Graylog.audit_log is more than 4 GB

Dear graylog community,

we have a long running Graylog setup that is currently running Version 4.2.5.
As we plan to upgrade the setup first to version 4.2.9 we observed that our table of graylog.audit_log is more than 4 GB in size.

Is there some way to have a housekeeping on this table? Is this part of a newer Version of Graylog? Did you have a prepared query to delete everything that is older than a month?

Second question:
We have our Elasticsearch cluster updated to Version 7.11.1. Taking license topics out of the game, to what version can we upgrade elasticsearch that Graylog can still work an communicate and work with it?
If there is no-way to continue using elasticsearch, is there a way of migration or path of migration that you can recommend? Most important is easy migration and keeping all data in place.

Thank you for the support

BR, Markus


Not that I’m aware of, perhaps check your log4j2.xml file.

To sum this up, reason for OpenSearch is elasticsearch-oss.7.10.x would match elasticsearch.7.10.x version. Elasticsearch-oss.7.10.x is now AWS little baby and things might change over time (i.e. name conventions, etc…) Testing this out would be awesome and filling us in would be great. Be aware of issues.