Operations | Monitoring | ITSM | DevOps | Cloud

GitLab’s audit logs offer a goldmine of insights into user activity, project changes, and security events. Getting that data into Graylog for centralized analysis is easier than you might think—especially with the flexibility of our Raw HTTP input and Illuminate’s GitLab Spotlight Pack. In this two-part guide, we’ll walk you through how to get it done, from wiring up GitLab’s Audit Event Streaming to visualizing enriched events in a purpose-built dashboard.

“You can’t investigate what you don’t have”. Every analyst knows the pain of missing context. You’re in the middle of a high-stakes investigation, but the logs you need are gone, archived weeks ago due to retention limits. Or worse, they were never collected in the first place to keep costs under control. This is the Visibility vs. Cost trap, and it puts analysts at a disadvantage every day.

OpenTelemetry is emerging as the common framework for collecting observability data, and for good reason. It’s vendor-neutral, open source, and designed to collect traces, metrics, and logs in a consistent way. But while most of the buzz is around tracing and metrics, let’s not forget: logs are still the backbone of investigation and response. That’s why Graylog now supports native collection of OpenTelemetry data over gRPC.

Sigma rules have become the security team equivalent of LEGO bricks and systems. With LEGO, people can build whatever they can imagine by connecting different types of bricks. With Sigma Specification 2.0 rules, security teams can create vendor-agnostic detections without being limited by proprietary log formats. In response to the Sigma rules’ popularity, the team that built them updated them in August 2024, giving security teams new capabilities.

In the world of log management and security analytics, one thing is abundantly clear: data volumes fluctuate. Yet most pricing models haven’t caught up. Traditional ingest-based licensing models force organizations to size their license needs based on a worst-case capacity scenario—the “high-water mark”—whether those spikes are rare and/or expected.

Everyone has a story about that one road trip where traffic got backed up, making people late to the event. When you have network connectivity problems, your information highway gets clogged up, making it difficult for users to access resources efficiently. While network troubleshooting strategies may seem simple, a lot of nuance and complexity lies in the activities when you dig into your data.