Agent Mode
English
    Listing Thumbnail

    Graphistry Core

     Info
    Sold by: Graphistry 
    Deployed on AWS
    100X Investigative power with Graphistry's best-in-class visual graph analytics and investigation automation. Start surfacing the stories in your data with GPU-accelerated visual analytics, enterprise-grade graph support, point-and-click automation, RAPIDS GPU Jupyter notebooks, and web developer AP

    Overview

    Try agent mode
    Create proposal
    Ask question
    Play video

    Product video

    Investigate and automate with best-in-class GPU visual graph analytics and automation. Whether you are an analyst, researcher, or developer, explore your data as a graph with a few nodes and edges.. to millions!

    AWS MARKETPLACE

    • Private: Runs in your AWS account
    • Starts at $1.47/hr for individuals: g4dn.xlarge
    • Pay-as-you-go: Part of your regular AWS bill; stop/start AMI to toggle utilization
    • Contact for tailored discounts
    • AWS-Ready: Drivers, patches, log forwarding, auto-healing, TLS, & more

    2.0 ENGINE W/ RAPIDS

    • Multi-GPU client/coud
    • Rich visual analytics: Point-and-click time bars, search, coloring, clustering, & more
    • Explore CSVs, Splunk/ELK/Kusto, SQL/Spark/Impala, Neo4j/Neptune/JanusGraph/TigerGraph/DSE Graph, Pandas/NetworkX, & more

    FOR ANALYSTS

    • Go from raw data to insights
    • Explore data that is non-graph, large, or complex
    • Save, share, and embed your sessions
    • Automate without coding by turning any investigation into a template
    • Jupyter notebooks setup with secure login, PyGraphistry, Nvidia RAPIDS, & examples

    FOR DEVELOPERS

    • Python, JS, React, & REST (all languages)
    • Embed stunning and full-featured visual graph analytics
    • Embed automation deep links anywhere
    • Prototype and iterate same-day with PyGraphistry

    For enterprise teams needing on-prem, airgapping, orchestration, and support services such as resiliency, solutions, & training, see our homepage.

    Launch walkthrough: https://www.graphistry.com/blog/marketplace-tutorial 

    Highlights

    • Connect, explore, correlate, and automate without coding
    • Scale with the only GPU client<>cloud engine
    • Rapidly prototype with secured RAPIDS-ready Jupyter notebooks and web embedding APIs

    Details

    Sold by
    Graphistry 
    Categories
    Security 
    Business Intelligence & Advanced Analytics 
    Log Analysis 
    Delivery method
    Delivery option
    64-bit (x86) Amazon Machine Image (AMI)
    Latest version
    Operating system
    Ubuntu 22.04.4 LTS
    Deployed on AWS
    New

    Introducing multi-product solutions

    You can now purchase comprehensive solutions tailored to use cases and industries.

    Learn more 
    Explore multi-product solutions
    Multi-product solutions

    Features and programs

    Financing for AWS Marketplace purchases

    AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
    Financing for AWS Marketplace purchases
    View financing details

    Pricing

    Graphistry Core

     Info
    View purchase options
    Pricing is based on actual usage, with charges varying according to how much you consume. Subscriptions have no end date and may be canceled any time. Alternatively, you can pay upfront for a contract, which typically covers your anticipated usage for the contract duration. Any usage beyond contract will incur additional usage-based costs.
    Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator  to estimate your infrastructure costs.

    Usage costs (12)

     Info
    Dimension
    Cost/hour
    g4dn.2xlarge
    Recommended
    $10.00
    g4dn.4xlarge
    $10.00
    p3dn.24xlarge
    $26.20
    g4dn.8xlarge
    $10.00
    p3.2xlarge
    $10.00
    p3.16xlarge
    $26.20
    p4d.24xlarge
    $26.20
    g4dn.metal
    $26.20
    p3.8xlarge
    $18.20
    g4dn.xlarge
    $1.47

    Vendor refund policy

    No refunds

    How can we make this page better?

    Tell us how we can improve this page, or report an issue with this product.
    Tell us how we can improve this page, or report an issue with this product.

    Legal

    Vendor terms and conditions

    Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .

    Content disclaimer

    Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.

    Usage information

     Info

    Delivery details

    64-bit (x86) Amazon Machine Image (AMI)

    Amazon Machine Image (AMI)

    An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.

    Version release notes

    v2.50.7 - 2026.06.03

    Features

    • GFQL Cypher and DAG Query Support - Cypher queries and complex GFQL operations via API
      • was: GFQL endpoints only accepted JSON arrays of operations ([{"type": "Node", ...}]). No Cypher strings or DAG patterns (Let/Ref bindings).
      • now: /datasets/<id>/gfql/<type> and UDF GFQL endpoints accept Cypher strings (auto-compiled), dict-style GFQL ops (Let/Ref DAG patterns), and the existing JSON array. New gfql_query field alongside gfql_operations (backward compatible). Auto-detects JSON/Cypher/native dict.
      • status: released | action: none required. Existing API consumers unaffected.
      • impact: API consumers and UDF authors can submit Cypher or complex DAG patterns directly, matching pygraphistry 0.53.5+.
    • Local Worker Affinity for ETL - ~2x speedup on multi-node deployments
      • was: forge-etl-python submitted dask jobs without preferring any worker. On multi-node clusters ~half of submissions landed remote, forcing partitioned graphs (~256 MiB/partition) across the cluster network before compute -- doubling effective ETL latency.
      • now: forge-etl-python hints the scheduler to prefer the same-pod dask-cuda-worker. Soft hint -- falls back to a remote worker if the local one is busy or down.
      • status: released | action: set GRAPHISTRY_DASK_LOCAL_AFFINITY=1 on forge-etl-python containers in multi-node Kubernetes. The Helm chart sets this on the engine DaemonSet automatically; compose/single-node leave it unset.
      • impact: Multi-node Kubernetes with the engine DaemonSet topology. ~2x validated at 4/92/512 MiB uploads; no effect single-node/compose. Grep fep logs for local-worker affinity to confirm.
    • Talk2Graph - In-product chat panel linking visualizations to a Louie LLM agent
      • new capability: viewers open a chat panel in any visualization and ask natural-language questions. An embedded MCP server in streamgl-viz exposes structured tools to Louie (list/summarize sessions, run GFQL/Cypher, create/reset coloured collections, community-detection summaries); responses stream back in.
      • status: released | action: off by default. Enable per user/group in Django admin Waffle Flags via flag_talk2graph. For an external Louie set GRAPHISTRY_LOUIE_URL (and GRAPHISTRY_LOUIE_AUTH_*) in custom.env. nginx proxies /mcp to streamgl-viz:3100 (internal in prod; dev compose publishes it).
      • impact: All deployments; no behaviour change until enabled. Every MCP tool call requires the viewer's JWT and is scoped to their own sessions. Compatible with pm2 cluster mode (STREAMGL_CPU_NUM_WORKERS > 1) via the existing redis.
      • note: New custom.env vars: GRAPHISTRY_LOUIE_URL, _AUTH_HOST, _AUTH_USERNAME, _AUTH_PASSWORD, _ORG_ID, _ORG_SLUG, GRAPHISTRY_MAX_COLLECTIONS (10), GRAPHISTRY_MCP_DEDUP_MS (30000), GRAPHISTRY_MCP_PORT (3100).

    Fix

    • Node and Edge Picking - Expanded picking capacity and fixed reliability
      • was: GPU picking used a 23-bit index encoding (~8M elements) relying on alpha blending, which corrupted the alpha channel and needed a fragile shader byte-swizzle. Could silently return wrong nodes/edges on large graphs.
      • now: 31-bit encoding with dedicated shaders, blending disabled. Capacity ~8M -> ~2B elements; no alpha corruption. POI labels use the new shaders too.
      • status: fixed | action: none required
      • impact: All users -- reliable hover/click on large graphs, correct POI labels, no silent failures past ~8M elements.
    • Color Encoding - Fix categorical column handling on RAPIDS 26.02
      • was: Categorical color columns could fail with "Gather map is out of bounds". The prior fix only handled JS null (255), but cudf 26.02 strict bounds checking rejects any out-of-range code.
      • now: All out-of-range categorical codes are treated as null before decoding (255 and any other invalid code).
      • status: fixed | action: none required.
      • impact: All GPU deployments -- categorical color datasets load correctly on RAPIDS 26.02.
    • SSO Login - Fix missing active_organization in JWT response
      • was: SSO via OIDC could return a JWT without active_organization when session cycling cleared the org slug before JWT creation; pygraphistry 0.45.10+ then crashed. Several org lookups had no error handling and 500'd on deleted/renamed orgs.
      • now: The SSO org is captured on the request early (before session cycling) as the primary JWT org source, with session/default fallback. All org lookups are error-handled; login failures surface user-facing messages. Signup adapter uses the same fallback.
      • status: fixed | action: none required; affected users on pygraphistry 0.45.10+ should retry (server-side fix).
      • impact: All SSO/OIDC deployments -- reliable org context in the JWT, no 500s from deleted/renamed orgs, 0.45.10+ unpinned.
    • Organization Views - Authentication consistency and duplicate-email handling
      • was: Anonymous requests to several org pages returned 500 instead of redirecting to login; inviting a user whose email existed on multiple accounts also 500'd; some org-management views lacked auth guards.
      • now: All 11 org-view dispatch() overrides redirect anonymous users to login (302); previously-unguarded views require auth; the SSO provider flag toggle requires admin. All 7 User.objects.get(email=...) sites handle duplicate emails deterministically (oldest by ID) with logging.
      • status: fixed | action: none required
      • impact: All deployments -- org pages no longer crash on anonymous access or duplicate-email users; SSO provider admin secured. Audit/dedupe any existing duplicate-email accounts.
    • Color Encoding - Fix unmapped int32 palette indices falling back to default color
      • was: int32 color values not matching valid palette indices (format k*1000 + local_index) silently fell back to color 0 (black), making unmapped elements invisible.
      • now: Unmapped int32 indices get round-robin colors from the Paired-12 palette; NaN handled gracefully (last color). default param removed from with_translated_palette_pandas.
      • status: fixed | action: none required.
      • impact: All deployments using int32 palette encoding -- out-of-range indices now show visible colors.
    • User/Password Signup - Fix signup silently failing with no error message
      • was: Username/password signup silently looped back to the form: reCAPTCHA v3 tokens grew past the 1024-char field limit and were rejected, with no non-field error shown. Separately, if reCAPTCHA passed but email confirmation failed, signup 500'd after the account was created, and retry failed. Google SSO unaffected.
      • now: reCAPTCHA token field limit removed (observed 12K+; form-only, no migration). If email confirmation fails after account creation, the user is logged in and redirected to the dashboard with a warning instead of a 500; the error is logged server-side.
      • status: fixed | action: none required; affected users should retry (server-side fix). Admins can verify orphaned accounts via Django admin.
      • impact: All deployments with Google reCAPTCHA v3. The email-confirmation fix also affects ACCOUNT_EMAIL_VERIFICATION=mandatory/optional.
    • Auth Subrequest - /users/current.json returns JSON instead of HTML on unauthenticated requests
      • was: the internal auth-check endpoint that nginx uses (via auth_request) to gate cookie-auth routes (pivot, WebSocket) returned an HTML error page instead of JSON on unauthenticated requests, producing noisy logs on every expired session.
      • now: the endpoint returns a compact JSON 403, matching the other auth-check variants.
      • status: fixed | action: none required.
      • impact: All deployments -- cleaner logs and smaller responses on unauthenticated requests to cookie-auth routes (pivot, WebSocket).
    • Concurrent Upload Race - Fix silent data loss on simultaneous uploads to the same file
      • was: Concurrent uploads to the same file_id had a check-then-act window: both callers saw the destination absent, both wrote, the second silently overwrote the first. Both got HTTP 200, but only one writer's bytes survived.
      • now: The file move is atomic; a racing second caller gets HTTP 409 instead of overwriting. Fast O(1) publish when uploads/data share a volume; copy-with-fsync across volumes (k8s separate PVCs).
      • status: fixed | action: none required. Existing uploads unaffected.
      • impact: All deployments where multiple clients can write the same file_id (retry-on-failure, multi-tenant). Eliminates a class of silent corruption.
      • note: Crash-safe (at most an orphan temp file). Assumes POSIX atomic rename/link -- use NFSv4 (NFSv3 may give a spurious 409).
    • Concurrent Metadata Writes - Fix torn writes on dataset.json under concurrent updates
      • was: dataset.json was written with a plain open-truncate-write; concurrent writers could interleave flushes, and a reader catching it mid-write parsed a half-flushed buffer as invalid JSON, causing load failures.
      • now: Atomic temp-then-rename, durably committed. Readers always see the previous or new full JSON, never a partial. Crashes leave at most an orphan temp file.
      • status: fixed | action: none required.
      • impact: All deployments. Visualizations no longer fail intermittently when metadata updates while users view the dashboard. Byte-level only; logical lost-update races still need higher-layer coordination.
    • Multi-Node Dask Workers - Fix worker name collision causing silent capacity loss
      • was: Multiple dask-cuda-worker pods on different nodes all registered as gpu-worker-N. The scheduler rejected the duplicate name and silently dropped the worker, halving capacity with no visible error.
      • now: Worker names are prefixed with the pod hostname (e.g. fatpod-bobnode-dask-cuda-worker-0), globally unique. All workers register.
      • status: fixed | action: none required. Single-worker deployments unaffected.
      • impact: All multi-node Kubernetes deployments running dask-cuda-worker as a DaemonSet/replicated workload. Full capacity restored; scheduler logs and Bokeh now show each worker's node.
    • Share Link API - Fix 500 error when updating mode without invited users
      • was: A mode-only PUT /api/v2/update/share/link/ without invited_users returned 500, yet the mode change still committed -- a server/client state mismatch.
      • now: Mode-only updates return 200 with the mode applied; invited-users processing is skipped when absent. Requests with both fields work as before. data.invited_user is now always a list.
      • status: fixed | action: no action required. Mode-only updates now receive the expected 200.
      • impact: All deployments using the share link update API.
    • Share Link API - Stop silently downgrading PRIVATE/ORGANIZATION mode requests on no-plan accounts
      • was: When a no-plan cloud org (or non-admin/staff requester) sent mode=private/organization to create/update/update-mode, the server silently rewrote it to public, persisted that, and returned 200. Any other string was persisted without a whitelist.
      • now: The three endpoints share _validate_mode_change(): unknown mode -> 422; private/organization on a no-plan cloud org by a non-admin/staff user -> 403; nothing persisted. The plan gate itself is preserved.
      • status: fixed | action: clients requesting private/organization share mode on a no-plan account now get a 403 instead of a 200 that silently downgraded to public -- inspect the response. The shipped share UI already disables those modes when the org lacks a plan.
      • impact: All deployments running the nexus share-link API.
    • ETL Memory and CPU Efficiency - lower memory/CPU footprint when shaping graphs
      • was: shaping (download, index, encode) made more passes than needed and serialized into oversized buffers, holding more host/GPU memory than necessary -- worst on large datasets and concurrent load.
      • now: same work in fewer/narrower passes -- single grouped degree pass, edge re-indexing that no longer carries every attribute column through joins, fast paths skipping null-clean/edge-prune when unneeded, dictionary-encoded string ids, right-sized buffers. Output graphs unchanged.
      • status: released | action: none required.
      • impact: All deployments; most visible on large datasets and concurrent load. Behavior change: a degree now counts an edge with one missing endpoint toward the present endpoint (was dropped).

    Security

    • AWS Instance Hardening - Sudo password required for privileged operations
      • was: The default ubuntu user on AWS inherited the Ubuntu cloud-image default of passwordless sudo (NOPASSWD).
      • now: Sudo requires a password on AWS. The initial password is the EC2 instance ID at first boot; change it with passwd after first login. systemd service now runs as root (aligned with Azure/GCP).
      • status: released | action: after launching a new AWS instance, the sudo password is the EC2 instance ID (visible in AWS console); change it on first login with passwd. Existing instances unaffected.
      • impact: All AWS deployments -- meets CE+ privileged-access compliance. Azure/GCP unaffected.
    • OpenAPI Specification - API docs and schema endpoint hardening
      • was: The schema endpoint was dev-only. A generation bug embedded the Django SECRET_KEY in the schema JSON where the endpoint was reachable. Internal schema endpoints had no access controls.
      • now: Full spec at /api/v1/schema/ (public) and /api/internal/schema/ (all endpoints, admin-only). 20+ resource groups, JWT auth endpoints, and non-REST endpoints documented. SECRET_KEY no longer appears in the schema. Internal schema protected by nginx deny rules + Django admin-only perms. Interactive docs at /api/v1/schema/swagger-ui/.
      • status: released | action: Required for any deployment whose /api/v1/schema/ or /api/internal/schema/ endpoint was ever reachable from outside the cluster: rotate DJANGO_SECRET_KEY immediately after upgrading. The key signs sessions, password-reset tokens, and CSRF tokens; treat any older deployment with a reachable schema endpoint as having had its key exposed.
      • impact: All deployments. SECRET_KEY-in-schema defect resolved.
    • FEP OpenAPI Specification - API spec generator for forge-etl-python
      • was: No machine-readable API spec for FEP (forge-etl-python) routes. Operators had no systematic way to discover FEP's endpoints or auth requirements.
      • now: A static-analysis CLI generates OpenAPI 3.1.0 specs from FEP routes + nginx config. Modes: external (18 nginx paths), internal (all 82 routes), full (auth/source annotations). Auth from nginx auth_request; schemas from Pydantic v2. CI generates specs every build (90-day artifact) and attaches fep-openapi-external.json to releases.
      • status: complete | action: none required. External spec attached to releases; run locally with bin/openapi/generate.py --mode external.
      • impact: Operators get a complete FEP endpoint inventory with auth classification and schemas; CI catches route drift.
    • UI Guide PDF - Bundled PDF.js parser replaced with browser-native viewer
      • was: The UI guide slideshow at /docs/ui/guide/ was rendered by a 2017-era Apple Keynote HTML export bundling Mozilla's PDF.js, prototype.js, and a custom WebGL transition engine.
      • now: A single merged PDF rendered by the browser-native viewer (Chrome/Edge PDFium, Firefox pdf.js, Safari WebKit). Graphistry no longer ships its own PDF parser. Text layer preserved (screen readers, search); zoom, #page=N deep-links, thumbnails, and print use the browser's built-in UI.
      • status: fixed | action: none required.
      • impact: All deployments serving /docs/ui/guide/. Legacy bookmarks (the Django route and the old static Keynote player path) continue to land on the guide.
    • Browsable API Restricted to Development - JSON-only API responses in production
      • was: Production API endpoints opened in a browser returned an interactive HTML form UI in addition to JSON.
      • now: Production returns JSON only. The in-browser HTML form UI is available only with DJANGO_DEBUG=True (development).
      • status: released | action: developers using the in-browser explorer should set DJANGO_DEBUG=True locally, or use Swagger UI at /api/v1/schema/swagger-ui/. Programmatic clients unaffected.
      • impact: All production deployments. The Swagger UI provides a richer interactive contract than the old HTML form UI and remains available everywhere.
    • Django Admin Theme Refresh - Stock Django admin styling
      • was: The Django admin used a third-party visual theme.
      • now: The Django admin uses Django's built-in styling. All pages, actions, and workflows are unchanged.
      • status: released | action: none.
      • impact: All deployments. Visual change only; functionality identical.
    • Admin URL Configurable - Move the Django admin off the default /admin/ path
      • was: The Django admin was hardcoded at /admin/ on every deployment.
      • now: Operators can relocate it by setting DJANGO_ADMIN_URL=secret-ops/. Default remains admin/. Input is normalized (whitespace/slashes trimmed, trailing slash ensured, empty falls back) so a typo cannot mount it at the site root or lock operators out.
      • status: released | action: Optional. Set DJANGO_ADMIN_URL=<your-path>/ on the nexus container. Pair with IP allowlisting or VPN gating at the reverse proxy.
      • impact: All deployments. Default behavior unchanged. Defense-in-depth, not a substitute for strong admin authentication.
    • Cookie Configuration - Unified Secure/SameSite across all auth cookies, simpler HTTPS opt-in
      • was: COOKIE_SECURE/COOKIE_SAMESITE applied to sessionid/csrftoken but not graphistry_jwt (issued separately; SameSite always Lax), breaking some cross-origin iframe flows. COOKIE_SECURE defaulted False, needed even with DJANGO_SECURE_SSL_REDIRECT=True.
      • now: Both apply uniformly to all three cookies. COOKIE_SECURE derives from DJANGO_SECURE_SSL_REDIRECT. COOKIE_SAMESITE auto-derives None when secure (cross-origin iframe) else Lax; override allowed. Boot-time guard rejects SAMESITE=None without SECURE=True.
      • status: released | action: none for plain-HTTP. DJANGO_SECURE_SSL_REDIRECT=True deployments no longer need to also set COOKIE_SECURE=true. TLS-at-LB/ingress deployments still set it without DJANGO_SECURE_SSL_REDIRECT.
      • impact: All deployments. Verify at /docs/api/2/rest/sso/#cross-origin-iframe.
    • CORS Allowlist Env Var - Operator control over cross-origin API access
      • was: CORS behavior was not configurable via env var.
      • now: CORS_ALLOWED_ORIGINS=<https://app.example.com>,<https://other.example.com> in data/config/custom.env allowlists origins for browser cross-origin access.
      • status: released | action: none for typical deployments (SDK uploads, nexus dashboard, iframe embeds of graph.html unchanged). Set only if your deployment has a separate customer frontend host issuing browser fetches against the REST API.
      • impact: All deployments. Not a breaking change; documented in the custom.env template.
    • API Rate Limiting - Per-client request rate limiting at the nginx reverse proxy
      • was: No server-side request rate limiting in front of the API, so a single client's request volume against any proxied endpoint was unbounded.
      • now: A server-level nginx limit applies to every proxied backend (nexus, pivot, streamgl, forge-etl-python, graph-app-kit, notebook). Keyed on the client IP after X-Forwarded-For resolution. Defaults: 60 rps per client, burst 120, no queueing (excess -> HTTP 429, logged).
      • status: released | action: review the defaults. Env vars: NGINX_RATE_LIMIT_ENABLED (true), _RPS (60), _BURST (120), _EXEMPT_CIDRS (empty CSV of bypass CIDRs). Raise RPS/BURST for single-host batch ingest; for internal traffic set EXEMPT_CIDRS to the narrowest trusted CIDR. Disabled in dev/CI. Restart nginx to apply (not -s reload).
      • impact: All enterprise deployments. Defaults absorb typical SPA cold-load fan-out. forge-etl-python callbacks route direct to nexus, bypassing the limit.
      • note: k8s: if the ingress strips X-Forwarded-For, nginx sees the ingress pod IP for every client; broad-RFC1918 EXEMPT_CIDRS silently bypasses the limit for all -- restrict to the narrowest internal CIDR or set fwdHeaders: true.

    Infra

    • CUDA 13 Support - Next-generation NVIDIA GPU build support
      • was: CUDA 12.8 default, legacy CUDA 11.8, both on RAPIDS 25.02 base image.
      • now: CUDA 13 default, CUDA 12 alternative, both on RAPIDS 26.02 base image. CUDA 11.8 and 12.8 dropped.
      • status: complete | action: requires NVIDIA driver 580+ for CUDA 13, 535+ for CUDA 12.
      • impact: Blackwell support (RTX 50, B100, B200). Updated deps (numpy 2.2.6, pyarrow 21.0.0, pandas 2.3.3, PyTorch 2.10.0, numba 0.61.2).
      • note: CUDA 13 image uses 13.1 toolkit; consumer GPUs (GeForce/RTX) need driver 590+ (no forward compat), datacenter 580+. CUDA 12 image uses 12.9, works with 535+. See docs.rapids.ai/platform-support/
    • CUDA 13 Support - Compose and Dockerfile defaults
      • was: CUDA_SHORT_VERSION=12.8 across compose files and Dockerfiles.
      • now: CUDA_SHORT_VERSION=13 in base/production/development/release/release-mt.yml and 15+ Dockerfiles. Image tags simplified from v2.50.0-12.8 to v2.50.0-13 / v2.50.0-12.
      • status: complete | action: update CUDA_SHORT_VERSION in deployment configs if pinned.
      • impact: All container builds default to CUDA 13.
    • CUDA 13 Support - NVIDIA driver upgrade
      • was: Driver 575 for CUDA 12.8; separate driver scripts per cloud provider (AWS, GCP, Azure).
      • now: Driver 590 (590.48.01-0ubuntu1 from the NVIDIA CUDA repo) for all providers via one unified script with per-package pinning. Supports CUDA 13.1 and 12.x.
      • status: complete | action: update host drivers to 590+ for CUDA 13, or 535+ for CUDA 12.
      • impact: All cloud deployments (AWS AMI, Azure/GCP images) and on-premise native installs.
    • Code Quality - Static analysis tooling for Python services
      • was: No automated type checking or linting for Python services.
      • now: MyPy + Ruff via shared wrappers (bin/ruff.sh, bin/mypy.sh). CI uses Docker; dev uses local install with conda/venv auto-detection. Runs on every pull request.
      • status: released | action: none required
      • impact: Enterprise deployments get improved reliability and faster issue detection.
    • Hypercorn Tunables for forge-etl-python - Operator-tunable worker knobs
      • was: hypercorn launched with hardcoded keep-alive, backlog, and worker-class values; tuning required forking the image.
      • now: FORGE_KEEP_ALIVE (30), FORGE_BACKLOG (20), FORGE_WORKER_CLASS (uvloop). Defaults match prior hardcoded values, so unset = no change.
      • status: released | action: none required. Set the env var to override.
      • impact: All forge-etl-python deployments. Use HYPERCORN_EXTRA_OPTS for any flag without a dedicated FORGE_* knob; explicit FORGE_* values win.
    • dask-cuda-worker Tunables - Operator-tunable knobs
      • was: dask cuda worker invoked with hardcoded threads, GPU memory limit, interface, resources, dashboard, and scheduler address; tuning required forking the image.
      • now: DCW_NTHREADS (2), DCW_DEVICE_MEMORY_LIMIT (0.9), DCW_INTERFACE (eth0), DCW_RESOURCES (GPU=10,PROCESS=2), DCW_DASHBOARD_HOST/_PORT (dask-cuda-worker:8787), DASK_SCHEDULER_ADDRESS (dask-scheduler:8786). Defaults unchanged.
      • status: released | action: none required. Set the env var to override.
      • impact: All dask-cuda-worker deployments. Useful for tighter GPU memory headroom, non-default interfaces, or non-default scheduler endpoints.
    • Air-Gapped Kubernetes Images - One offline tarball installs on both Compose and Kubernetes
      • was: The on-prem tarball shipped only the image names Docker Compose needs; air-gapped Kubernetes (Helm) installs could not load the engine/app images from it.
      • now: The same tarball also ships the Helm-pulled image names (same images under a second tag, no extra size) plus Kubernetes-only images: Crunchy postgres (crunchy-postgres, crunchy-pgbackrest), k8s-wait-for, busybox.
      • status: released | action: for air-gapped Kubernetes, load the same tarball into your private registry and set global.containerregistry.name.
      • impact: Air-gapped Kubernetes. One offline package now covers both Compose and Kubernetes. The Crunchy Postgres Operator is still installed separately; the Helm .tgz ships alongside.
    • On-Prem Package Manifests - the air-gapped tarball now describes itself
      • was: the tarball carried no machine-readable inventory; operators had to unpack the multi-GB archive to see what was inside.
      • now: two JSON manifests. A bundle manifest sits next to the .tar.gz (read before unpacking: version, deployment modes, top-level contents, sha256+size). An images manifest (inside the tarball and as a sibling) inventories every image with id, size, role.
      • status: released | action: none required. Read graphistry_<version>-<cuda>.manifest.json to verify the hash and contents before transfer or unpack.
      • impact: All air-gapped / on-prem installs. Additive metadata only.

    Versions

    • PyGraphistry - 0.53.5 (was 0.50.4)
      • Local Cypher via GFQL: g.gfql("MATCH ...") with MATCH/WHERE/WITH/RETURN/ORDER BY, variable-length traversals ([*n], [*m..n]), CALL procedures (graphistry.degree, igraph.*, cugraph.*).
      • GRAPH constructors, GEXF import/export, GFQL WHERE same-path constraints, remote GFQL Cypher/DAG queries. 8-35% faster hop traversals.
      • status: released | action: none required.
      • impact: Notebook users, API consumers, FEP runtime.
    • PyGraphistry - 0.53.6 (was 0.53.5)
      • RAPIDS 26.02 backward-compatible fixes: cudf from_pandas lazy shim, simplified cuml DBSCAN fit(), cugraph weighted-variant fallbacks (jaccard_w/overlap_w/sorensen_w -> base with use_weight=True), tz-aware binary-op crash fix, pd.Series.append -> pd.concat.
      • Tested across RAPIDS 24.12/25.02/26.02 + CPU-only: 2567 pass on 26.02, 2584 on CPU.
      • status: released | action: none required.
      • impact: All GPU deployments on RAPIDS 26.02 -- unblocks UMAP, featurization, cudf conversion, cugraph weighted algorithms, GFQL temporal comparisons.
    • PyGraphistry - 0.54.1 (was 0.53.6)
      • 0.53.7-0.53.16: GFQL/Cypher correctness -- bounded WITH...MATCH reentry, UNWIND...MATCH continuation, connected multi-alias row bindings, Let dict envelope handling, WHERE propagation in remote mode. DAG + parameterized Cypher in gfql_remote().
      • 0.54.0-0.54.1: initial GFQL IR type layer, OPTIONAL MATCH improvements, shortest-path parity hardening, CI hardening via uv lockfile installs.
      • status: complete | action: none required.
      • impact: Notebook users, API consumers, FEP runtime.
    • PyGraphistry - 0.55.1 (was 0.54.1)
      • igraph: from_igraph renames duplicate source/target labels when those names also exist as edge attributes, fixing "column 'source' is not unique".
      • cuDF: ensure_pandas now also falls back through NotImplementedError (newer cuDF on dtypes like datetime64[ms]). cuDF graphs flow through compute_igraph/layout_igraph/layout_graphviz via auto coercion -- no manual to_pandas().
      • GFQL: IR type layer follow-through; Cypher reentry regression coverage.
      • status: released | action: none required.
      • impact: GPU deployments using igraph/cugraph layouts or compute; notebook users, API consumers, FEP runtime.
    • PyGraphistry - 0.56.0 (was 0.55.1)
      • Cypher: strict_name_resolution=True is now the runtime default, so invalid queries (MATCH (a) RETURN ghost, WHERE ghost.foo=1, MATCH (a) MATCH ()-[a]->()) fail validation before fallback. Use g.gfql_validate(...) or g.gfql(..., validate=True) for diagnostics.
      • Native physical planning extended to top-level/reentry OPTIONAL MATCH, sequential MATCH, anonymous MATCH, CALL graphistry.*, and WHERE (pattern) existence predicates.
      • openCypher CIP semantics: tri-valued null propagation through list/map equality and IN, integer-division for integer literals, duration component preservation.
      • Breaking -- legacy api=1/api=2 auth removed. register(key=...), PyGraphistry.api_key(...), and GRAPHISTRY_API_KEY no longer honored. Migrate to api=3 (personal_key_id/personal_key_secret, username/password, or token).
      • status: released | action: required for any notebook/integration still on api=1/api=2 -- switch to api=3. All others, none.
      • impact: Notebook users on legacy keys (must migrate), Cypher consumers (stricter validation), FEP GFQL runtime (native planning + openCypher).
    • PyGraphistry - 0.56.1 (was 0.56.0)
      • New g.compute_networkx(...) exposes the curated NetworkX subset already reachable via GFQL local Cypher (node, edge, and k_core outputs).
      • Local Cypher graphistry.nx.* CALL surface expanded: degree/closeness/eigenvector/katz centrality, connected and strongly-connected components, core_number, and multi-output hits.
      • Optional deps declared -- networkx>=2.5,<4 and scipy>=1.5,<2 -- with runtime version guards.
      • Experimental graphistry.schema exports (NodeType, EdgeType, GraphSchema, EdgeTopology) accept Arrow-first pyarrow.Schema declarations, with opt-in schema_validate='strict'|'autofix'.
      • Behavior change: get_outdegrees now returns nodes in natural materialize_nodes order, and edges with a null endpoint contribute to the other side's degree (previously silently dropped).
      • status: released | action: review code relying on the prior get_outdegrees row order or on null-endpoint edges being dropped from degree counts. All others, none.
      • impact: Notebook users (new compute_networkx + graphistry.nx.*), API consumers using degree/out-degree (behavior change) or the experimental Arrow schema layer, FEP GFQL runtime.

    Additional details

    Usage instructions

    LAUNCH Note: if you have an issue logging into the Graphistry instance after launching the AMI, it may be because the IMDSv1 metadata service has been disabled, and we have created a patch which will be available in the next release. You can either enable IMDSv1 metadata service prior to creating the instance, or if that's not an option, please contact support@graphistry.com  for instructions to reset the admin password. https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-IMDS-new-instances.html 

    1. Launch and go to the homepage at the AWS instance's public IP (use http, not https). The services may take 2-5 minutes to launch and will display loading warnings in the meanwhile. Make sure you are using a GPU server (g4dn., p3.). Worst-case, reboot.
    2. Log in with 'admin' / 'i-your_instance_id'
    3. Continue on to the notebook tutorials or file uploader; create accounts for the rest of your team; explore the documentation

    Quick links:

    RESTART Use AWS console to stop/start/restart, or SSH in and run cd graphistry && sudo docker-compose restart

    CONFIGURE

    Contact options for features & support: https://www.graphistry.com/support  - we'd love to help!

    Resources

    Vendor resources

    Use Cases 
    How It Works 
    Notebook Guide 

    Support

    Vendor support

    Online Support support@graphistry.com 

    AWS infrastructure support

    AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.

    Get support

    Product comparison

     Info
    Updated weekly
    Graphistry Core
    By Graphistry
    Query Federated Search
    By Query
    Akridata Copilot
    By Akridata, Inc.

    Accolades

     Info
    Top
    50
    In Log Analysis
    Top
    10
    In Classification-Image, Classification-Video

    Overview

     Info
    AI generated from product descriptions
    GPU-Accelerated Visual Analytics
    Multi-GPU client-to-cloud engine with point-and-click capabilities including time bars, search, coloring, clustering, and rich visual analytics for graph exploration from a few nodes to millions of data points.
    Multi-Source Data Integration
    Support for diverse data sources including CSVs, Splunk, ELK, Kusto, SQL, Spark, Impala, Neo4j, Neptune, JanusGraph, TigerGraph, DSE Graph, Pandas, and NetworkX.
    RAPIDS GPU Jupyter Notebooks
    Pre-configured Jupyter notebooks with secure login, PyGraphistry library, Nvidia RAPIDS, and example templates for rapid prototyping and development.
    No-Code Automation
    Point-and-click investigation automation that converts any investigation into reusable templates without requiring coding.
    Web Developer APIs
    Multiple API options including Python, JavaScript, React, and REST interfaces for embedding visual graph analytics and automation deep links into applications.
    Federated Data Search
    Enables searching security data across distributed sources including SIEMs, EDRs, cloud storage, data lakes, identity, and network tools without centralizing data.
    Pre-built Integrations
    Includes pre-configured connectors for Amazon Athena, Amazon S3, Amazon Security Lake, Crowdstrike, Splunk, Datadog, SentinelOne, Okta, Jamf, and Virus Total.
    AI-Powered Automation
    Delivers AI Agents that provide automation and real-time context to reduce investigation and triage time.
    Security Data Pipeline
    Provides data pipeline functionality that deploys in under five minutes with ZSTD-compressed Parquet format and automatic partitioning for performance optimization.
    Data Compression and Storage Optimization
    Achieves 80%+ reduction in storage footprint through compression and efficient data formatting for cloud-ready compliance and analytics.
    AI-Powered Defect Detection
    Integrates defect detection capabilities into production lines with real-time visual analysis and AI-driven identification of anomalies.
    Real-Time Production Monitoring
    Provides continuous monitoring of production lines with real-time command center functionality to track defect rates and compliance.
    Computer Vision Model Development
    Simplifies development and deployment of computer vision models through advanced data curation, annotation, and synthetic data generation tools.
    Compliance and Explainability
    Delivers full compliance, observability, and explainability features for AI-age regulatory requirements.
    Interactive Data Preparation
    Offers an interactive approach for data preparation and model training workflows.

    Contract

     Info
    Standard contract
    No

    Customer reviews

    Leave a review 

    Ratings and reviews

     Info
    0 ratings
    5 star
    4 star
    3 star
    2 star
    1 star
    0%
    0%
    0%
    0%
    0%
    0 reviews
    No customer reviews yet
    Be the first to review this product . We've partnered with PeerSpot to gather customer feedback. You can share your experience by writing or recording a review, or scheduling a call with a PeerSpot analyst.