Deprecation Note

We published the last version of Graylog Documentation before the release of Graylog 4.2. Now, all documentation and help content for Graylog products are available at

There will be no further updates to these pages as of October 2021.

Do you have questions about our documentation? You may place comments or start discussions about documentation here:

Installing Graylog

Modern server architectures and configurations are managed in many different ways. Some people still put new software somewhere in opt manually for each server while others have already jumped on the configuration management train and fully automated reproducible setups.

Graylog can be installed in many different ways so you can pick whatever works best for you. We recommend to start with the virtual machine appliances for the fastest way to get started and then pick one of the other, more flexible installation methods to build an easier to scale setup.

This chapter is explaining the many ways to install Graylog and aims to help choosing the one that fits your needs.

System requirements

The Graylog server application has the following prerequisites:

  • Some modern Linux distribution (Debian Linux, Ubuntu Linux, or CentOS recommended)

  • Elasticsearch 5 or 6

  • MongoDB 3.6 or 4.0

  • Oracle Java SE 8 (OpenJDK 8 also works; latest stable update is recommended)


Graylog prior to 2.3 does not work with Elasticsearch 5.x!


Graylog 3.x does not work with Elasticsearch 7.x!


Graylog 3.x does include first compatibility with Java 11 and we welcome people that test this.


Graylog 3.x does work with MongoDB 4.2 when this runs in compatibility mode 4.0