I am running Graylog 4.2.9+f0d8298 with Elasticsearch version 7.17.4 which technically is unsupported and have been considering upgrading to Graylog 5 but most likely would break my install due to ES version. OpenSearch is out of the question due to it’s complex installation methods so I was considering redeploying a new VM with Graylog 5 and ElasticSearch 7.10.2 since per the documentation, it is still supported.
My question is would Graylog 5 eventually require OpenSearch causing me to end up in the same situation? My goal is to avoid OpenSearch altogether.
Part of me wants to upgrade to see what happens since I am already running an unsupported version of ES (snapshot in ESXi so can easily rollback).
I am in the same relative position you are where my ES is at 7.14 or thereabouts. as are others…
I have considered doing a fresh build including all my code because I didn’t know about HTTP Fields — Graylog (GIM) Schema 0.0.1 documentation when I was building it. The current trend with Graylog/Opensearch is that ES is going away so it’s best to get into OpenSearch if you are going to spend the time. The Ubuntu OpenSearch install is via tarballs which makes me hesitate a bit …like maybe I want to wait until they have a proper maintained install… I know once it’s in I won’t worry about it much but after my ES snafu on upgrading…
I am also considering moving old ES data over via curl commands… though I don’t know how well that will go. I did a write up a while ago about correcting field types historically that included some commands for copying templates and curling data around - Someday when things calm down at work…
No matter what you do - keep the community updated - we all appreciate it!
I missed that in the docs so thank you for linking. I may do what @tmacgbay suggests and wait for a proper maintained install. If I do decide to try something, I will certainly update this post.
Let me know how you go. I’m stuck on Graylog 4.3.11 waiting for free resources on a hpysical host with AVX instructions to move to mongodb 5+ and GL 5. Might just build an all new setup also and move to OS Graylog 5+ mongo 5+ etc. Also would like to move to Ubuntu 22.04 but seems not offically supported by even mongodb 6 yet.
