Overview
What is its Purpose?
What is its Purpose?
Central Log Collection
Enables collecting Apinizer log events in GELF format at a single central location
Traffic Management
Provides log delivery continuity by managing traffic intensity with queue and compression settings
Security
Secures data sent over the log channel with TLS/certificate verification options
Environment Management
Reduces management costs by maintaining Development/Test/Production separation with environment-based parameters
Working Principle
Working Principle
Connection Initiation
When a Graylog connection is requested from within an Integration Flow or Connector, the system reads the configured connection parameters
Connection Pool Management
Asynchronous send queue separates threads from the connection pool based on maxInflightSends and queueSize values
Authentication
If TLS is active, mutual TLS and certificate chain verification are applied; otherwise, IP whitelisting is used at network level
Data Communication
GELF messages are encoded according to the selected compression policy and sent to Graylog endpoint via selected transportType (TCP or UDP)
Connection Management
After the operation completes, the connection remains open and returns to the pool; if unused for a long time, tcpKeepAlive setting comes into effect
Error Management
On connection error, timeout, or authentication error, reconnectDelay duration is waited, event is logged, and detailed error message is shown to the user
Usage Areas
Usage Areas
Central Log Transmission
Transferring application logs from all Apinizer nodes to central Graylog cluster
Real-Time Monitoring
Real-time monitoring of custom function logs in Integration Flow steps (e.g., external API responses)
Early Warning Mechanism
Providing early warning mechanism by logging Scheduled Job results or gateway health metrics
SIEM Integration
Feeding data for anomaly detection with special GELF levels to Security/SIEM teams
Technical Features and Capabilities
Basic Features
Basic Features
GELF Transport Selection
Leaves reliability/performance balance to the user by allowing selection between TCP and UDP.
Compression Policy
Optimizes bandwidth with GZIP, ZLIB, or NONE options.
Environment-Based Configuration
Ability to define separate connection parameters for each environment (Development, Test, Production).
Enable/Disable Control
Activating or deactivating the connection (enable/disable toggle). In passive state, the connection cannot be used but its configuration is preserved.
Advanced Features
Advanced Features
TLS Certificate Chain Upload
Importing and validating PEM-based certificate file through the UI.
Advanced TCP Settings
Network optimization with tcpNoDelay, tcpKeepAlive, and sendBufferSize values.
Multi-Threaded Sending
Scales high-volume logs with threads and maxInflightSends parameters.
Connection Test Feature
Ability to validate connection parameters before saving using the “Test Connection” button.
Export/Import Feature
Exporting connection configuration as a ZIP file. Importing to different environments (Development, Test, Production). Version control and backup capability.
Connection Monitoring
Monitoring connection health, pool status, and performance metrics.
Connection Parameters
Required Parameters
Required Parameters
Name
Description: Connection name (must be unique)
Example Value:
Notes: Cannot start with a space, special characters should not be used
Example Value:
Production_GraylogNotes: Cannot start with a space, special characters should not be used
Environment (Ortam)
Description: Published environment ID where logs will be routed
Example Value:
Notes: Registration is blocked if environment is not published
Example Value:
prod-env-01Notes: Registration is blocked if environment is not published
Hostname
Description: Graylog GELF endpoint DNS/IP address
Example Value:
Notes: Use FQDN for production
Example Value:
graylog.internal.localNotes: Use FQDN for production
Port
Description: GELF listener port
Example Value: 12201
Notes: TCP/UDP can share the same port
Example Value: 12201
Notes: TCP/UDP can share the same port
TransportType
Description: Connection transport type (TCP/UDP)
Example Value: TCP
Notes: TCP recommended; reliable network required for UDP
Example Value: TCP
Notes: TCP recommended; reliable network required for UDP
CompressionType
Description: GELF message compression policy
Example Value: GZIP
Notes: Bandwidth increases when NONE is selected
Example Value: GZIP
Notes: Bandwidth increases when NONE is selected
GelfMessageLevel
Description: Minimum log level
Example Value: WARNING
Notes: Selection provides filtering within Graylog
Example Value: WARNING
Notes: Selection provides filtering within Graylog
QueueSize
Description: Log wait queue size on UI side
Example Value: 512
Notes: High values increase RAM consumption
Example Value: 512
Notes: High values increase RAM consumption
ReconnectDelay (ms)
Description: Reconnection delay after interruption
Example Value: 2500
Notes: In milliseconds
Example Value: 2500
Notes: In milliseconds
ConnectTimeout (ms)
Description: Wait time while establishing connection
Example Value: 10000
Notes: Adjust according to network delays
Example Value: 10000
Notes: Adjust according to network delays
SendBufferSize (byte)
Description: TCP send buffer size
Example Value: -1
Notes: -1 uses system default
Example Value: -1
Notes: -1 uses system default
MaxInflightSends
Description: Concurrent send count
Example Value: 512
Notes: Excessive values can create pressure on Graylog side
Example Value: 512
Notes: Excessive values can create pressure on Graylog side
Threads
Description: Background log sending thread count
Example Value: 0
Notes: 0 automatically adjusts according to CPU cores
Example Value: 0
Notes: 0 automatically adjusts according to CPU cores
Optional Parameters
Optional Parameters
Description
Description: Description about connection purpose
Default Value: (Empty)
Recommended Value: Prod log forwarding for CoreAPI
Default Value: (Empty)
Recommended Value: Prod log forwarding for CoreAPI
TLS Enabled
Description: TLS usage in GELF traffic
Default Value: false
Recommended Value: true (Production)
Default Value: false
Recommended Value: true (Production)
TLS Cert Verification Enabled
Description: Server certificate verification
Default Value: false
Recommended Value: true (Production)
Default Value: false
Recommended Value: true (Production)
TLS Trust Cert Chain File
Description: PEM certificate chain file
Default Value: (Empty)
Recommended Value: graylog-ca.pem
Default Value: (Empty)
Recommended Value: graylog-ca.pem
TCP No Delay
Description: Disables Nagle algorithm
Default Value: true
Recommended Value: true
Default Value: true
Recommended Value: true
TCP Keep Alive
Description: Preserves passive connections
Default Value: false
Recommended Value: true (remote DC)
Default Value: false
Recommended Value: true (remote DC)
Append To Attributes
Description: Adds Apinizer metadata to GELF extra fields
Default Value: true
Recommended Value: true
Default Value: true
Recommended Value: true
Append To Message
Description: Adds Apinizer context to message body
Default Value: true
Recommended Value: true
Default Value: true
Recommended Value: true
Timeout and Connection Pool Parameters
Connection Timeout
Description: Maximum wait time for connection establishment
Default: 10000
Min: 1000 | Max: 60000
Unit: milliseconds
Default: 10000
Min: 1000 | Max: 60000
Unit: milliseconds
Request Timeout
Description: Maximum wait time for request response
Default: N/A
Min: - | Max: -
Unit: milliseconds
Default: N/A
Min: - | Max: -
Unit: milliseconds
Pool Size
Description: Maximum number of connections in the connection pool
Default: Determined by threads value
Min: 1 | Max: 64
Unit: count
Default: Determined by threads value
Min: 1 | Max: 64
Unit: count
ReconnectDelay
Description: Reconnection interval
Default: 2500
Min: 500 | Max: 60000
Unit: milliseconds
Default: 2500
Min: 500 | Max: 60000
Unit: milliseconds
Usage Scenarios
Real-Time API Logging
Situation: Core API gateway produces errors under high traffic
Solution: TransportType=TCP, Compression=GZIP, GelfLevel=ERROR
Expected Behavior: Only error logs appear on Graylog side, bandwidth is optimized
Solution: TransportType=TCP, Compression=GZIP, GelfLevel=ERROR
Expected Behavior: Only error logs appear on Graylog side, bandwidth is optimized
SIEM Integration
Situation: Security team wants critical alarms
Solution: GelfLevel=ALERT, AppendToAttributes=true
Expected Behavior: SIEM enriches alarm context thanks to extra attributes
Solution: GelfLevel=ALERT, AppendToAttributes=true
Expected Behavior: SIEM enriches alarm context thanks to extra attributes
Low-Latency Monitoring
Situation: Latency measurements will be carried via UDP
Solution: TransportType=UDP, QueueSize=256
Expected Behavior: Logs are sent with low latency, possible losses are accepted
Solution: TransportType=UDP, QueueSize=256
Expected Behavior: Logs are sent with low latency, possible losses are accepted
Multi-DC Graylog
Situation: Connecting to remote data center with TLS
Solution: TLS Enabled=true, TLS Cert Verification=true, upload certificate
Expected Behavior: Encrypted channel is established, self-signed certificates are rejected
Solution: TLS Enabled=true, TLS Cert Verification=true, upload certificate
Expected Behavior: Encrypted channel is established, self-signed certificates are rejected
Intensive Batch Jobs
Situation: Night jobs produce many logs in a short time
Solution: QueueSize=2048, Threads=8, MaxInflight=1024
Expected Behavior: Log transfer completes without queue overflow
Solution: QueueSize=2048, Threads=8, MaxInflight=1024
Expected Behavior: Log transfer completes without queue overflow
Test Environment Observation
Situation: Verbose logging in test environment
Solution: GelfLevel=DEBUG, Compression=NONE
Expected Behavior: All logs are transmitted uncompressed for troubleshooting
Solution: GelfLevel=DEBUG, Compression=NONE
Expected Behavior: All logs are transmitted uncompressed for troubleshooting
Connection Configuration
Creating a New Graylog Connection
Configuration Steps
1
Navigate to Creation Page
- Go to Connection → Graylog from the left menu.
- Click the [+ Create] button in the top right.
2
Enter Basic Information
Enable Status (Active Status):
- Set active/passive status with toggle. New connections are active by default.
- Example:
Production_Graylog - Enter unique name, cannot start with space.
- System automatically checks. Green checkmark: available. Red X: existing name.
- Example: “Graylog prod ingestion”
- Max. 1000 characters.
- Describe the connection’s purpose.
3
Environment Selection
- Select environment from dropdown menu: Development, Test, or Production.
- Different connection parameters can be defined for each environment.
4
Graylog-Specific Parameters - Network
- Hostname & Port: Enter Graylog GELF listener information.
- TransportType: Select TCP (reliable) or UDP (low latency).
- CompressionType: Determine GZIP/ZLIB/NONE options according to latency and CPU.
- Wrong hostname causes log loss.
5
Graylog-Specific Parameters - Log & Queue
- GELF Message Level: Select appropriate level from Debug to Emergency.
- QueueSize, Threads, MaxInflightSends: Set values according to log volume.
- Append options: Determine whether Apinizer metadata will be included in logs.
6
Timeout and Connection Pool Settings
- ConnectTimeout & ReconnectDelay: Determine in milliseconds according to network conditions.
- SendBufferSize: -1 uses system default, enter byte value in custom fields.
- Increase threads value to prevent Pool exhausted warning in heavy traffic.
7
Security and Authentication Settings
- TLS Enabled: Required in Production.
- TLS Cert Verification Enabled: Upload certificate when verification is enabled.
- TLS Trust Cert Chain File: Upload PEM file from UI, maximum 100 MB.
8
Test Connection
- Click the [Test Connection] button.
- Test whether connection parameters are correct.
- Successful: Green confirmation message
- Failed: Error details are shown
9
Save
- Click the [Save and Deploy] button in the top right.
- Unique name
- Required fields filled
- Test connection successful (recommended)
- Connection is added to list
- Becomes available for use in Integration Flow and Connector steps
- Becomes active according to environment
Connection successfully created! You can now use it in Integration Flow and Connector steps.
Deleting Connection
Delete Operation
Select Delete from the ⋮ menu at the end of the row or click the [Delete] button on the connection detail page
Delete Tips
Check Before Deleting: May be in use in Integration Flow or Connector steps. If necessary, assign an alternative connection. Take a backup with Export before deleting
Alternative: Deactivate
Instead of deleting, use the Disable option. Connection becomes passive but is not deleted. Can be reactivated when needed
Exporting/Importing Connection
In this step, users can export (export) existing connections for backup, moving to different environments, or sharing purposes, or import (import) a previously exported connection again. This operation is used to maintain data integrity in version control, transitions between test and production environments, or inter-team sharing processes.
Export
Export
Method 1
Select ⋮ → Export from the action menu. ZIP file is automatically downloaded.
Method 2
Click the [Export] button on the connection detail page. ZIP file is downloaded.
File Format
Format:
Example:
Date-connection-ConnectionName-export.zipExample:
13 Nov 2025-connection-Production_Graylog-export.zipZIP Contents
- Connection JSON file
- Metadata information
- Dependency information (e.g., certificates, key store)
Usage Areas
- Backup
- Moving between environments (Test → Prod)
- Versioning
- Team or project-based sharing
Import
Import
Import Steps
- Click the [Import Graylog] button on the main list.
- Select the downloaded ZIP file.
- System checks: Is format valid? Is there a name conflict? Are dependencies available?
- Then click the [Import] button.
Import Scenarios
Scenario 1: Name Conflict → Overwrite the old connection or create with a new name.Scenario 2: Missing Dependencies → Create missing certificates or key stores first or remove them during import.
Connection Usage Areas
Connection Creation and Activation
Steps:
- Create the connection
- Verify the connection with Test Connection
- Save and activate with Save and Deploy
- Ensure the connection is in Enabled status
Usage in Integration / Connector Steps
Select Graylog Connection in steps requiring log sending. Examples: steps like “Send Message”, “Custom Log”, “Notify SIEM”. Connection selection is made from the Connection field in these steps’ configuration
Scheduled Job Usage
In scheduled tasks (e.g., health check log every 5 minutes), access external systems by selecting Graylog Connection. When connection changes, job behavior uses new parameters
Test Usage
Connection accuracy can be checked independently of Integration Flow using the Connection Test feature. This test is critical in the debugging process
Best Practices
Things to Do and Best Practices
Things to Do and Best Practices
Log Schema Standardization
Bad: Different GELF field names in each step
Good: Using common field names
Best: Making Apinizer context attributes mandatory and validating with Graylog pipeline
Good: Using common field names
Best: Making Apinizer context attributes mandatory and validating with Graylog pipeline
Compression Strategy
Bad: Selecting NONE in all environments
Good: Using GZIP in Production
Best: Determining dynamic policy according to traffic and monitoring decompress cost on Graylog side
Good: Using GZIP in Production
Best: Determining dynamic policy according to traffic and monitoring decompress cost on Graylog side
Transport Selection
Bad: Sending critical logs via UDP
Good: Using TCP in Prod, UDP in Test
Best: Making TCP + TLS mandatory, using UDP only for low-risk metrics
Good: Using TCP in Prod, UDP in Test
Best: Making TCP + TLS mandatory, using UDP only for low-risk metrics
Queue Size Management
Bad: Leaving QueueSize value too low
Good: Setting between 512-1024 according to traffic analysis
Best: Updating queue/buffer settings automatically according to peak load measurements
Good: Setting between 512-1024 according to traffic analysis
Best: Updating queue/buffer settings automatically according to peak load measurements
Environment Management
Bad: Using the same connection parameters in all environments
Good: Creating separate connections for each environment
Best: Managing all environments in a single connection using the Environment option, only changing environment when transitioning between environments
Good: Creating separate connections for each environment
Best: Managing all environments in a single connection using the Environment option, only changing environment when transitioning between environments
Connection Test
Bad: Saving and deploying connection without testing
Good: Verifying with Test Connection before saving
Best: Testing after every parameter change, performing full integration test in test environment before going to production
Good: Verifying with Test Connection before saving
Best: Testing after every parameter change, performing full integration test in test environment before going to production
Security Best Practices
Security Best Practices
TLS Certificate Management
Obtain certificate chains only from trusted sources. Monitor expiration dates, upload new file before renewal
Network Segmentation
Make Graylog endpoint accessible only from necessary Apinizer subnets; apply allowlist in firewall
Log Content Masking
If personal data or access tokens are being logged, sanitize GELF messages; add masking rules in Apinizer policies
Credential Management
Store sensitive information such as usernames and passwords using environment variables or secret manager. Do not hardcode credentials in code or configuration files. Update passwords periodically
SSL/TLS Usage
Always enable SSL/TLS in production environment. Use self-signed certificates only in development environment. Track certificate expiration dates and renew them on time
Access Control
Allow only authorized users to change connection configuration. Store connection change logs. Apply change approval process for critical connections
Things to Avoid
Things to Avoid
High-Critical Logging in UDP
Why to avoid: UDP packet loss leads to loss of critical events
Alternative: Use TCP + TLS
Alternative: Use TCP + TLS
Wrong Log Level
Why to avoid: Unnecessary DEBUG levels bloat Graylog storage
Alternative: Determine level according to business need, add pipeline filters
Alternative: Determine level according to business need, add pipeline filters
Not Updating Certificate File
Why to avoid: Expired certificate drops TLS connection
Alternative: Renew certificates with calendar reminders
Alternative: Renew certificates with calendar reminders
Using Production Connection in Test Environment
Why to avoid: Test data may be written to production system, real users may be affected, security risk occurs
Alternative: Create separate connections for each environment, use environment parameter, separate connection names by adding prefix according to environment (Test_, Prod_)
Alternative: Create separate connections for each environment, use environment parameter, separate connection names by adding prefix according to environment (Test_, Prod_)
Very Low Timeout Values
Why to avoid: Connection continuously times out in network delays, Integration steps fail
Alternative: Set timeout values according to real usage scenarios, measure network latency and set timeouts accordingly
Alternative: Set timeout values according to real usage scenarios, measure network latency and set timeouts accordingly
Not Using Connection Pool
Why to avoid: New connection opens with each request, performance decreases, resource consumption increases, target system load increases
Alternative: Enable connection pool, set pool size according to traffic volume, set up pool monitoring
Alternative: Enable connection pool, set pool size according to traffic volume, set up pool monitoring
Performance Tips
Performance Tips
Batch Send Size
Recommendation: Use QueueSize value as single send batch, adjust according to Graylog capacity
Effect: Latency decreases, throughput increases
Effect: Latency decreases, throughput increases
Compression Balance
Recommendation: Plan transitions to ZLIB or NONE instead of GZIP by tracking CPU, plan slowdowns
Effect: CPU consumption is balanced, log latency decreases in critical periods
Effect: CPU consumption is balanced, log latency decreases in critical periods
Thread Setting
Recommendation: Limit threads value to 50% of active CPU cores, scale horizontally if needed
Effect: System resources remain balanced, throttling decreases
Effect: System resources remain balanced, throttling decreases
Connection Pool Optimization
Recommendation: Set pool size according to peak traffic (recommended: concurrent request count × 1.5), set idle connection timeouts, perform pool health check
Effect: Connection opening cost decreases by 80%, response times decrease, resource usage is optimized
Effect: Connection opening cost decreases by 80%, response times decrease, resource usage is optimized
Timeout Values Optimization
Recommendation: Measure real network latency, set timeout values accordingly, avoid very low or very high timeouts
Effect: Unnecessary waits are prevented, fast fail-over is provided, user experience improves
Effect: Unnecessary waits are prevented, fast fail-over is provided, user experience improves
Connection Monitoring
Recommendation: Monitor connection pool usage, track timeout rates, perform connection health check, set up alerting
Effect: Problems are proactively detected, performance bottlenecks are identified early, downtime decreases
Effect: Problems are proactively detected, performance bottlenecks are identified early, downtime decreases
Troubleshooting
GELF Message Rejected
GELF Message Rejected
1
Message Size
Reduce large fields in message.
2
JSON Schema
Check JSON schema.
3
Pipeline Logs
Review Graylog pipeline logs.
TLS Handshake Failed
TLS Handshake Failed
1
Certificate Upload
Re-upload certificate file.
2
Hostname Verification
Verify hostname matches CN/SAN.
3
TLS Settings
Check Graylog server TLS settings.
Connection Timeout
Connection Timeout
1
Network Check
Check network connectivity.
2
System Health
Check target system health.
3
Timeout Settings
Increase timeout values.
4
Log Review
Review connection logs.
Authentication Failed
Authentication Failed
1
Credentials
Verify credentials.
2
User Status
Check that the user is active in the target system.
3
Permission Check
Check that necessary permissions are granted.
4
Certificate Check
Check SSL/TLS certificates.
Pool Exhausted
Pool Exhausted
1
Pool Size
Increase pool size.
2
Connection Check
Check that connections are properly closed.
3
Idle Timeout
Set idle connection timeouts.
4
Metric Monitoring
Monitor connection usage metrics.
Connection Test Successful But Integration Flow Errors
Connection Test Successful But Integration Flow Errors
1
Enable Toggle
Check that the connection’s enable toggle is active.
2
Connection Selection
Verify that the correct connection is selected in Integration Flow.
3
Connection Deploy
Redeploy the connection.
4
Flow/Job Deploy
Redeploy Integration Flow or Job.
5
Log Check
Check Gateway logs.
Frequently Asked Questions (FAQ)
How many projects can Graylog Connection be shared in?
How many projects can Graylog Connection be shared in?
How many environments can connect to Graylog at the same time?
How many environments can connect to Graylog at the same time?
Separate entries can be made for each environment; environment list is loaded from Environment service and only published environments can be selected.
What format should TLS certificate file be in?
What format should TLS certificate file be in?
PEM chain is supported; uploaded file cannot exceed 100 MB limit and must contain BEGIN CERTIFICATE block.
Do I need to redeploy when changing GELF transport?
Do I need to redeploy when changing GELF transport?
Should I set log level in Graylog or in Connection?
Should I set log level in Graylog or in Connection?
gelfMessageLevel in Connection determines minimum threshold, Graylog pipelines can do additional filtering; manage both together.
Can I use the same connection in multiple Integration Flows?
Can I use the same connection in multiple Integration Flows?
Yes, the same connection can be used in multiple Integration Flow or Connector steps. This provides central management and guarantees configuration consistency. However, changes made to the connection will affect all usage locations, so care should be taken.
Is using connection pool mandatory?
Is using connection pool mandatory?
Using connection pool is not mandatory but strongly recommended in high-traffic systems. Reusing existing connections instead of opening new ones with each request significantly increases performance.
Should I create different connections for Test and Production?
Should I create different connections for Test and Production?
Yes, it is recommended to create separate connections for each environment. Alternatively, you can manage all environments within a single connection using the environment parameter. This approach provides easier management and less error risk.
Test Connection is successful but not working in Integration Flow, why?
Test Connection is successful but not working in Integration Flow, why?
- Connection enable toggle may be passive
- Different connection may be selected in Integration step
- Connection may not be deployed
- Integration Flow may not be redeployed yet