February 18, 2023, 5:24pm
Is it there something as a Developer License for a full Graylog version?
While I thank the Graylog people for the Open version, there are no Alerts available there.
I have already done a Content Pack.
And I am heading for another.
But I need my new Content Pack to contain alerts too - not just the dashboards.
With Splunk I can have a Developer license that expires for some months and I can develop on full features
Is there anything similar with Graylog ?
February 18, 2023, 8:59pm
You can request a
Free Enterprise License which requires your daily intake to stay below 2GB. There are a few days grace period over a sliding month in there. If you are going to go over 2GB/day you would have to work directly with Graylog Sales
February 19, 2023, 4:24pm
Thank You very much
As far as I understood, I can continue working with the Enterprise version (especially alerts !) even after expiration of the Free Ent. License - provided that I keep it under 2GB/day.
Am I correct ?
PS. For my tests and CP building I would be happy even with 200 Mb.
February 19, 2023, 5:11pm
Once the license expires, all the features will stop working… but you can re-apply for another 2GB license… there is no limit to how many times you can apply… as far as I know. That being said, Graylog has transitioned things in the past… It used to be the limit was 5GB a day.
February 19, 2023, 5:21pm
One month is a short period for a Developer. I hope someone from Graylog do read this, and they grant a 6 month time to us Developers. Be this a 500 Mb/day.
@tmacgbay for your reply
February 19, 2023, 5:37pm
Ah! The license is usually good for a year… if you go over 2gb 5 times during a sliding day period your license turns off until you are under the 2Gb over 5 days over 30 days. The > 2GB counts even if not consecutive.
That should put you in a better place.
February 21, 2023, 9:52am
I think you missed some thing important: Alerts are available in the free version!
First of all: an event becomes an alert as soon as there is an notification added to it. This can be e-mail or some others, does not matter.
In the free version you will have events based on thresholds. Those have fix values which may not be crossed. Examples:
if more than 5 failed logins from one user → event: multiple failed password attempts
if less than three sources (cardinality) → event: logging from one source stopped
In the commercial version you will also have “correlations”: you can chain two (or more) events from the free version into a new event:
event: 5000 failed password authentication
event_ one successfull password authentication
→ successfull password brute force
Also here an event becomes an alert as soon as there is a notification added.
February 21, 2023, 4:58pm
GRAYLOG OPEN FEATURES - does not talk about Alert as a feature
GRAYLOG OPERATIONS - does
So, I guess Thresholds can be seen as limited, but not full, alerts.
February 21, 2023, 6:41pm
From my experience: 99% can be done with thresholds. they need to fit the environment though.
March 7, 2023, 6:42pm
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.