Multiple Stages (DEV, QA and PROD) -> Best setup?

Hello everybody,

I am in the process of setting up a logserver for our project and Graylog seems to be a great solution for us…
We have three environments (DEV, QA and PROD) which I want to analyze using Graylog.
These (AWS) environments are completely isolated from each other.
Any question would be:
Option 1: Should I set up one central Graylog server somewhere and expose at least the API port to the Internet so that the three environments can send their logdata there?
Option 2: Set up a completely separated Graylog instance in each environment, eliminating the need to expose anything to the Internet as everything would be done internally inside each environment

If Option 1 would be the better one: Can (and how?) I easily separate all the logs/analyses by environment (DEV, QA, PROD) in the Graylog UI? So that I have three different “tenants” in the one server?

Thanks so much for any advice :slight_smile:

Best regards,


Hi, cfasoldS

if servers of (DEV, QA,PROD) be in local datacenter or in the cloud. your answers to questions 1&2 are correct. by helping stream/pipeline modules you can separate completely logs of three part for related teams

Hello Bahram,
thanks for your reply!
But if I read that correctly, Graylog is not really “tenant”-capable, but I have to use some trick to really have the data separated right?

Perhaps I will go with three different Graylog server for the beginning… Or did I miss something? :slight_smile:
Thanks so much!

Best regards,



you can have a central server for all (DEV,QA,PROD) or for each one a independent server .
anyway you don’t miss anything.
this scenario are completely depend on network topology and received messages per second

1 Like

Thanks Bahram :slight_smile:

just my 2 cents… have a separate instance for Prod if possible. Dev and QA… ¯_(ツ)_/¯

but prod… is prod…

I have decided to have an instance of Graylog for each environment so that I can keep them being separated from each other :slight_smile:


Currently we have two clusters running , where one is dedicated to Production and other for Non production environments since we want full segregation of production environment.

Also, it can give us some flexibility and learn possible lessons when a upgrade or change goes wrong on the Non PRD graylog cluster. So, i would strongly advise segregated or at least have a dedicated cluster for production.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.