Tried Graylog v.3.3, mainly disappointed

Karlis · May 22, 2020, 8:16am

Tested new Graylog 3.3 by upgrade from v.3.1.
Have simple installation, Graylog and Elastic on one machine, no proxy, no clustering.
Upgrade itself was easy, that’s good. All dashboards, saved searches in place. OK.
Good things ended here. The same mouse-click oriented UI, clumsy compared to v.3.1. I already wrote about it previosly when tested v.3.2. Perhaps a little easier to orientate, some clicks less, compared to v.3.2. And that’s all I found. Yes, some nice features, not critical to me.
About missing Quick values there was said so much, nothing changed in this version.
Conclusion - no upgrade, keeping v.3.1, sorry.

As quick example how UI went to worse since v.3.1, I tested quite typical task - search simple query Channel:Microsoft-Windows-Backup AND source:someserver using built-in hints. We don’t save such queries, they are not in day-to-day tasks, so…
v.3.3: typing so -> arrow down for source: -> enter -> typing someserver AND Ch -> arrow down for Channel: -> enter -> typing Microsoft-Windows-Backup -> enter, 8 operations.
v.3.1: typing so -> arrow down for source: -> typing someserver AND Ch -> arrow down for Channel: -> typing Microsoft-Windows-Backup` -> enter, 6 operations. 25% less, if you want.

konrad · May 22, 2020, 8:29am

Hi @Karlis,

thanks a lot for your input. We know that we did not address all issues which were brought up in 3.2 and we will probably never will satisfy everyone, but we are aware of some of these issues and want to address them in future releases.

Thanks again, and I hope we can bring you onto the next release.

- Konrad

maniel · May 22, 2020, 9:13am

to add to that, I got already used to quick values regression when upgrading to 3.1 from 3.2, but I’m not really a fan of new color palette in 3.3, as i can live with different shade of red of notification indicator and different shade of blue in top right actions buttons and blacker text for example, the heap usage indicator in node page is burning my eyes, I might be picky though

konrad · May 22, 2020, 9:38am

@maniel thanks for the feedback about the colors. I will relay it to the right people.
\ - Konrad

newbenji · May 29, 2020, 6:52am

SAdly thats the common thing around as i hear…
Many loved the easy way in graylog 3.1
All here hate the 3.2 way for search etc

Karlis · May 29, 2020, 7:35am

All here hate - I think it’s overstated a little bit It seems Graylog team wanted to change the way we work with their product. Starting from v.3.2 it’s more like routine monitoring with predefined sets of searches and dashboards. Before it was more like reaction to alerts with investigation, which is not predefinable, it’s improvisation all the time. Some of us don’t want to change this, we already adapted this tool in our workflow, and it fits.

richardm1 · June 5, 2020, 4:42pm

Our Graylog 3.2.4 VM is down right now (we’re evaluating another product on the same IPs) but I’m considering a re-deployment of 3.1.4 when it comes time to bring it back up. The UI, while improved in some respects, requires more work to drill down to the information I want to see.

sohailmeer · June 12, 2020, 6:19am

Hi,

I was recently testing too version 3.2 and 3.3 on both separate labs and environment the way field choosen mechanism was working in 3.1 is totally change in 3.2 and 3.3. Seems dashboard also getting problems if we add counts and rename it after few minutes it change back to its default aggregation default count. 3.1 still working good.

min · June 12, 2020, 9:38pm

Hello guys!

I’m a user of graylog since the 2.6 version and I can point two mainly important things that change…

Dashboards

First the dashboards… Man… The newest version is pretty much better than the old ones (I mean 3.1 and olders).
You can search in the dashboards!
You can duplicate dashboarrds!
You can “drill” your data
But yeah, we have some bugs, but no big deal

Alerts

Ok, here I got really disappointed… Not about the usability and the design, this got better a lot. But the functionallity, the oldest versions we were able to use plugins to extend the graylog alert limitations, but in the newest version (3.2, 3.3) we can’t anymore… I think this is the only thing that disappointed me on the newest versions…
So everything is OK, since this is the only point, right? NO! Alerts is a very important pillar to me, I would say more important than the beautiful dashboards… So, please!!! Improve the alerts functionalities…

jan · June 15, 2020, 6:48am

he @min

you can still have plugins for alerts in 3.3 - but the APIs have changed and so the Plugin creators need to adjust the plugins to the new data structure.

system · June 29, 2020, 6:48am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.