Operations | Monitoring | ITSM | DevOps | Cloud

GitLab’s audit logs offer a goldmine of insights into user activity, project changes, and security events. Getting that data into Graylog for centralized analysis is easier than you might think—especially with the flexibility of our Raw HTTP input and Illuminate’s GitLab Spotlight Pack. In this two-part guide, we’ll walk you through how to get it done, from wiring up GitLab’s Audit Event Streaming to visualizing enriched events in a purpose-built dashboard.

“You can’t investigate what you don’t have”. Every analyst knows the pain of missing context. You’re in the middle of a high-stakes investigation, but the logs you need are gone, archived weeks ago due to retention limits. Or worse, they were never collected in the first place to keep costs under control. This is the Visibility vs. Cost trap, and it puts analysts at a disadvantage every day.

OpenTelemetry is emerging as the common framework for collecting observability data, and for good reason. It’s vendor-neutral, open source, and designed to collect traces, metrics, and logs in a consistent way. But while most of the buzz is around tracing and metrics, let’s not forget: logs are still the backbone of investigation and response. That’s why Graylog now supports native collection of OpenTelemetry data over gRPC.

Sigma rules have become the security team equivalent of LEGO bricks and systems. With LEGO, people can build whatever they can imagine by connecting different types of bricks. With Sigma Specification 2.0 rules, security teams can create vendor-agnostic detections without being limited by proprietary log formats. In response to the Sigma rules’ popularity, the team that built them updated them in August 2024, giving security teams new capabilities.

In the world of log management and security analytics, one thing is abundantly clear: data volumes fluctuate. Yet most pricing models haven’t caught up. Traditional ingest-based licensing models force organizations to size their license needs based on a worst-case capacity scenario—the “high-water mark”—whether those spikes are rare and/or expected.

Everyone has a story about that one road trip where traffic got backed up, making people late to the event. When you have network connectivity problems, your information highway gets clogged up, making it difficult for users to access resources efficiently. While network troubleshooting strategies may seem simple, a lot of nuance and complexity lies in the activities when you dig into your data.

Even with the rise of high-speed networks and sophisticated monitoring tools, VoIP Call Data Records (CDR) remain an essential resource for troubleshooting and optimizing bandwidth usage. These records provide a granular view of call quality, latency, jitter, and packet loss—critical factors that directly impact voice performance.

If you grew up in the 80s and 90s, you probably remember your most beloved Trapper Keeper. The colorful binder contained all the folders, dividers, and lined paper to keep your middle school and high school self as organized as possible. Parsing JSON, a lightweight data format, is the modern, IT environment version of that colorful – perhaps even Lisa Frank themed – childhood favorite.

In today’s digital age, the internet has become an integral part of our daily lives. From working remotely to streaming movies, we rely on the internet for almost everything. However, slow internet speeds can be frustrating and can significantly affect our productivity and entertainment. Despite advancements in technology, many people continue to face challenges with their internet speeds, hindering their ability to fully utilize the benefits of the internet.

In the log aggregation game, the biggest difficulty you face can be setting up parsing rules for your logs. To qualify this statement: simply getting log files into Graylog is easy. Graylog also has out-of-the-box parsing of a wide variety of common log sources, so if your logs fall into one of the many categories of log for which there is either a dedicated Input; a dedicated Illuminate component; or that uses a defined Syslog format; then yes, parsing logs is also easy.