At some point during our update process we upgraded Elasticsearch from 7.10 to 7.15.0. We realized our mistake some time ago and I am just now able to address the problem and look for a solution.
However, right now I don’t see any issues. Streams, dashboards, and searches appear to function. This has been running well for a few months. Maybe the solution is to leave it?
Before I start marking ES 7.15.0 on hold in Ubuntu so we don’t end up with another unanticipated update, I want to make sure I know what I am walking into.
What are the main issues developers are facing with newer versions of ES? What problems could I face using ES 7.15.0 and Graylog 4.1.1+?
A while back I upgraded to 7.14.x and although Graylog seems to be working properly from the GUI, I get errors in the server log every 30 seconds or so that look like this:
2022-01-31T15:16:00.524-05:00 ERROR [PivotAggregationSearch] Aggregation search query <streams-query-1> returned an error: Elasticsearch exception [type=illegal_argument_exception, reason=maxSize must be >= 0 and < 2147483631; got: 2147483647]. ...
I did some searching and even posted here in the forums but haven’t found a solution… the only affect so far is that it fills my logs with annoying messages. I had considered trying to add in a 7.10.2 Elasticsearch machine in cluster format and then ween out the 7.14 but I have had other things to focus on so it lost priority. I have seen others post something similar but nothing catastrophic that I am aware of.
I had heard somewhere a while back that it also has to do with Elasticsearch licensing but every time it is discussed in depth I have missed the details for some unrelated reason.
Well, Graylog uses elasticsearch-oss but as you know Open Distro project is now OpenSearch from AWS. They broke away from Elastic, with that being said now Elastic has licenses above version 7.10 , hence for AWS making there own Elasticsearch package. Were basically waiting for something to happen.
Suggestion: make sure you pin you package versions that will prevent this from happen.
Unfortunately down grading would be bad. In the community some members had to remove there elasticsearch version and re-install (loss of data). Or you may have to live with it for a while.