Sold by: Graylog, Inc.
Deployed on AWS
Graylog delivers AI-powered SecOps and centralized log management without compromise, giving lean security and IT operations teams faster insights, lower costs, and full visibility across every environment they run.
3.9
Overview
Graylog Security: Native anomaly detectors surface credential compromise and data exfiltration that rules miss. Investigations build automatically from asset risk thresholds. Security Core delivers 68 pre-built alerts and 7 dashboards across 7 threat domains, so teams start detecting on day one. No SOAR required.
Graylog Enterprise: Full fidelity into AWS activity without full log ingestion or added licensing costs. Native Amazon Security Lake integration with preview, selective retrieval, and filtered input keeps IT and DevOps teams in control of what they collect and what they pay for. Dynamic shard sizing eliminates manual tuning.
Why Teams Choose Graylog: One platform for SIEM and log management. Predictable pricing with no charge for standby data in the built-in data lake. Full feature parity on AWS or on-premises. Open-source foundation with REST API included.
Highlights
- Reduce Mean-Time-to-Detect (MTTD) and Mean-Time-to-Respond (MTTR) with faster threat detection, automated investigation workflows, and AI-assisted reporting that keeps security and IT teams focused on real issues.
- Search and filter terabytes of log data in milliseconds for faster troubleshooting and incident response.
- Collect AWS logs from CloudTrail, CloudWatch, VPC Flow Logs, and Security Hub with full fidelity and no full-ingestion requirement.
Details
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months |
|---|---|---|
Graylog Security Unit | Graylog Security | $0.001 |
Graylog Operations Unit | Graylog Operations | $0.001 |
Vendor refund policy
As defined in EULA
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Vendor resources
Support
Vendor support
The mission of Graylog Support is to build competence, capability, and confidence in Graylog within our broad base of Customers and Partners. Your successful adoption and acceleration of Graylog as a solution within your business is a fundamental driver behind what we do and how we do it. Experience our first-class support at https://www.graylog.org/technical-support/ .
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
Simplify log management with Graylog pre-configured on AWS. Comes with Apache2, MySQL, PHP, phpMyAdmin, and Webmin for seamless setup and control.
This product has charges associated with it for Websoft9 support. Pre-configured, web-based, cloud-native, secure, one-click to deploy Graylog Open with Websoft9 Applications Hosting Platform on AWS. Graylog is a leading centralized log management solution.
This product has charges associated with it for seller support. Simple, Secure and Supported deployment with the Hossted CLI, for easy self-maintenance.
BitLyft cybersecurity combines four powerful threat protectors security incident and event management, security operations center, security orchestration, automation and response, and central threat intelligence to offer unbeatable protection from cyberattacks.
Customer reviews
Vikram Chakravarthy
Centralized log monitoring has improved incident investigations and reduced alert fatigue
Reviewed on May 25, 2026
Review provided by PeerSpot
What is our primary use case?
Graylog Enterprise is used primarily for log management and to perform security analytics. It helps the organization collect logs from different sources and centralize them in one place. We can search and analyze events, detect suspicious activity, and it supports security investigations. The organization ingests a lot of logs including firewall logs, AWS , Windows endpoints, and authentication logs. It helps collect everything in a single dashboard, and we can search the logs and monitor each aspect.
Graylog Enterprise collects everything in one dashboard, allowing the SOC team to search the logs and monitor every alert based on the rules, enabling investigation of suspicious activity. For example, if a user account suddenly logs in from an unusual or unauthorized location with multiple failed login attempts, Graylog helps correlate those logs and allows analysts to investigate that quickly.
Graylog Enterprise is used for compliance and audit log retention, for investigation, and it is useful for centralized log collection.
In alerting and correlation, logs are ingested from multiple sources, allowing us to create alerts based on those use cases. For example, if a suspicious IP from an unauthorized location is detected, the IP is checked in the firewall logs, application logs, or whether it has executed some PowerShell script or is showing some authentication behavior. Based on that, everything is correlated, and those insights are available in the tool for SOC analysts to analyze those alerts.
What is most valuable?
The best feature Graylog Enterprise offers is its centralized log management, allowing analysts to search logs from a single tool instead of checking multiple tools. It is fast, and we can search effectively because during incident response time, the SOC analyst can quickly search a suspicious IP, username, or any IOCs across the historical logs. Another valuable aspect is the alerting and correlation functionality, where alerts can be created for multiple rules based on use cases, such as multiple failed logins, privilege escalation, abnormal authentication behavior, and other security events.
The dashboard and visualization in Graylog Enterprise is good for SOC monitoring purposes.
Graylog Enterprise positively impacts the organization by helping the team and analysts investigate incidents faster since logs from servers, endpoints, cloud, and firewalls are available in one place. Instead of switching between multiple tools, timelines can be reviewed and suspicious activity validated quickly, resulting in faster investigation times, better visibility into logs, and improved incident response capabilities. This has also reduced manual effort and compliance tasks.
Previously, as an SMB company, approximately 40 to 50 alerts per day were generated. When Graylog Enterprise was implemented and evaluated, it correlated everything, providing true positive alerts and reducing the number of alerts to 10, which allows analysts to monitor those true positive alerts and take action accordingly.
What needs improvement?
Graylog Enterprise performs well overall; however, the UI could be improved because the SOC team creates multiple dashboards based on their use cases, and creating dashboards is complex. If there were multiple dashboard and chart styles available, it would be helpful for the team and for the SOC analysts to investigate and use the UI in a better way.
For how long have I used the solution?
I have been working as a cybersecurity engineer for six years.
What do I think about the stability of the solution?
Enterprise-grade platforms like Graylog Enterprise are expected to be stable for security purposes as well as monitoring workloads, and the experience has been good.
What do I think about the scalability of the solution?
Graylog Enterprise is designed to be capable of handling growing workloads effectively.
How are customer service and support?
The support experience generally depends on the issue complexity, but the team was very responsive and their technical guidance was also very good and constant. I would rate the customer support around nine out of ten.
Which solution did I use previously and why did I switch?
Previously, Elasticsearch, an open-source SIEM tool, was used, and multiple monitoring approaches were evaluated depending on maturity and requirements.
How was the initial setup?
Graylog Enterprise is a security product and generally requires an evaluation. Multiple tools were evaluated, and the solution will need to be scaled if required, as the main cost depends on integration and operation requirements. These details will be shared with leadership, and they will make the decision.
What about the implementation team?
Graylog Enterprise was purchased from a Graylog salesperson, a third-party salesperson.
What was our ROI?
Instead of having five analysts working, Graylog Enterprise has reduced the number of analysts as well as time, resulting in a decreased cost of 20%. It has provided better quality and improved detection capabilities.
Which other solutions did I evaluate?
The organization often compares Graylog Enterprise with other SIEM and detection solutions tools based on the integration, and it is upon leadership's decision.
What other advice do I have?
If others are looking into using Graylog Enterprise and have multiple log sources that they need to monitor and correlate, I would recommend Graylog Enterprise. It is a good product, allowing them to ingest all the logs into a single platform where they can search, triage, create rules, and monitor every alert.
Graylog Enterprise is a good, secure SIEM platform with mature investigation capabilities that works best when integrated into multiple log sources. I rate this product an eight out of ten.
Which deployment model are you using for this solution?
On-premises
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
reviewer2806998
Centralized log monitoring has improved visibility and now needs richer visuals and smoother upgrades
Reviewed on Mar 04, 2026
Review provided by PeerSpot
What is our primary use case?
I remember using Graylog Enterprise in the past at a software house where we used it for logging. During that time, we were using Graylog Enterprise as a log aggregator, collecting logs from multiple systems and then exporting and visualizing them within Graylog.
We had multiple Linux-based machines, and we were trying to capture the logs from the systems and export them into Graylog so that they could be centrally visualized. Graylog Enterprise was deployed on-premises in a private cloud.
What is most valuable?
In my experience, if I compare Graylog Enterprise with the ELK stack, I can see that Graylog is way easier to set up and has a great, good-looking UI. These are the things where I could see Graylog as a lightweight tool with more flexibility in terms of setting it up compared to alternatives such as ELK.
In the case of Elasticsearch, multiple separate components are needed. However, in the case of Graylog Enterprise, there was only one binary that we used to install on the machines.
Graylog Enterprise has positively impacted my organization by enhancing visibility through improved monitoring capabilities and getting logs from all the machines, which contributed to enhanced visibility and monitoring. We had over 500 virtual machines, and monitoring the logs by going to each virtual machine was tedious in the past. With Graylog, all the logs from those 500 machines were centralized in one Graylog Enterprise system. From there, it was very easy to query the logs and see the patterns, and thus the monitoring was significantly enhanced.
With Graylog Enterprise, monitoring improved by up to 80 percent because of having all the logs centralized. Users or engineers would not have to SSH on each node to see the logs, meaning monitoring or visibility got improved by 80 percent or more.
What needs improvement?
The documentation for Graylog Enterprise can be improved, as this has been a pain point.
I think the visualization aspect of Graylog Enterprise can be made more rich, similar to what we have in Grafana . If upgrades could be made more smooth, as we encountered fragile upgrades while doing upgrades in the past, then I think that could be great.
For how long have I used the solution?
I used Graylog Enterprise in the past for one year.
What do I think about the stability of the solution?
Graylog Enterprise is stable.
How are customer service and support?
The customer support for Graylog Enterprise was good and responsive.
Which solution did I use previously and why did I switch?
I previously used Splunk and ELK as well, but they were with a different employer. It was never a situation where Graylog Enterprise was introduced as a replacement for other tools; the employer I was talking about was primarily using it.
What's my experience with pricing, setup cost, and licensing?
I am not sure about the pricing, setup cost, and licensing because that was dealt with by a different team that handled the licensing and procurement.
Which other solutions did I evaluate?
No options were evaluated before choosing Graylog Enterprise.
What other advice do I have?
I would say it depends on the scenario. If you have logs and want to have an easier setup, then Graylog Enterprise is the best choice. However, if you go towards a more complex architecture, then you could use other options such as ELK or Splunk. Graylog Enterprise, as far as logging is concerned, in terms of a small-scale setup and ease of use, is the best choice to go with. My overall rating for Graylog Enterprise is 7 out of 10 because of its flexibility and lightweight nature.
The advice I would give to others looking into using Graylog Enterprise is to ensure that the data they are collecting is actually in a proper format so that it can be viewed more clearly within Graylog Enterprise's interface, focusing on the formatting of the data.
NicolaeCIornii
Log analysis has become clearer and faster but visualization and extensibility still need work
Reviewed on Jan 09, 2026
Review from a verified AWS customer
What is our primary use case?
We are working with Splunk Enterprise Security . I use it in the company. I am only using this Splunk product.
What is most valuable?
It is easier to find some issues, and if I find some issues, then it is easier to resolve them. It is not so difficult.
We stopped using Graylog Enterprise because we found some issues with logs that came through, and they were too difficult to parse. We saw that it was better to use Splunk. It is better because it has an analysis algorithm and can also draw graphics with some help with this. To use Graylog Enterprise , we needed to import another system that collects and correlates the logs to see the statistics.
I did not find the alerting systems in Graylog Enterprise adequate to maintain operational efficiency. It was acceptable, but our company is developing, so we needed to improve and see different analysis and different ways to see the data. For this reason, we decided to buy a new SIEM platform where we could improve some additional features.
What needs improvement?
The problem was with the complexity and the cost to add extensions. We found this very expensive to buy another version with additional features.
I think that Graylog Enterprise does not have customizable dashboards. I did not see them in Graylog Enterprise because most of the time we used the open source free version, which is limited.
I think Graylog Enterprise should improve some things that they have in the paid version and perhaps provide users with a menu that gives examples of parsing logs and draws graphics so that people do not need to improve another system such as Grafana . This would be interesting.
When it comes to functionalities, I found the log management in Graylog Enterprise acceptable. It is very simple to use and to collect logs. It has support for different protocols and different ports, and the sidecar is easy to use. However, in visualization, I think it needs to be much better.
For how long have I used the solution?
I have been working with Graylog Enterprise for about two to three years.
How are customer service and support?
I never contacted technical support by Graylog Enterprise.
How would you rate customer service and support?
Negative
Which solution did I use previously and why did I switch?
We stopped work with Graylog Enterprise and now we use another SIEM platform. We do not use Graylog Enterprise anymore. We stopped using Graylog Enterprise and switched to Splunk about seven to eight months ago.
Which other solutions did I evaluate?
We also tried Wazuh and QRadar.
What other advice do I have?
We are now working with Splunk and Wazuh . We used Graylog Enterprise for log management. I did not utilize Graylog Enterprise's advanced search capabilities. When we installed and used Graylog Enterprise, it was sufficient. If I were to give a mark, it would be around seven to eight, or perhaps 7.5. We only used Graylog Enterprise for log management, and for this, I did not use anything. All that I did was manually follow the logs, take them manually, and do some parsing to see them in a better way. I think for this open source product with limited features, for a middle-sized company, it would be around nine, or perhaps even ten. I would rate this review a 7.5 overall.
Which deployment model are you using for this solution?
On-premises
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Gavrav Pawar
Centralized logs have streamlined deployment validation and simplified daily troubleshooting
Reviewed on Jan 08, 2026
Review provided by PeerSpot
What is our primary use case?
We have various environments, including UAT, SIT, Dev, and Production, with automated deployments. We refer to Graylog Enterprise to verify if deployments have completed, check their status if they have failed, and determine what version is currently running.
Some team members from the QA team are unable to see the exact version or the newer version. We use Graylog Enterprise to check if the deployment is done, identify what version has been deployed, and determine on what date the environment was updated.
We provide variables to fit in the relevant section and select the appropriate one, such as the environment and what we need to check. This is the main feature I appreciate about Graylog Enterprise. Whatever we select, such as the database name or environment name, all the information appears, including the date of the last deployment and related details.
Troubleshooting is straightforward with Graylog Enterprise. Whenever we encounter an issue, whether from the QA team or other team members, we use it to troubleshoot the specific problem and implement a fix.
During deployments, we fix issues as quickly as possible using Graylog Enterprise. When team members from the QA team inform us that something is not working or an environment is down, we access Graylog Enterprise to verify if the deployment has been completed and check exactly what version is running.
We receive approximately 15 to 16 daily requests, and we resolve them through Graylog Enterprise.
What is most valuable?
We have been using Graylog Enterprise for the last two years. Graylog Enterprise is deployed in our organization as a private cloud solution.
What needs improvement?
There are many other applications in the market that influenced my rating reduction.
reviewer2789460
Centralized logging has improved alerting and simplifies identifying issues across services
Reviewed on Dec 22, 2025
Review from a verified AWS customer
What is our primary use case?
Graylog Enterprise is the logging and management tool we initially used, but later we stopped using it and switched to Loki, Grafana Loki for the logs. Eventually, we moved back to Graylog Enterprise after approximately one year.
The main use case for Graylog Enterprise is that we primarily use it for our enterprise logs. We have around 11 services, so we use it to collect all of our logs in one location. We use it for both QA and production environments.
A specific example of how we use Graylog Enterprise in our environment is that we have multiple logins for our MDM solution, a mobile device management solution. Since it is an enterprise application, we generally use Graylog to retrieve the logs and determine if there is an error or any downtime. Graylog Enterprise has been very helpful in identifying issues and is also extremely valuable for handling high-volume log throughput. The cost-effectiveness of Graylog Enterprise has been particularly beneficial to us.
What is most valuable?
The standout features that make Graylog Enterprise valuable for my team are particularly helpful for Site Reliability Engineers, IT, and DevOps security, as it delivers excellent functionality without extreme cost. Its alerting system and notification capabilities really help us, as we use Slack to receive alerts from Graylog Enterprise. Additionally, the data management and the pipeline to transform and categorize the logs as they flow in are valuable. The best feature of Graylog Enterprise is its high-performance search engine that provides fast, flexible, and scalable analysis of machine data or pod data.
When there is any error, bug, or downtime, Graylog Enterprise sends us an alert to Slack, so we can immediately investigate and find what the issue is, whether it is with the pipeline or within a service. We can determine exactly what happened and why it is causing the downtime. If we need to spin up more pods or if it needs more memory or CPU usage, we take the appropriate initiative based on that assessment.
Graylog Enterprise has positively impacted my organization by significantly minimizing our workload and making it easier to identify any issues in a service. It features good custom dashboards, visualization, and good search capability as well.
What needs improvement?
I do not have any specific examples or numbers, such as time saved or incidents to share. Currently, I have no suggestions for how Graylog Enterprise can be improved, as there are no pain points or features I wish were better.
For how long have I used the solution?
I have been working in my current field for around 2.3 years.
What other advice do I have?
Graylog Enterprise is cost-effective, but when compared with Elasticsearch, it can be more costly. I chose a rating of nine out of ten because there is not much that I would change to make it a perfect ten for me. I suggest using Graylog Enterprise, as it really helps to maintain and use everything effectively, ensuring the sustainability and health of the pods. My overall review rating for Graylog Enterprise is nine out of ten.
Which deployment model are you using for this solution?
Private Cloud