Graylog as an alternative to Splunk


I’ve been experimenting with a few different logging solutions; free Splunk, and now Graylog.

Splunk would be my choice were it not for the high price. Free Splunk works great to a point but after 60 days alerting and some other features stop working. And well, logging without alerting is kind of silly. was actually pretty cool for about $80/month which included alerting, log backup to Amazon S3, secure log transmission and various setup scripts for getting it all working on Apache, Nginx or whatever.

As nice as was, I was still looking for something similar to Splunk.

Graylog has been the closest solution so far. There’s a Open Source version which has most of what you need for a personal solution. The Enterprise version adds support, Audit Log and Archiving. The Enterprise versions state around 200GB/day so I’m not exactly sure what the Open Source limit is or if it has one. But for a personal solution, whatever the limit is it’s probably sufficient.

There is also a Graylog marketplace with a crap load of add-ons for integration with Amazon AWS, a DNS resolver filter for reverse lookup on source field, JIRA integration and a whole lot more.

To this point I’ve added a few Streams for picking out info that I’m interested in from the logs, created alerts and email notifications along with a pretty nifty dashboard.

As far as hardware, I have it running on a 2GB droplet at Digital Ocean and it was super simple to setup and get running. Add in https using free certificates from LetsEncrypt and your good to go.

I had no idea this solution even existed and had never heard of it until a little while ago, but so far it has performed great without any issues.

Similar Posts: