Sold by: Graylog, Inc.
Deployed on AWS
Are you tired of feeling overwhelmed by your organization's event and audit logs? Look no further than Graylog! Our cutting-edge SIEM + Centralized Log Management (CLM) solution harnesses the power of your logs to provide the data, insights, and answers you need to tackle today's Cybersecurity, Compliance, IT Ops, and DevOps challenges, as well as those of tomorrow.
3.9
Overview
Graylog Security is SIEM Without Compromise Graylog Security combines SIEM, analytics, investigation, and anomaly detection in a single solution so analysts can detect and respond to threats faster while reducing risks from insider and credential-based attacks.
Graylog Operations is Log Management Done Right Graylog Operations delivers fast, scalable centralized log management that turns raw data into clear visibility. IT, Network, and DevOps teams quickly identify and resolve issues that impact performance and business continuity.
Why Customers Choose Graylog
GREAT ANALYST EXPERIENCE: Integrated search, dashboards, and alerts make data exploration simple and productive. New AI-driven dashboard summaries, thresholds, and annotations highlight what matters most.
SPEED & SCALE: Search terabytes in milliseconds without proprietary query languages, keeping investigations fast and efficient.
CLOUD OR ON-PREM: Full functionality in either deployment with predictable TCO and deployment flexibility.
COMPREHENSIVE: Everything mid-sized enterprises need for SIEM and threat hunting in one product without add-ons or hidden costs.
OPEN PLATFORM: Open-source heritage and seamless integrations with REST API, forwarders, and AWS OpenSearch.
AWS SECURITY LAKE INTEGRATION: Fine-grained controls for previewing, filtering, and retrieving logs ensure cost-effective access to the right cloud data while reducing unnecessary storage and license costs.
Highlights
- Gain meaningful insights and answers from your event log data so your IT, DevOps, and Security professionals can identify performance and cyber issues faster, make informed decisions quicker, and improve key metrics like Mean-Time-to-Detect (MTTD) and Mean-Time-To-Respond (MTTR).
- Lightning-fast search and filter capabilities allow you to parse terabytes of log data in seconds for faster troubleshooting.
- Increase productivity with powerful automation capabilities.
Details
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months |
|---|---|---|
Graylog Security Unit | Graylog Security | $0.001 |
Graylog Operations Unit | Graylog Operations | $0.001 |
Vendor refund policy
As defined in EULA
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Vendor resources
Support
Vendor support
The mission of Graylog Support is to build competence, capability, and confidence in Graylog within our broad base of Customers and Partners. Your successful adoption and acceleration of Graylog as a solution within your business is a fundamental driver behind what we do and how we do it. Experience our first-class support at https://www.graylog.org/technical-support/ .
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
By Uniphore
U-Analyze efficiently analyzes 100% of all customer interactions across voice, chat and email for a deeper understanding of customer needs, preferences and behaviors.
By Siemens Digital Industries Software
Manage, exchange and report CO2 data for industrial products (Product Carbon Footprint). Explore SaaS delivery of the full Siemens SiGREEN portfolio, including PCF estimation capabilities and CBAM compliance.
By CloudDefense
Protect your Applications & Cloud Infrastructure from attackers by leveraging CloudDefense.AI's ACS patented technology. Presenting our NextGen Intelligent platform CloudDefense ACS with inbuilt advanced AI & ML to secure the Cloud infrastructure also continuous monitoring & complying to regulatory requirements.
Customer reviews
NicolaeCIornii
Log analysis has become clearer and faster but visualization and extensibility still need work
Reviewed on Jan 09, 2026
Review from a verified AWS customer
What is our primary use case?
We are working with Splunk Enterprise Security . I use it in the company. I am only using this Splunk product.
What is most valuable?
It is easier to find some issues, and if I find some issues, then it is easier to resolve them. It is not so difficult.
We stopped using Graylog Enterprise because we found some issues with logs that came through, and they were too difficult to parse. We saw that it was better to use Splunk. It is better because it has an analysis algorithm and can also draw graphics with some help with this. To use Graylog Enterprise , we needed to import another system that collects and correlates the logs to see the statistics.
I did not find the alerting systems in Graylog Enterprise adequate to maintain operational efficiency. It was acceptable, but our company is developing, so we needed to improve and see different analysis and different ways to see the data. For this reason, we decided to buy a new SIEM platform where we could improve some additional features.
What needs improvement?
The problem was with the complexity and the cost to add extensions. We found this very expensive to buy another version with additional features.
I think that Graylog Enterprise does not have customizable dashboards. I did not see them in Graylog Enterprise because most of the time we used the open source free version, which is limited.
I think Graylog Enterprise should improve some things that they have in the paid version and perhaps provide users with a menu that gives examples of parsing logs and draws graphics so that people do not need to improve another system such as Grafana . This would be interesting.
When it comes to functionalities, I found the log management in Graylog Enterprise acceptable. It is very simple to use and to collect logs. It has support for different protocols and different ports, and the sidecar is easy to use. However, in visualization, I think it needs to be much better.
For how long have I used the solution?
I have been working with Graylog Enterprise for about two to three years.
How are customer service and support?
I never contacted technical support by Graylog Enterprise.
How would you rate customer service and support?
Negative
Which solution did I use previously and why did I switch?
We stopped work with Graylog Enterprise and now we use another SIEM platform. We do not use Graylog Enterprise anymore. We stopped using Graylog Enterprise and switched to Splunk about seven to eight months ago.
Which other solutions did I evaluate?
We also tried Wazuh and QRadar.
What other advice do I have?
We are now working with Splunk and Wazuh . We used Graylog Enterprise for log management. I did not utilize Graylog Enterprise's advanced search capabilities. When we installed and used Graylog Enterprise, it was sufficient. If I were to give a mark, it would be around seven to eight, or perhaps 7.5. We only used Graylog Enterprise for log management, and for this, I did not use anything. All that I did was manually follow the logs, take them manually, and do some parsing to see them in a better way. I think for this open source product with limited features, for a middle-sized company, it would be around nine, or perhaps even ten. I would rate this review a 7.5 overall.
Which deployment model are you using for this solution?
On-premises
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Gavrav Pawar
Centralized logs have streamlined deployment validation and simplified daily troubleshooting
Reviewed on Jan 08, 2026
Review provided by PeerSpot
What is our primary use case?
We have various environments, including UAT, SIT, Dev, and Production, with automated deployments. We refer to Graylog Enterprise to verify if deployments have completed, check their status if they have failed, and determine what version is currently running.
Some team members from the QA team are unable to see the exact version or the newer version. We use Graylog Enterprise to check if the deployment is done, identify what version has been deployed, and determine on what date the environment was updated.
We provide variables to fit in the relevant section and select the appropriate one, such as the environment and what we need to check. This is the main feature I appreciate about Graylog Enterprise. Whatever we select, such as the database name or environment name, all the information appears, including the date of the last deployment and related details.
Troubleshooting is straightforward with Graylog Enterprise. Whenever we encounter an issue, whether from the QA team or other team members, we use it to troubleshoot the specific problem and implement a fix.
During deployments, we fix issues as quickly as possible using Graylog Enterprise. When team members from the QA team inform us that something is not working or an environment is down, we access Graylog Enterprise to verify if the deployment has been completed and check exactly what version is running.
We receive approximately 15 to 16 daily requests, and we resolve them through Graylog Enterprise.
What is most valuable?
We have been using Graylog Enterprise for the last two years. Graylog Enterprise is deployed in our organization as a private cloud solution.
What needs improvement?
There are many other applications in the market that influenced my rating reduction.
reviewer2789460
Centralized logging has improved alerting and simplifies identifying issues across services
Reviewed on Dec 22, 2025
Review from a verified AWS customer
What is our primary use case?
Graylog Enterprise is the logging and management tool we initially used, but later we stopped using it and switched to Loki, Grafana Loki for the logs. Eventually, we moved back to Graylog Enterprise after approximately one year.
The main use case for Graylog Enterprise is that we primarily use it for our enterprise logs. We have around 11 services, so we use it to collect all of our logs in one location. We use it for both QA and production environments.
A specific example of how we use Graylog Enterprise in our environment is that we have multiple logins for our MDM solution, a mobile device management solution. Since it is an enterprise application, we generally use Graylog to retrieve the logs and determine if there is an error or any downtime. Graylog Enterprise has been very helpful in identifying issues and is also extremely valuable for handling high-volume log throughput. The cost-effectiveness of Graylog Enterprise has been particularly beneficial to us.
What is most valuable?
The standout features that make Graylog Enterprise valuable for my team are particularly helpful for Site Reliability Engineers, IT, and DevOps security, as it delivers excellent functionality without extreme cost. Its alerting system and notification capabilities really help us, as we use Slack to receive alerts from Graylog Enterprise. Additionally, the data management and the pipeline to transform and categorize the logs as they flow in are valuable. The best feature of Graylog Enterprise is its high-performance search engine that provides fast, flexible, and scalable analysis of machine data or pod data.
When there is any error, bug, or downtime, Graylog Enterprise sends us an alert to Slack, so we can immediately investigate and find what the issue is, whether it is with the pipeline or within a service. We can determine exactly what happened and why it is causing the downtime. If we need to spin up more pods or if it needs more memory or CPU usage, we take the appropriate initiative based on that assessment.
Graylog Enterprise has positively impacted my organization by significantly minimizing our workload and making it easier to identify any issues in a service. It features good custom dashboards, visualization, and good search capability as well.
What needs improvement?
I do not have any specific examples or numbers, such as time saved or incidents to share. Currently, I have no suggestions for how Graylog Enterprise can be improved, as there are no pain points or features I wish were better.
For how long have I used the solution?
I have been working in my current field for around 2.3 years.
What other advice do I have?
Graylog Enterprise is cost-effective, but when compared with Elasticsearch, it can be more costly. I chose a rating of nine out of ten because there is not much that I would change to make it a perfect ten for me. I suggest using Graylog Enterprise, as it really helps to maintain and use everything effectively, ensuring the sustainability and health of the pods. My overall review rating for Graylog Enterprise is nine out of ten.
Which deployment model are you using for this solution?
Private Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
reviewer2704128
Robust event correlation enhances operations, yet integration scope can broaden for seamless data handling
Reviewed on May 09, 2025
Review provided by PeerSpot
What is our primary use case?
What is most valuable?
The features and capabilities of Graylog that we have found most valuable are related to its basis on open search, which was ElasticSearch. We appreciate being able to integrate custom feeds and do custom parsers, and to be able to do some of the correlation on it. That all works effectively.
The Graylog features that have proven to be most beneficial for our data analysis in particular are that we tend to use it as a big data store, so we have the correlation rules that, if something matches under certain conditions, it raises an alarm. We use it for investigating problems and problem management. We throw all the information at it, we have it alerting for certain conditions, but generally we use it for deep diving into issues as needed.
What needs improvement?
The area in Graylog that needs to be improved or enhanced would be the integrations. It would be useful to have more parsers and filters for different types of systems, which is growing, but we still find many systems that there aren't any, and we have to create our own. Having a library of parsers would help. Mainly, it's about integrations: being able to parse different sources and output to different systems easier.
For how long have I used the solution?
I have been working with Graylog for about 8 years or so. That is quite a while.
What do I think about the stability of the solution?
I rate the stability of Graylog as very stable, probably a nine out of ten.
What do I think about the scalability of the solution?
On a scale from 1 to 10, where 10 is the highest level of scalability, I would rate Graylog's scalability as an eight. I think Graylog itself is scalable, but where it needs improvement is around the underlying features of open search, particularly concerning data logs and things. More up-to-date documentation on how to do high ingestion and high search scenarios, including recommendations for configuration and deployment, would be useful.
How are customer service and support?
Regarding technical support for Graylog, I can't comment much because I've not had to use it. Even though we have the enterprise products, we've not needed to use technical support because we've been using Graylog for many years and can fix most problems ourselves. There are some sizing documents online, but they were a few years out of date when we looked a few months back.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
Before Graylog, we had a customer running IBM QRadar , which is a big security logging platform. We used other products such as RSyslog, Kiwi Syslog, which is Windows-based, and Syslog-ng, among others.
The decision to switch to Graylog was influenced by my appreciation of its user interface. It separates out the ingestion from the backend. For instance, if Graylog is running and you take the backend down, you don't lose events. In contrast, with RSyslog, if you turn it off, you can't do backend-frontend maintenance, which is an advantage Graylog offers. It also handles clustering nicely, making it easy to scale up quickly.
How was the initial setup?
I would rate my experience with the initial setup of Graylog on a scale of 1 to 10 as probably about a five. If someone has never used Linux before, it would be very difficult, but if you're familiar with Linux and the day-to-day things behind the scenes, it's quite straightforward. The guides online are simple, follow the guide, and you've got a system that works. There could possibly be more around improving the performance, and maybe some more up-to-date calculators on sizing because some of the sizing information we've seen previously are a few years out of date.
What about the implementation team?
For maintenance, we usually need just one or two people. We have a team of three engineers who look after it, and they rotate the maintenance responsibilities every three weeks.
What was our ROI?
The return on investment or cost savings we have seen since the deployment of Graylog is primarily in time savings, allowing our security team and IT engineers quick access to information, as it all goes to one place. It makes it quite quick to find things, enabling us to retrieve the information needed to respond swiftly.
What's my experience with pricing, setup cost, and licensing?
Which other solutions did I evaluate?
Evaluating other options before choosing Graylog was somewhat straightforward because we've been using it for some time and are confident with it. Originally, we recommended Graylog to a customer, but they chose QRadar, which is very expensive and didn't scale as effectively. Eventually, we put Graylog next to QRadar because QRadar couldn't keep up.
What other advice do I have?
My impression of the overall visibility of Graylog is good. In the past few years, as it's transitioning from just an open-source product into more of an enterprise solution, they're trying to grow into that area and do more in the API space. I think it will get better, particularly for orchestration pieces. That's probably its weaker area compared to some of the other products such as Microsoft Sentinel or Log Analytics, where they have more hooks into different products. I appreciate that Graylog is moving towards that, and it's quite simple to get it stood up quickly. We have used it during security incidents with customers, and we have spun up a separate Graylog instance to help them with ransomware type issues.
Graylog has supported our compliance and security monitoring activities because, for one of our customers who falls under the NIST 2 regulation due to critical infrastructure, we heavily use it for that side. However, for the rest, we don't tend to use it for compliance really. A lot of that's handled separately, so it's not really an area we do much with Graylog at the moment, but it could be something that we could do more with in the future.
Graylog is not assisting us with our AI-driven data analysis or any operations with AI at the moment, but it could be something that we could do in the future.
Currently, about 10 people are using Graylog in our company.
We have plans to use Graylog more in the future as we deploy more. We run a private cloud for different platforms, and our intention is to have all of those systems folding their events into Graylog.
Overall, I would rate Graylog at about a seven or eight. The only downside is some of the integrations; if it had more integrations, it would be easier to work with other tools. Contextually, they're transitioning from an open-source background to a more enterprise-oriented space, which understandably takes time.
Ivan Kokalovic
Facilitates backend service monitoring with efficient log retrieval and API flexibility
Reviewed on Apr 23, 2025
Review provided by PeerSpot
What is our primary use case?
In my opinion, the best use case for Graylog is for backend services due to its excellent real-time updates. It is especially effective with strong type languages, like Java or C++. The streaming of messages happens with the GELF protocol over UDP, making it quite fast. Deploying Graylog into a Docker image where microservices are placed allows for easy log retrieval. Logs from different Docker machines can be combined into one Graylog instance, providing a complete view of backend behavior for both developers and customer support teams.
What is most valuable?
Graylog is valuable because it bridges technical knowledge to non-technical teams, presenting complex backend processes in a simple timeline. It boosts the knowledge of sales and customer support teams by allowing them to see the backend operations without needing to read the code. Its API is flexible for visualization, and its powerful search engine efficiently handles large volumes of log data. Moreover, its stability, fast search capabilities, and compatibility with languages like ANSI SQL enhance its utility in IT infrastructure.
What needs improvement?
An improvement I would suggest is in Graylog's user interface, such as allowing for font size adjustments. A potential enhancement could be the integration with Ollama to run large language models locally, maintaining high privacy standards.
For how long have I used the solution?
I have been using Graylog for three years.
What was my experience with deployment of the solution?
Deploying Graylog required about one week of preparation to evaluate the best setup, especially regarding Docker integration and the computing power requirements for scalability.
What do I think about the stability of the solution?
Graylog is very stable and capable of handling millions of messages without sudden shutdowns or service interruptions.
What do I think about the scalability of the solution?
Deploying on the cloud for Graylog is advisable due to its need for scalability under varying message loads. Graylog offers the capability to withstand large volumes of data, adapting to fluctuating inflows.
How are customer service and support?
I never personally reached out to Graylog technical support. I mostly relied on documentation to address my needs, which was adequate for my purposes.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
I used my own logging service, Elasticsearch, and OpenSearch before transitioning to Graylog. OpenSearch was not as intuitive and had a steeper learning curve compared to Graylog.
How was the initial setup?
The initial setup of Graylog was straightforward, provided the codebase was prepared for logging. The documentation, although not visually appealing, was informative and helpful.
What's my experience with pricing, setup cost, and licensing?
I am not familiar with the pricing details of Graylog, as I was not responsible for that aspect. It was determined that we didn't need an enterprise plan, which is more suited for clients with less programming capabilities.
Which other solutions did I evaluate?
I evaluated Datadog among other solutions, but its pricing model deterred me since I preferred a solution like Graylog, which allowed testing without initial payment.
What other advice do I have?
I would recommend Graylog for its stability, API capabilities, and fast search engine. However, it's not ideal for developers lacking in setting up comprehensive logging in their codebase. I rate Graylog an eight out of ten.