Tested new Graylog 3.3 by upgrade from v.3.1.
Have simple installation, Graylog and Elastic on one machine, no proxy, no clustering.
Upgrade itself was easy, that’s good. All dashboards, saved searches in place. OK.
Good things ended here. The same mouse-click oriented UI, clumsy compared to v.3.1. I already wrote about it previosly when tested v.3.2. Perhaps a little easier to orientate, some clicks less, compared to v.3.2. And that’s all I found. Yes, some nice features, not critical to me.
About missing Quick values there was said so much, nothing changed in this version.
Conclusion - no upgrade, keeping v.3.1, sorry.
As quick example how UI went to worse since v.3.1, I tested quite typical task - search simple query Channel:Microsoft-Windows-Backup AND source:someserver using built-in hints. We don’t save such queries, they are not in day-to-day tasks, so…
v.3.3: typing so -> arrow down for source: -> enter -> typing someserver AND Ch -> arrow down for Channel: -> enter -> typing Microsoft-Windows-Backup -> enter, 8 operations.
v.3.1: typing so -> arrow down for source: -> typing someserver AND Ch -> arrow down for Channel: -> typing Microsoft-Windows-Backup` -> enter, 6 operations. 25% less, if you want.
thanks a lot for your input. We know that we did not address all issues which were brought up in 3.2 and we will probably never will satisfy everyone, but we are aware of some of these issues and want to address them in future releases.
Thanks again, and I hope we can bring you onto the next release.
to add to that, I got already used to quick values regression when upgrading to 3.1 from 3.2, but I’m not really a fan of new color palette in 3.3, as i can live with different shade of red of notification indicator and different shade of blue in top right actions buttons and blacker text for example, the heap usage indicator in node page is burning my eyes, I might be picky though
All here hate - I think it’s overstated a little bit It seems Graylog team wanted to change the way we work with their product. Starting from v.3.2 it’s more like routine monitoring with predefined sets of searches and dashboards. Before it was more like reaction to alerts with investigation, which is not predefinable, it’s improvisation all the time. Some of us don’t want to change this, we already adapted this tool in our workflow, and it fits.
Our Graylog 3.2.4 VM is down right now (we’re evaluating another product on the same IPs) but I’m considering a re-deployment of 3.1.4 when it comes time to bring it back up. The UI, while improved in some respects, requires more work to drill down to the information I want to see.
I was recently testing too version 3.2 and 3.3 on both separate labs and environment the way field choosen mechanism was working in 3.1 is totally change in 3.2 and 3.3. Seems dashboard also getting problems if we add counts and rename it after few minutes it change back to its default aggregation default count. 3.1 still working good.
I’m a user of graylog since the 2.6 version and I can point two mainly important things that change…
Dashboards
First the dashboards… Man… The newest version is pretty much better than the old ones (I mean 3.1 and olders).
You can search in the dashboards!
You can duplicate dashboarrds!
You can “drill” your data
But yeah, we have some bugs, but no big deal
Alerts
Ok, here I got really disappointed… Not about the usability and the design, this got better a lot. But the functionallity, the oldest versions we were able to use plugins to extend the graylog alert limitations, but in the newest version (3.2, 3.3) we can’t anymore… I think this is the only thing that disappointed me on the newest versions…
So everything is OK, since this is the only point, right? NO! Alerts is a very important pillar to me, I would say more important than the beautiful dashboards… So, please!!! Improve the alerts functionalities…
you can still have plugins for alerts in 3.3 - but the APIs have changed and so the Plugin creators need to adjust the plugins to the new data structure.
It seems Graylog team wanted to change the way we work with their product. Starting from v.3.2 it’s more like routine monitoring with predefined sets of searches and dashboards. Before it was more like reaction to alerts with investigation, which is not predefinable, it’s improvisation all the time. Some of us don’t want to change this, we already adapted this tool in our workflow, and it fits.