Are there any plans to officially support OpenSearch versions 2.16 and higher? I use Graylog with Wazuh, and the newer versions of Wazuh require OpenSearch v2.16 or higher. I haven’t upgraded Wazuh yet because of this. Although I’ve seen the workaround for v2.16, I’m hesitant to use it in a live environment to avoid potential issues.
I know we have 2.17 in production.
We plan to keep supporting future versions, though I can’t make any assurances as to how closely we will track releases.
1 Like
@oliviaa
Are you saying your Graylog and Wazuh instances are sharing an Opensearch Instance? Is this possible, now? In the past, getting Opensearch to function with Graylog broke Wazuh dashboard, and getting Opensearch to function with Wazuh broke Graylog dashboards. Has this been corrected?
Ok thank you, that’s helpful to know. Would you suggest waiting until 2.17 is officially supported to upgrade? The latest version of OpenSearch Wazuh is using is 2.16 but hopefully in the new releases they bump it up to 2.17.
I’ve used it this way for nearly 2 years. I’ve never had an issue with the Wazuh Dashboard component. Wazuh comes with OpenSearch installed (which is why I can’t chose which version to use). I use fluent bit which forwards the logs to Graylog.
I am currently running 2.19 with no issues thus far…
graylog-server/stable,now 6.1.8-1 amd64 [installed]
opensearch/stable,now 2.19.1 amd64 [installed]
Did you follow the SocFortress instructions?
I wonder if Wazuh’s move to 4.8 (or was it 4.9) with all the Filebeat changes that allows for the interoperability, now.