Moving instance to a new server

Our graylogs server is very out of date. 2.4.6. I am upgrading it to latest compatible releases, along with elasticsearch and mongo.

I’d like to do this with as little downtime as possible.

Following is my plan for moving the data over. Please let me know if this makes sense. I’ve tested it and believe it should work but want to avoid gotchas.

• Graylogs creates new indices with number 0 for each index set by default.
• Identify the highest number for each index set on the old server (for example, logs_55). On the new server, manually create a new index one higher for each index set (for example, logs_56).
• Each index set now has an active write index that is one higher than the existing index sets on the old server.
• On the new server, delete the default _0 indicies for each index set.
• Update IPs on the servers to steal incoming log traffic from the old server.
• All logging now happening on the new server to the newly created indices.
• On old server, rotate all index sets to move the active write index off of the current index.
• Use elasticsearch reindex from remote to copy all indices (except the last one that was just rotated and should be empty) to new server.

Thank you for your time.

Hello @moffitj

First rule of Graylog club, All version need to match prior to moving data over to a different node.
You could get version incompatibility errors when starting Graylog up on the new node ( I’ve done this already) and/or loss of data trying to fix those errors.
If this situation is moving from Graylog 2.4 node to a new Graylog 4.2 node, then the Upgrade path is need to be performed prior to moving data.

• Upgrading Graylog

Also take a look at this post, it may help.

• Elastic Restore Help Please - #16 by aaronsachs

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.