Graylog Upgrade from 2.5 to the latest, Users with build-in roles and dashboards

Hello dear community,
I am trying to perform an upgrade from the version 2.5 to the latest graylog version : for the moment 4.3.
I have some users and dashboards in my currently running setup. For the users I use the build-in roles reader and admin, but also one self-created role.
First of all what would you suggest, should I prefer: an in-place upgrade step by step or setting a new environment and migrating my dashboards and users into the 4.3? Is it actually possible or would it be better to recreate everything manually?
First I want to test the in place upgrade, so I have created a testing environment with a graylog cluster installed. My Versions:
graylog 2.5
elasticsearch 6.8.16
Running on Ubuntu 18.04 vms
After this I tried to import the data from mongodb with the tools described in mongodb documentation. It worked so far, but I see that the users do not have the roles reader and admin anymore. I suppose because in the newly installed graylog cluster these build-in roles have other ids?
What would be the best practice here to restore users and dashboards?
It you have any other questions, I am ready to answer them.
Thanks in advance.

Hello && Welcome @fragaria

Ill try to answer these question in steps that they were asked.

I’m sure you put in some work with Graylog 2.5. Things have change, such as authentication and the way it works now with 4.3. Some plugins and features were implemented into Graylog and now are part of Graylog Enterprise/Operations. Notifications were also changed from version 2.5. I would highly check out this link for those change before deciding to upgrade.


This is just a suggestion because I had to make the same choice. I would have said create a new instance but the version you have is to old, probably might not work with users/roles that were configured. Actual I tried and failed. What I ended up doing was in place-upgrade

Your elasticsearch is on a good version, I would highly suggest that MongoDb get upgrade at least to the latest version of 3.x.x using the upgrade path.

NOTES: Upgrade MongoDb up to 2…x.x. Once completed install Graylog 3.0 first. Stop, test, and check, then fully upgraded it to the latest version of 3.x.x. which I think is 3.8.x.

Now upgrade MongoDb to at e least 3.x.x , Once completed upgrade Graylog to 4.0. Stop, test, and check, then fully upgraded it to the latest version of 4.2.x. . The reason I say this is because there are some bugs right now being worked on with GL 4.3

The hardest part is following the MongoDb path for upgrades.

If you are running a 3.2-series, you must upgrade first to upgrade first to 3.4 before you can upgrade to 3.6. I think you get the point (i.e. 1.4 -->1.6 -->, etc…). I have seen others install the latest version i.e. 1…x.x then install 2.x.x. but to prevent issues the path is the way to go.

Every time I did a major version upgrade I check logs, etc… and rotated my indices manually to insure the new setting or configuration from that version was implemented .

You can find this here.

So I take it within this post you have already performed an upgrade?
Think I may have answered these late question already.
Not sure what was done with MongoDb, nor how this instance was upgrade.

Thank you very much for your valuable input, I will use the tips you have given. I did not perform upgrade on our productive environment till now. What I tried, was to setup a testing environment in the same versions, and then to perform the upgrade there just to see how it’s going. Of course I need the same data in the testing environment. Especially from mongo db, the data in elasticsearch is not that important in our setup, even if some is going to be lost.

Not sure what was done with MongoDb, nor how this instance was upgrade.

I have not upgraded MongoDB, I’ve tried to import the data from our productive running 2.5 mongo version into a newly created fresh mongo version 2.5. And what I saw there was that the users were imported, but did not have the built-in roles anymore. Though the roles do exist. I made this through mongodump and mongorestore. I performed the mongorestore in the newly created empty graylog mongo db, after graylog installation.
I am wondering whether somebody else has seen the problem before or I am doing something completely wrong.

As of MongoDB version, I am sorry, I have written it wrong probably. I got the version with dpkg -l | grep mongo and I get
mongodb-sever 1:3.6.3, the same for mongo-clients and mongodb-server-core.
If I do mongod --version, I get:
db version v3.6.3
The versions from graylog and elasticsearch are correct though.


Ok, I see now, migrated Graylogs database to the new instance, I agree this route is easiest when you don’t need to keep data from Elasticsearch.

This is probably due to the changes from the different version of Graylog. The link I posted above should show you those changes, Specially in the layout of authentication with Users/Roles.

Understood, What you need to know is these documentations.

and this documentation

Those links should have the answer why this issue is happening. Each major version had some significant changes.

Could you clarify that statement?

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.