This is an interesting question. Is Graylog designed to withstand noise/fuzzing?
Well, for one, unless you set up timestamp validation, you can be easily poisoned by bad timestamps, causing all your indices to show index ranges like “4000BC to 24000AD”. That will force Graylog to search all indices even though you asked for “last 15 minutes” and degrades performance.
But more generally - If you allow logs to be spoofed, how can you trust them when time comes?
SSL with a client certificate sounds like a good idea.