• 08 Sep 2022
  • 1 Minute to read
  • Dark


  • Dark

Graylog Operations is the open-source core plus several plugins that contribute functionality, which allows open-source core users to add operations if they install a new operating system package.

Whether you install Graylog Operations plugins or the Graylog Operations Integrations plugin, the same additional features are added to Graylog. The following list details the features installation adds to Graylog. A valid operations license is required to access the features included in this list.

  • Archiving
    • Stores your data in a long-term retention location for an infinite period of time and can be local or removable media. The archiving feature allows most users to meet compliance regulations around data retention.
  • Audit log
    • Keeps a record of changes done in-product by all users.
  • Reporting - extension of dashboards
    • Places current dashboard widgets into a scheduled report that can be delivered to your inbox.
  • Search extensions
    • Parameter support - Search extensions serve as placeholders in the query and ask users for values to put into queries to eliminate the need to copy and paste queries themselves.
  • Alerting extensions (basic Alerting is part of open source)
    • Event Correlation.
    • Dynamic Lists - Looks up values in lookup tables and uses the results in the alert query field within the correlation rule. This feature is based on search parameters.
    • Cluster-Wide Scheduler - Open Source runs alerts on a single node. Operations runs alerts on all Graylog nodes, increasing capacity.
    • Script Notification - Allows a custom native program to run in response to a generated alert, simplifying the integration of third-party systems.
  • MongoDB Lookup Table
    • Collects settings values from pipelines and other sources to maintain a list of suspicious IP addresses for Dynamic Lists.
  • Forwarding (Integrations)
    • Forwards specific data streams to remote locations with journaling support in case of outages. Cluster-to-cluster forwarder output requires two fully functioning Graylog clusters.
  • Indexing and Processing Failures
    • A feature that allows you to log and receive notifications of indexing and processing failures that occur in log data.
  • Output Framework (Integrations)
    • A plugable solution that forwards events from Graylog to any other system. Output Framework includes advanced options to manipulate the events before handover and format them as a Syslog message, JSON, and any other formart.
  • Inputs (Integrations)

Please see the Graylog Operations Page for more details.

Was this article helpful?

What's Next