Hey Guys
I set up a server with Graylog v5.1.4, Mongodb v6.0.9 and Openseach 2.5 (No elasticsearch).
When starting all services, Graylog will not start because it cant load elastisearch plugin. In the graylog logs I see this message:
2023-08-23T19:28:04.112Z INFO [CmdLineTool] Loaded plugin: Elasticsearch 7 Support 5.1.4+6fa2de3 [org.graylog.storage.elasticsearch7.Elasticsearch7Plugin]
Now the only way to make i work is to configure the opensearch.yml and add the following line
plugins.security.disabled: true
Why do I see this error eventhough Elastisearch was never installed? And is there a way to remove this entry?
Greetings! Graylog still maintains compatibility with Elasticsearch 7.10.2. Graylog has several “backend” plugins (e.g. Elasticsearch, OpenSearch) and will detect the appropriate backend to use automatically.
Hi Drew, thanks for answering. I understand that Graylog still maintains compatibilty with ES 7.10.2. But if it finds the appropriate backend service to use as you mentionned, for instance in my case it would be Opensearch (v2.5), shouldnt it bypass ES and start using Opensearch, instead of crashing because it cant find the ES plugin?
Maybe I am missing a configuration to tell Graylog to use Opensearch from now and not stick to ES when not installed. Dont know if that makes any sense, let me know.
Your question makes sense. Graylog will use the configured indexer hosts (even thought the server.conf setting is still called elasticsearch_hosts) to query the indexer and determine the product and version. Unfortunately, there are some scenarios where graylog cannot properly connect to the indexer. The OpenSearch security plugin (when left unconfigured, which is its default state) can cause this issue and unfortunately OpenSearch enables this by default.
But I understand how this can be confusing. We have plans to improve upon this workflow in the future by introducing multiple graylog install types that can have specific roles. For example a graylog install that is graylog (as it is today) and another graylog install that is actually a controller for opensearch (we’re calling it the data node). This will greatly improve the installation and configuration experience and make installing updates much more streamlined.
Hi, again thanks for taking the time to respond.
I indead did follow the instructions from the links you sent me, thanks for that.
Whats more confusing and frustrating is that the server.conf settings (elasticsearch_host) that you mentionned is commented as shown bellow. So it should not even take into account.
Regarding Mongo 7, my understanding is that i was just released and I don’t believe it has been tested or validated. I recommend sticking with mongo 6.
Everything I’ve seen and tested about openserach 2.x is that they have all been compatible. I just tested installing and using opensearch 2.9 with graylog and found no issues.
