I am using Gray log 4.1 and using the Elasticsearch that is back ending GrayLog for another application as well.
I recall seeing a note suggesting that I should not use Elasticsearch version > 7.11. It is not clear to me that this is still the case?
I really need a version of Elasticsearch that supports ILM for my other application. Now I think ILM is in the XPack extension of Elasticsearch until… a specific version were it was included in the main install…I think.
I find the whole version issue a little slippery to pin down. Is there a matrix anywhere ?
BTW: Does Graylog 4.1 depend on or make us of ILM ?
Graylog supports Elasticsearch up to 7.10 currently. You can install alter versions of Elasticsearch but you may see some odd results and errors in your Graylog log… all of which won’t get much help … even from the community members like me who have accidently gone beyond 7.10 (I am tolerating the oddities until…) Graylog manages the Elastic index lifecycle within the UI (System-> Indices) … though that may not be enough if you are using Elastic for your other application.
