Blog

Enable Data Fusion & Pivot on Dataset Properties with the Enrich Module

Jan 19, 2021 9:51:59 AM / by Fritz posted in Data Fusion, Software Updates, Logging

Gravwell 4.1 introduces a new module - Enrich - that can add static data to every entry in a query. Sometimes you need to add static data to a dataset, such as the standard deviation itself across all entries in the dataset or annotations about the query, or you may want to fuse several data points from a resource. The enrich module provides this simple but important feature.

Read More

Combine Datasets Like a Boss: Announcing Gravwell 4.1 & Compound Queries

Jan 6, 2021 9:14:59 AM / by Fritz posted in Data Fusion, Software Updates, Logging

The Gravwell team is happy to announce the release of Gravwell 4.1.0 - Gamma Burst.
A few highlights of what's included in the new release:

  • Compound Query support
  • Web UI based ingester
  • A new “enrich” module
  • Temporal mode in the “dump” module
  • Internal performance and stability improvements

(Current users - visit the download page for instructions on updating. For a complete list of changes, see the Gravwell 4.1.0 release notes)

We’ll have a series of blog posts discussing the various features of Gravwell 4.1.0, but we wanted to get started with our favorites - Compound Queries.

Read More

Introducing the Key-Value Search Module

Oct 1, 2019 2:35:15 PM / by John Floren posted in Gravwell Story, Software Updates, Logging

With Gravwell 3.2.4 we've introduced a new search module: kv, short for 'key-value'. This module is designed to help you extract key-value data from text entries without having to hand-craft regular expressions. It also interfaces with the fulltext indexer automatically, so you can analyze your indexed data more quickly.

Read More

Version 3.2.3 - Performance Improvements

Sep 25, 2019 11:18:26 AM / by Kris Watts posted in DevOps Analytics, ingester, Events, Logging

We proud to announce the immediate availability of Gravwell version 3.2.3. This release is all about performance and bug fixes, but we did manage to slip in a new Kafka ingester.

Read More

Version 3.2.2! Do you grok it?

Sep 10, 2019 4:29:33 PM / by Kris Watts posted in DevOps Analytics, Logging, Analytics Economics

We are pleased to announce the immediate availability of Gravwell version 3.2.2!

This one got away from us a bit and probably should be a major release, there is just too much good stuff in here. I tried to convince the team that we should just jump to version 10, but as our GUI lead started choking and muttering something about C'est absurde we decided to stick with a point release.

Read More

A personal short story about broken pricing models

Aug 21, 2019 1:41:21 PM / by Corey Thuen posted in Gravwell Story, Case study, Logging

This personal story I'm about to tell highlights one of the most important differentiators between Gravwell vs Splunk -- a non-abusive pricing model. Data rates aren't always predictable….

Read More

Windows DNS threat hunting with Sysmon and Gravwell

Jun 20, 2019 8:38:00 AM / by Corey Thuen posted in Data Fusion, Microsoft, Windows, Logging, Security, Community Edition, Sysmon

This month has been a big deal for IT logging of windows endpoints. Sysmon v10 was released last Tuesday and it includes the major changes of DNS logging and OriginalFileName reporting for Windows events. If you've ever tried to set up Windows DNS logging before, you understand how awesome this is. This post is all about the new functionality and how to make use of it in Gravwell.

Read More

Security Auditing DNS With CoreDNS and Gravwell

Jul 26, 2018 11:16:19 AM / by Kris Watts posted in Network Analytics, Case study, Logging, Security, automation, Integrations, Home Operations Center, Orchestration, DNS

DNS auditing is an integral part of any I.T. security program. Name resolutions can act as a great tip for discovering malware, command and control streams, or misbehaving employees. Acquiring DNS audit data can be difficult with some DNS servers (*cough* Windows *cough*); for this post we are going to show an extremely easy method of getting DNS audit data directly into Gravwell.

Read More

Gravwell And Docker Deployment

Apr 5, 2018 3:50:03 PM / by Kris Watts posted in DevOps Analytics, ingester, Logging, automation, docker, cluster

Update (1/24/2019)

This post is mostly about building your own docker images. If you're interested in getting up and running fast using Gravwell+Docker, head over to our docs that cover our pre-built images: 

https://dev.gravwell.io/docs/#!configuration/docker.md

Overview

For this blog post we are going to go over the deployment of a distributed Docker-based Gravwell cluster. We will use Docker and a few manageability features to very quickly build and deploy a cluster of Gravwell indexers. By the end of the post we will have deployed a 6 node Gravwell cluster, a load balancing federator, and a couple ingesters. Also, the six node “cluster” is also going to absolutely SCREAM, collecting over 4 million entries per second on a single Ryzen 1700 CPU. You read that right, we are going to crush the ingest rate of every other unstructured data analytics solution available on a single $250 CPU.  Lets get started.

Read More