1. Describe your incident:
I would like to take advantage of the 5GB free limit with enterprise. When searching for how to do it, I found mixed information, some say you need to drop the plugin in a directory and set it up from the dashboard. Other places say that I need to completely upgrade Graylog to a different version.
I looked around for this plug that needs to be moved to the server and could not find it anywhere. This is where I am stuck.
Can someone point me to where I’d find this?
2. Describe your environment:
Freshly installed docker setup on Ubuntu Server 22.04 running Graylog 5.1
I spent a ton of time troubleshooting Mongo so not entirely sure how I’d upgrade to the enterprise version safely.
3. What steps have you already taken to try and solve the problem?
Lots of failed research.
4. How can the community help?
Point me to where to find the plugin.
So I think I determined that you just need to install enterprise. I tried modifying the image used of Graylog in my yml file from graylog/graylog:5.1 to graylog/graylog-enterprise:6.2 but the graylog container never starts. Where is the best place to look to troubleshoot this?
Here is my docker compose:
version: '3'
services:
# MongoDB: https://hub.docker.com/_/mongo/
mongodb:
image: mongo:6.0
networks:
- graylog
# DB in share for persistence
volumes:
- ./var/lib/mongodb:/data/db
# Elasticsearch: https://www.elastic.co/guide/en/elasticsearch/reference/7.10/docker.html
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch-oss:7.10.2
# data folder in share for persistence
volumes:
- ./var/lib/elasticsearch:/usr/share/elasticsearch/data
environment:
- http.host=0.0.0.0
- transport.host=localhost
- network.host=0.0.0.0
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
ulimits:
memlock:
soft: -1
hard: -1
mem_limit: 1g
networks:
- graylog
# Graylog: https://hub.docker.com/r/graylog/graylog/
graylog:
image: graylog/graylog:6.0.2
# journal and config directories in local NFS share for persistence
volumes:
- ./var/lib/graylog_journal:/usr/share/graylog/data/journal
environment:
# CHANGE ME (must be at least 16 characters)!
- GRAYLOG_PASSWORD_SECRET=yup
# Password: admin
- GRAYLOG_ROOT_PASSWORD_SHA2=aced090b4ba6bde798ce259a18b9c42e1b36afda234cf68609d2ee758d031486
- GRAYLOG_HTTP_EXTERNAL_URI=http://192.168.1.4:9000/
entrypoint: /usr/bin/tini -- wait-for-it elasticsearch:9200 -- /docker-entrypoint.sh
networks:
- graylog
links:
- mongodb:mongo
- elasticsearch
restart: always
depends_on:
- mongodb
- elasticsearch
ports:
# Graylog web interface and REST API
- 9000:9000
# Syslog TCP
- 1514:1514
# Syslog UDP
- 1514:1514/udp
# GELF TCP
- 12201:12201
# GELF UDP
- 12201:12201/udp
# Volumes for persisting data, see https://docs.docker.com/engine/admin/volumes/volumes/
volumes:
mongo_data:
driver: local
es_data:
driver: local
graylog_journal:
driver: local
networks:
graylog:
driver: bridge
I hope the format/data and everything stuck, was copying from a terminal.
