So for the future… (solution in shorter version)
I recognised the following errors, problems:
- after the opensearch data delete, the graylog starts write the indices from 0, but try to find the old ones, it caused the “Could not retrieve Elasticsearch cluster health. Fetching Elasticsearch cluster health failed: There was an error fetching a resource: Internal Server Error. Additional information: Couldn’t read Elasticsearch cluster health” error message. And all other elastic/opensearch connection/query problem. I created the index manually, solved it.
- the mongodb contans some data from the privious enterprise version (Stream " Processing and indexing failures" and Index set “Graylog Message Failures”) , and the opensearch doesn’t contains the necesearry template (gl-failures-template). I have to delete the stream from mongo, and the unnecesearry index set from the browser.
- After the “cleaning” the graylog still search for the gl-failures-template template, so I created it, restart the graylog, and remove it.
Guys, thanks for your time, I just need a lot of time to debugging everything (what I caused for me). I think it was 4-6 hours 