Graylog is very simple to install on servers. Their documentation [https://docs.graylog.org/en/3.2/] covers all technical aspects from prerequisites to install gray log to maintaining it will help a technical guy to understand graylog mechanism easily. Graylog unlike ELK stack abstracts the technical difficulties that a user might face during installation.
Graylog comes with a UI which is very user friendly and easy to understand. You can create multiple input channels from various input channels and configurations in graylog UI is pretty straight forward. you can simply browse over different input channels to view respective logs.
Graylog supports GELF format using which you can send your log to your graylog server using graylog API url. They provide many attributes that you can use to post in your graylog API call. GELF format makes it very easy to filter logs on the UI and increases productivity.
Graylog UI supports GQL which is like another query language that you can use for fast retrieval of logs.
Graylog supports ACL and have different settings which you can use to increase performance of your graylog server's input and output process.
Graylog community is very active in resolving user queries. You can expect a response within minutes of posting your question on their community portal [ https://community.graylog.org/ ].
Graylog is opensource and hence its free and can easily be used as a solution to any companies distributed log environment.
You can share a permalink of a log with other team members which is very useful.
Another noticeable feature is its ability to get integrated with other application which can be usefuk if your planning for alert monitoring.
Graylog UI supports historic filtering of your data meaning you can use to filter logs based on a certain time period.
Graylog shows you the histogram for the number of log inputs that have been collected against time period which is useful in graylog performance monitoring.
You can increase the buffer window in graylog setting so that graylog processes logs collected from sidecars pretty fast.
It have a good community support and there are various libraries in different programming languages that adheres to GEL format which makes a hussle free task for a developer to implement those libraries in the application and throw logs to the graylog server.
Gray log performs better in clustered environment Review collected by and hosted on G2.com.