Blog

Fellow Go Devs, Here's Our Experience Moving to Go Modules From Dep

Oct 17, 2019, 2:14:57 PM / by John Floren posted in developer, golang

0 Comments

When we started Gravwell years ago, we knew it was going to be a significant undertaking requiring some serious tooling under the hood. Building a custom data lake and analytics platform from scratch that can scale to hundreds of TB/day ain't easy. We chose Go for a lot of reasons and that choice has paid dividends in terms of what we've been able to accomplish in so short a time.

This post is about our tooling, and some of the lessons we have learned along the way in managing a large Go codebase. A few weeks ago Gravwell made the switch to Go modules on both our open source github repositories and our internal repo. Let's talk about about our planned workflow going forward and a few caveats we've run into.

 

Read More

Introducing the Key-Value Search Module

Oct 1, 2019, 2:35:15 PM / by John Floren posted in Gravwell Story, Software Updates, Logging

0 Comments

With Gravwell 3.2.4 we've introduced a new search module: kv, short for 'key-value'. This module is designed to help you extract key-value data from text entries without having to hand-craft regular expressions. It also interfaces with the fulltext indexer automatically, so you can analyze your indexed data more quickly.

Read More

Version 3.2.3 - Performance Improvements

Sep 25, 2019, 11:18:26 AM / by Kris Watts posted in DevOps Analytics, ingester, Events, Logging

0 Comments

We proud to announce the immediate availability of Gravwell version 3.2.3. This release is all about performance and bug fixes, but we did manage to slip in a new Kafka ingester.

Read More

Version 3.2.2! Do you grok it?

Sep 10, 2019, 4:29:33 PM / by Kris Watts posted in DevOps Analytics, Logging, Analytics Economics

0 Comments

We are pleased to announce the immediate availability of Gravwell version 3.2.2!

This one got away from us a bit and probably should be a major release, there is just too much good stuff in here. I tried to convince the team that we should just jump to version 10, but as our GUI lead started choking and muttering something about C'est absurde we decided to stick with a point release.

Read More

A personal short story about broken pricing models

Aug 21, 2019, 1:41:21 PM / by Corey Thuen posted in Gravwell Story, Case study, Logging

0 Comments

This personal story I'm about to tell highlights one of the most important differentiators between Gravwell vs Splunk -- a non-abusive pricing model. Data rates aren't always predictable….

Read More

Announcing Gravwell Version 3.2

Jul 31, 2019, 9:26:42 AM / by John Floren posted in Software Updates, DevOps Analytics

0 Comments

We are happy to announce the immediate availability of Gravwell version 3.2.0!

Read More

Windows DNS threat hunting with Sysmon and Gravwell

Jun 20, 2019, 8:38:00 AM / by Corey Thuen posted in Data Fusion, Microsoft, Windows, Logging, Security, Community Edition

0 Comments

This month has been a big deal for IT logging of windows endpoints. Sysmon v10 was released last Tuesday and it includes the major changes of DNS logging and OriginalFileName reporting for windows events. If you've ever tried to set up windows DNS logging before, you understand how awesome this is. This post is all about the new functionality and how to make use of it in Gravwell.

Read More

Benchmarking Gravwell's Hybrid Indexing

May 22, 2019, 10:06:25 AM / by Kris Watts posted in ingester

0 Comments

We've had some benchmarking requests from multiple organizations struggling with ingest performance from Elasticsearch, so we're publishing them here. The latest Gravwell release marks a significant improvement in ingest and indexing performance and this post covers the nitty gritty details. Better ingest performance means reduced infrastructure cost, less dropped data, and faster time-to-value. See how Gravwell stacks up.

Read More

Monitoring Vehicle CANBus Activity with Gravwell

Apr 18, 2019, 2:26:29 PM / by Corey Thuen posted in OT Analytics

0 Comments

Before founding Gravwell, I was doing quite a bit of vehicle cybersecurity. Lately I haven't had much opportunity for that kind of fun -- turns out founding a company is time consuming work. Today is a throwback Thursday, however, as I'll be presenting on CANBus and vehicle security at the local DEFCON meetup. We didn't build Gravwell for car hacking but I gotta say, having Gravwell years ago would have made my life a lot easier…

Read More

New Gravwell Feature: Introducing Autoextractors

Feb 27, 2019, 10:51:08 AM / by Kris Watts posted in Software Updates

0 Comments

We are excited to introduce autoextractors with Gravwell version 3.0.2.  Autoextractors make it easy for regex gurus and binary ninjas to generate extractions and share them in a portable format.  Autoextractors can dramatically simplify the process of performing field extractions from unstructured data without complicated time-of-ingest data definitions; they can built and shared by ninjas and and used by us mere mortals.

Read More