Forge Home


Install and configure a Graylog system


2,283 latest version

5.0 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 2.0.0 (latest)
  • 1.0.0
  • 0.9.1
  • 0.9.0
  • 0.8.0
  • 0.7.0
  • 0.6.0
  • 0.5.0
  • 0.4.0
  • 0.3.0
  • 0.2.1
  • 0.2.0 (deleted)
  • 0.1.0
released Aug 14th 2023
This version is compatible with:
  • Puppet Enterprise 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x, 2019.8.x
  • Puppet >= 6.21.0 < 8.0.0
  • , ,

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'graylog-graylog', '2.0.0'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add graylog-graylog
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install graylog-graylog --version 2.0.0

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.



graylog/graylog — version 2.0.0 Aug 14th 2023

Graylog Puppet Module

Build Status Puppet Forge Puppet Forge - downloads

Table of Contents

  1. Description
  2. Setup - The basics of getting started with graylog
  3. Usage - Configuration options and additional functionality
  4. Reference - An under-the-hood peek at what the module is doing and how
  5. Limitations - OS compatibility, etc.
  6. Development - Guide for contributing to the module


This module can be used to install and configure a Graylog system. (

Native Types

Native types to configure dashboards, inputs, streams and others are provided by the community maintained puppet-graylog_api module.


What graylog affects

The graylog module manages the following things:

  • APT/YUM repository
  • Graylog packages
  • Graylog configuration files
  • Graylog service

Setup Requirements

The module only manages Graylog itself. You need other modules to install the required dependencies like MongoDB and OpenSearch.

You could use the following modules to install dependencies:

Beginning with graylog

The following modules are required to use the graylog module:

Those dependencies are automatically installed if you are using the Puppet module tool or something like librarian-puppet.

Puppet Module Tool

Use the following command to install the graylog module via the Puppet module tool.

puppet module install graylog/graylog


Add the following snippet to your Puppetfile.

mod 'graylog/graylog', 'x.x.x'

Make sure to use the latest version of the graylog module!


As mentioned above, the graylog module only manages the Graylog system. Other requirements like MongoDB and OpenSearch need to be managed via other modules.

The following config creates a setup with MongoDB, OpenSearch and Graylog on a single node.

class { 'mongodb::globals':
  manage_package_repo => true,
class { 'mongodb::server':
  bind_ip => [''],

class { 'opensearch':
  version => '2.9.0',

class { 'graylog::repository':
  version => '5.1'
class { 'graylog::server':
  package_version => '5.1.0-6',
  config          => {
    'password_secret' => '...',    # Fill in your password secret
    'root_password_sha2' => '...', # Fill in your root password hash

A more complex example

class { '::graylog::repository':
  version => '5.1'
class { '::graylog::server':
  config  => {
    is_leader                                          => true,
    node_id_file                                       => '/etc/graylog/server/node-id',
    password_secret                                    => 'password_secret',
    root_username                                      => 'admin',
    root_password_sha2                                 => 'root_password_sha2',
    root_timezone                                      => 'Europe/Berlin',
    allow_leading_wildcard_searches                    => true,
    allow_highlighting                                 => true,
    http_bind_address                                  => '',
    http_external_uri                                  => 'https://graylog01.domain.local:9000/',
    http_enable_tls                                    => true,
    http_tls_cert_file                                 => '/etc/ssl/graylog/graylog_cert_chain.crt',
    http_tls_key_file                                  => '/etc/ssl/graylog/graylog_key_pkcs8.pem',
    http_tls_key_password                              => 'sslkey-password',
    rotation_strategy                                  => 'time',
    retention_strategy                                 => 'delete',
    elasticsearch_max_time_per_index                   => '1d',
    elasticsearch_max_number_of_indices                => '30',
    elasticsearch_shards                               => '4',
    elasticsearch_replicas                             => '1',
    elasticsearch_index_prefix                         => 'graylog',
    elasticsearch_hosts                                => 'http://opensearch01.domain.local:9200,http://opensearch02.domain.local:9200',
    mongodb_uri                                        => 'mongodb://mongouser:mongopass@mongodb01.domain.local:27017,mongodb02.domain.local:27017,mongodb03.domain.local:27017/graylog',



Public Classes

  • graylog::repository: Manages the official Graylog package repository
  • graylog::server: Installs, configures and manages the Graylog server service
  • graylog::allinone: Creates a full Graylog setup including MongoDB and OpenSearch

Private Classes

  • graylog::params: Default settings for different platforms
  • graylog::repository::apt: Manages APT repositories
  • graylog::repository::yum: Manages YUM repositories

Class: graylog::repository


This setting is used to set the repository version that should be used to install the Graylog package. The Graylog package repositories are separated by major version.

It defaults to $graylog::params::major_version.

Example: version => '5.1'


This setting is used to set the package repository url.

Note: The module automatically detects the url for your platform so this setting should not be changed.


This setting is used to facilitate package installation with proxy.


This setting is used to set the package repository release.

Note: The Graylog package repositories only use stable as a release so this setting should not be changed.

Class: graylog::server

The graylog::server class configures the Graylog server service.


This setting is used to choose the Graylog package name. It defaults to graylog-server to install Graylog Open. You can use graylog-enterprise to install the Graylog Enterprise package.

Example: package_name => 'graylog-server'


This setting is used to choose the Graylog package version. It defaults to installed which means it installs the latest version that is available at install time. You can also use latest so it will always update to the latest stable version if a new one is available.

Example: package_version => '5.1.0-6'


This setting is used to specify the Graylog server configuration. The server configuration consists of key value pairs. Every available config option can be used here.

See the example graylog.conf to see a list of available options.

Required settings:

  • password_secret
  • root_password_sha2

Please find some default settings in $graylog::params::default_config.


config => {
  'password_secret'    => '...',
  'root_password_sha2' => '...',
  'is_leader'          => true,
  'output_batch_size'  => 2500,

This setting is used to specify the owner for files and directories.

Note: This defaults to graylog because the official Graylog package uses that account to run the server. Only change it if you know what you are doing.


This setting is used to specify the group for files and directories.

Note: This defaults to graylog because the official Graylog package uses that account to run the server. Only change it if you know what you are doing.


This setting is used to configure if the Graylog service should be running or not. It defaults to running.

Available options: running, 'stopped'


This setting is used to configure if the Graylog service should be enabled. It defaults to true.


Sets the initial Java heap size (-Xms) for Graylog. Defaults to 1g.


Sets the maximum Java heap size (-Xmx) for Graylog. Defaults to 1g.


Additional java options for Graylog. Defaults to ``.


This setting restarts the graylog-server service if the os package is upgraded. It defaults to false.

Class: graylog::allinone

The graylog::allinone class configures a complete Graylog system including MongoDB and OpenSearch

Note: This is nice to quickly setup a running system on a single node but should only be used for testing or really small setups. Use the graylog::server class for production deployments.

This class is using two Puppet modules from the forge to setup a complete system. Please make sure you have these installed before using the graylog::allinone class.



This setting is used to configure the opensearch Puppet module.

There is only on possible hash key:

  • version: The OpenSearch version to use


opensearch => {
  version => '2.9.0',

This setting is used to configure the graylog::repository and graylog::server classes.


graylog => {
  major_version => '5.1',
  config        => {
    # ... see graylog::server description for details


Supported Graylog versions:

  • 5.x

Supported platforms:

  • Ubuntu/Debian
  • RedHat/CentOS


You can test this module by using Vagrant. It uses the graylog::allinone class to setup a complete system inside the Vagrant box.

$ vagrant up rockylinux8
$ vagrant provision rockylinux8

This is a quick way to see how the module behaves on a real machine.

Please see the and files for further details.

Release New Version

  1. Update and commit CHANGELOG
  2. Bump version via bundle exec rake -f Rakefile.release module:bump:minor (or major/patch)
  3. Commit metadata.json
  4. Test build with bundle exec rake -f Rakefile.release module:build
  5. Tag release with bundle exec rake -f Rakefile.release module:tag
  6. Push release to PuppetForge with bundle exec -f Rakefile.release rake module:push
  7. Push commits and tags to GitHub with git push --follow-tags