We are provisioning a new Graylog 2 cluster with fresh MongoDB and Elasticsearch instances. Since our cluster stores only 7 days of data, the idea is to duplicate the logs to both the clusters and eventually discard the old Graylog 1.x cluster.
How do I migrate the streams and alerts to the new cluster. Would dumping relevant collections and moving them to the new Mongo instance work? If so, what collections should I move?
Regards,
Kishore.
Yes, that should work.
You’ll have to move the streams, streamrules, alerts, and alarmcallbackhistory collections to the new MongoDB database. If you also want to use the old dashboards, you’ll additionally have to move the dashboards collection.
Hi @jochen,
I ran into java.lang.IllegalStateException: index set must not be null! errors when I migrated those collections from 1.x cluster to the new 2.2 cluster. The full log is here: https://gist.github.com/anonymous/6c2deab6815416048050bebfe1bd2b29
Here’s what I did:
streams, streamrules, alerts, and alarmcallbackhistory collections from the Graylog 1.x clusterThe logs I have link to above are from the master. I was unable to load the “streams” page as well on Graylog UI. It looks like the data migration did not run.
Regards,
Kishore.
Try upgrading you Graylog 1.x setup with each Graylog 2.x version, e. g. 1.3.x → 2.0.x → 2.1.x → 2.2.3.
Graylog 2.2.x introduced index sets, which require some data migration.