Deploy Graylog Open 6.1 Environment

Hi Community,

I am curious about deploying Graylog Open 6.1. with Data-Node instead of OpenSearch. As I understood so far, data-node is an integral function as search backend and replaces the functionality of Opensearch.

I am comparing the deployment Best Practices given on the documentary page of graylog. I couldn’t find a matrix which shows the optimal sizing I do have to apply. Looking at V6.0. there is a guideline how many instances of graylog and opensearch you do have to set up to run a stable environment.

The key questions:
Do they (v 6.1.) differ to the setup of v6.1.?
Is it possible to run it as a real single-node setup?
(former, you were advised to split up opensearch and graylog)
Does datanode provide the cluster functionality now?

Thanks in advance for answering my questions.

Hello @DoubleM,

Graylog Data Node is a wrapper for Opensearch so much of the previous architecture advice will apply.

The initial setup has changed only in that you will be required to secure the Data Node during the pre-flight process. This all happens within the UI with a series of steps that end in SSL/TLS being implanted between Graylog/Data Node/Opensearch.

Its still not recommend to run both services as a single node.

Data Node will establish cluster communication between nodes, Data Node utilises mongoDB to persist it’s configuration.