Procedure for upgrading Graylog 3.x to 4

With the announcement of Graylog 4 RC1 and specifically support for Elasticsearch 7 (and having never had to perform a major version upgrade), I want to clarify the procedure for upgrading clustered Graylog nodes to Graylog 4, upgrading mongo DB, and upgrading ES to the latest version. If there are 2 Graylog nodes behind a load balancer am I correct that the process would be:

  • Stop graylog-server on node A.
  • Stop mongod on node A.
  • Upgrade graylog-server and enterprise plugins on node A to latest.
  • Upgrade mongod on node A to latest.
  • Start mongod on node A.
  • Start graylog-server on node A.
  • Repeat all prior steps on node B.
  • Stop elasticsearch (messages will queue in Graylog server disk journals).
  • Upgrade elasticsearch to version 7.x
  • Start elasticsearch.

The assumption is that we will be on the absolute latest minor revision of version 3.x before beginning this process, so all other prerequisite upgrade processes would be completed.

Thanks for any help!


This looks good, but from my reading and understanding, there are a few caveats.

  • have a good backup
  • are you running a MongoDB Replica set between your nodes? That may require some special handling and might require you to upgrade MongoDB on both nodes first.
  • are you running an ES cluster?
  • make sure your journal size is adequate to buffer any messages
  • Graylog 3.x supports ES 5.x and 6.x, which are you starting from? There may need to be some special handling of the indices depending on the version you are on and if you had Indices from 5.x.

This is good feedback. Thank you!

you’re welcome :slight_smile: good luck

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.