1. Describe your incident:
we want to downgrade ES from 7.16.1 to 7.10.2
2. Describe your environment:
OS Information:
Debian Bullseye
Package Version:
4.2.7
Service logs, configurations, and environment variables:
N/A
3. What steps have you already taken to try and solve the problem?
We have running Graylog 4.2.7 with Elasticsearch 7.16.1 and Mongodb 4.4, now we want to upgrade graylog to 4.3 but it says that
“We caution you not to install or upgrade Elasticsearch to 7.11 and later! It is not supported. If you do so, it will break your instance!” link
4. How can the community help?
We are in situation where we want to downgrade ES from 7.16.1 to 7.10.2 7so that we can use graylog 4.3, we are using Graylog 4.2.7 , Mongodb 4.4 & Elasticsearch 7.16.1
Do I need to downgrade the whole stack, or can I downgrade partly?
The bad news is you can always upgrade but not down grade without losing data. You can try but be aware it may not end well. There are other members here that have that version and it seams to be running fine for them.
Yes its production with Graylog 4.2.X with ES 7.16.1 and Mongo 4.4
There are other members here that have that version and it seams to be running fine for them. ----> you mean they have Graylog 4.2.X with ES 7.16.1 and Mongo 4.4 ? and they have nor seen any issue with it ?
or they have Graylog 4.3.X with ES 7.16.1 and Mongo 4.4
Please help me with this, so that we can think to drop an idea of upgrading graylog to 4.3,
Also when Graylog will support ES with 7.11 & later version ?
Please note though that Elasticsearch 7.10 is now EOL and no longer supported.
these information will help us to decide Graylog upgrade,
Graylog is supporting OpenSearch now but only with Graylog Version 4.3.
Only suggestion I have for you right now since you went over the compatible version of Elasticsearch would be is create a new Graylog Server with either elasticsearch 7.10 or OpenSearch. Keep your old Graylog server for archiving and point all the devices to the new node.
@KPS
Not sure what the future on Elasticsearch & Graylog but it looks like Graylog is taking OpenSearch path.
I am running on Elasticsearch 7.14. I have seen some comments about shifting data between versions but I didn’t see anything complete on someone who has brought Elasticsearch back down to 7.10.2. My understanding is that Elasticsearch is currently a dead end and if you were to spend your time trying to move data, you should work to OpenSearch… But Graylog has not written that they support version 2.x of OpenSearch… so read carefully before you begin your adventure…
@gsmith’s suggestion to archive the current system for history and building new with OpenSearch underlying is a more solid path if you are in production… unless you can replicate your current system and build out a test environment.
Document the hell out of what you end up doing and post it up… there are plenty of others in your shoes that would appreciate the insight - I may get to something like it myself… when I have more time.