it. With 0.9.6 the way into the future is grounded: You'll be able to store far more messages and still have a responsive and easy to use web interface. Read about notable new features on the right side.

Download

The installation docs have been updated for 0.9.6 and are available in the wiki for server and web interface.

Because ElasticSearch is replacing MongoDB as message storage you will have to migrate your existing messages if you want to keep them. There is a migrator script available that should do the job.

So, what's new?

ElasticSearch is the new message storage

ElasticSearch is the new message storage. As a full-powered full text search engine and indexer it allows fast queries on huge collections of log messages. This leads to an extreme perfomance boost especially when you want to keep millions of messages. With it's easy to configure clustering, you are ready to scale out when you want to store more and more logs.

Analytics Shell

This is the first release that includes the Analytics Shell. It is like a terminal running in your browser that allows you to perform find, count and distribution queries on all or subsets of your messages. You can learn more about the shell in the wiki or check out this screenshot with example queries.

Fast long term graphs

The analytics graphs are no longer generated by actually counting the messages in your collection but read from MongoDB where they were stored by the server. This is extremely fast compared to the old behaviour and has two advantages. 1) It's possible to build graphs over long periods of time without waiting for ages. Even the GUI has been changed to easily draw graphs over hours, days or weeks. 2) The graphs are independent from the messages index. This means that even if you deleted messages older than 2 months, you can still draw graphs beyond that period. This works for the overall message counts, streams and hosts.

Internal message queue system

The server now interally writes accepted messages to it's message queue instead of directly indexing them. You can define in which intervals how many messages should be indexed. This is a good mechanism to absorb and resist extreme load spikes. It also allowed to change the indexing of messages to a batch system which leads to less IO load. You can easily monitor the queue in the web interface and tweak it's settings in your graylog2.conf - It is also possible to define a maximum limit.

New filters/stream rules, a lot of improvements and bugfixes

There are some new quickfilters and stream rules. For example Severity (or higher), Host (regex), Full Message or Filename/Line. There are also a lot of bugfixes and huge improvements since the latest 0.9.5 patchlevel releases. More than 600 commits made this the best Graylog2 ever!

A big thank you goes out to the awesome community around Graylog2 that has grown since 2010. It's great to have such a community that helps each other in a nice way and is always happy to test even the newest and unstable preview releases. All this would not have been possible without you! Another big thank you goes out to all the contributors, especially Jochen Schalanda (who has great experience with Java and contributed awesome server code), Dennis Oelkers and Alexey Palazhchenko (who both already contributed to previous versions a lot).

Everybody a happy new year 2012 and a lot of fun with Graylog2,
Lennart Koopmann (Thu Dec 22 21:42:50 +0100 2011)