1. Incident:
There is a need (security requirements) to update the ElasticSearch to version 7.17+, but the documentation here Elasticsearch - Configuring Graylog says that new versions are not supported.
2. My environment:
Graylog 4.2.5
ElasticSearch 7.10
3. What steps have you already taken to try and solve the problem?
I’ve read related topics, but most of them 1+ year old
4. How can the community help?
Is it correct information or I can update my environment?
Maybe this warning:
Warning
We caution you not to install or upgrade to Elasticsearch 7.11 and later! It is not supported. Doing so will break your instance!
Elasticsearch 7.10.2 still applies for a combination of licensing and unsupported changes to underlying structure (as I understand it… not a Graylog Employee…). The alternative now is to move (build) your systems with OpenSearch if you have Graylog 4.3+ Docs are here, OpenSearch upgrade from Elasticsearch docs are here
Some people have accidentally gone beyond 7.10.2 (I am one of them) and kept Graylog working but I have not seen much about errors other than my own. I have 7.14.0 currently installed. I see currently unexplained errors in my log but functionality has stayed the same as far as I can see. The conversion to Opensearch is more difficult if you are beyond 7.10.2… I have not tried it yet, that’s just in reading.
Here is the Github post where it was discussed in more detail
Agree, , Graylog will add support for OpenSearch v1.1 and v1.2 as the log message and event data repository. Graylog will continue to also support Elasticsearch v6.8 and 7.10 with this release, though Graylog Security v2.0 will require OpenSearch.
Just an FYI, You can use YUM to install OpenSearch but I don’t think graylog doc’s has the steps yet. I’m personally waiting for OpenSearch for APT since I’m moving to a diff flavor then CentOS. You can find more from @tmacgbay Links provided.
I have made by accident a move from 7.10.0 Elasticsearch all the way up to 7.15.5 (current latest on the Elasticsearch 7.x branch) and this is working with Graylog 4.2.9 so far.
