Blog

Introducing the Key-Value Search Module

Oct 1, 2019 2:35:15 PM / by John Floren posted in Gravwell Story, Software Updates, Logging

0 Comments

With Gravwell 3.2.4 we've introduced a new search module: kv, short for 'key-value'. This module is designed to help you extract key-value data from text entries without having to hand-craft regular expressions. It also interfaces with the fulltext indexer automatically, so you can analyze your indexed data more quickly.

Read More

Version 3.2.3 - Performance Improvements

Sep 25, 2019 11:18:26 AM / by Kris Watts posted in DevOps Analytics, ingester, Events, Logging

0 Comments

We proud to announce the immediate availability of Gravwell version 3.2.3. This release is all about performance and bug fixes, but we did manage to slip in a new Kafka ingester.

Read More

Version 3.2.2! Do you grok it?

Sep 10, 2019 4:29:33 PM / by Kris Watts posted in DevOps Analytics, Logging, Analytics Economics

0 Comments

We are pleased to announce the immediate availability of Gravwell version 3.2.2!

This one got away from us a bit and probably should be a major release, there is just too much good stuff in here. I tried to convince the team that we should just jump to version 10, but as our GUI lead started choking and muttering something about C'est absurde we decided to stick with a point release.

Read More

A personal short story about broken pricing models

Aug 21, 2019 1:41:21 PM / by Corey Thuen posted in Gravwell Story, Case study, Logging

0 Comments

This personal story I'm about to tell highlights one of the most important differentiators between Gravwell vs Splunk -- a non-abusive pricing model. Data rates aren't always predictable….

Read More

Windows DNS threat hunting with Sysmon and Gravwell

Jun 20, 2019 8:38:00 AM / by Corey Thuen posted in Data Fusion, Microsoft, Windows, Logging, Security, Community Edition

0 Comments

This month has been a big deal for IT logging of windows endpoints. Sysmon v10 was released last Tuesday and it includes the major changes of DNS logging and OriginalFileName reporting for windows events. If you've ever tried to set up windows DNS logging before, you understand how awesome this is. This post is all about the new functionality and how to make use of it in Gravwell.

Read More

Security Auditing DNS With CoreDNS and Gravwell

Jul 26, 2018 11:16:19 AM / by Kris Watts posted in Network Analytics, Case study, Logging, Security, automation, Integrations, Home Operations Center, Orchestration

0 Comments

DNS auditing is an integral part of any I.T. security program. Name resolutions can act as a great tip for discovering malware, command and control streams, or misbehaving employees. Acquiring DNS audit data can be difficult with some DNS servers (*cough* Windows *cough*); for this post we are going to show an extremely easy method of getting DNS audit data directly into Gravwell.

Read More

Gravwell And Docker Deployment

Apr 5, 2018 3:50:03 PM / by Kris Watts posted in DevOps Analytics, ingester, Logging, automation, docker, cluster

0 Comments

Update (1/24/2019)

This post is mostly about building your own docker images. If you're interested in getting up and running fast using Gravwell+Docker, head over to our docs that cover our pre-built images: 

https://dev.gravwell.io/docs/#!configuration/docker.md

Overview

For this blog post we are going to go over the deployment of a distributed Docker-based Gravwell cluster. We will use Docker and a few manageability features to very quickly build and deploy a cluster of Gravwell indexers. By the end of the post we will have deployed a 6 node Gravwell cluster, a load balancing federator, and a couple ingesters. Also, the six node “cluster” is also going to absolutely SCREAM, collecting over 4 million entries per second on a single Ryzen 1700 CPU. You read that right, we are going to crush the ingest rate of every other unstructured data analytics solution available on a single $250 CPU.  Lets get started.

Read More