Graylog Developer License


Is it there something as a Developer License for a full Graylog version?

While I thank the Graylog people for the Open version, there are no Alerts available there.
I have already done a Content Pack.
And I am heading for another.

But I need my new Content Pack to contain alerts too - not just the dashboards.

With Splunk I can have a Developer license that expires for some months and I can develop on full features

Is there anything similar with Graylog ?

best regards
Altin Karaulli

You can request a Free Enterprise License which requires your daily intake to stay below 2GB. There are a few days grace period over a sliding month in there. If you are going to go over 2GB/day you would have to work directly with Graylog Sales

Thank You very much @tmacgbay

As far as I understood, I can continue working with the Enterprise version (especially alerts !) even after expiration of the Free Ent. License - provided that I keep it under 2GB/day.
Am I correct ?

PS. For my tests and CP building I would be happy even with 200 Mb. :slight_smile:

best regards

Once the license expires, all the features will stop working… but you can re-apply for another 2GB license… there is no limit to how many times you can apply… as far as I know. That being said, Graylog has transitioned things in the past… It used to be the limit was 5GB a day. :slight_smile:

One month is a short period for a Developer. I hope someone from Graylog do read this, and they grant a 6 month time to us Developers. Be this a 500 Mb/day.

thank you @tmacgbay for your reply

Ah! The license is usually good for a year… if you go over 2gb 5 times during a sliding day period your license turns off until you are under the 2Gb over 5 days over 30 days. The > 2GB counts even if not consecutive.

That should put you in a better place. :grin:

1 Like

I think you missed some thing important: Alerts are available in the free version!

First of all: an event becomes an alert as soon as there is an notification added to it. This can be e-mail or some others, does not matter.

In the free version you will have events based on thresholds. Those have fix values which may not be crossed. Examples:

  • if more than 5 failed logins from one user → event: multiple failed password attempts
  • if less than three sources (cardinality) → event: logging from one source stopped

In the commercial version you will also have “correlations”: you can chain two (or more) events from the free version into a new event:

  • event: 5000 failed password authentication
  • event_ one successfull password authentication
    → successfull password brute force

Also here an event becomes an alert as soon as there is a notification added.

1 Like

Thank You @ihe

GRAYLOG OPEN FEATURES - does not talk about Alert as a feature


So, I guess Thresholds can be seen as limited, but not full, alerts.
Correct ?


From my experience: 99% can be done with thresholds. they need to fit the environment though.

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.