Hi all,
I’m new to Graylog and I don’t have a lot of experience with it.
Do anyone know how to migrate all indexes from old Graylog/Elasticsearch to newer Graylog and Opensearch?
What I need to do is migrate all indexes from old single node instance to new single node instance. Both are Graylog Open.
Old instance with old versions: Elasticsearch 6.7.2 / Graylog 3.0.2 / Mongo 4.0.9 / Ubuntu 18.04.2 LTS
New instance with new versions: Opensearch 2.13.0 / Graylog 5.0.13 / Mongo 6.0.15 / Ubuntu 24.04 LTS
Temp instance with Opensearch 1.3 only for reindexing because of index incompatibility between Elasticsearch 6.7.2 and Opensearch 2.13.0
Below are steps I did with only one index ( size around 5Gb ) for now:
Export snapshot from old instance.
Restore it on temp instance, create empty index and reindex to it.
Export snapshot from temp instance.
Restore snapshot on new instance.
Create empty index and reindex it there ( I’m not sure, if reindexing again is necessary )
After these steps index is not visible in Graylog automatically so I created index manually with corresponding index prefix. Now index is visible in Graylog, also message count is visible there and matches but I cant search and browse messages because of error messages below:
OpenSearch exception [type=null_pointer_exception, reason=Cannot invoke “org.opensearch.search.aggregations.InternalAggregations.getSerializedSize()” because “reducePhase.aggregations” is null].
While retrieving data for this widget, the following error(s) occurred:
Unable to perform search query: OpenSearch exception [type=illegal_argument_exception, reason=Text fields are not optimised for operations that require per-document field data like aggregations and sorting, so these operations are disabled by default. Please use a keyword field instead. Alternatively, set fielddata=true on [timestamp] in order to load field data by uninverting the inverted index. Note that this can use significant memory.].
Are steps I did correct or did I do something wrong or maybe I have some incorrect settings on new instance?
Thanks in advance.