Question about migrating to 4.3.0

Before you post: Your responses to these questions will help the community help you. Please complete this template if you’re asking a support question.
Don’t forget to select tags to help index your topic!

1. Describe your incident:
Looking to migrate to OpenSearch as recommended

2. Describe your environment:

• OS Information:

Ubuntu 18.04.6 LTS

• Package Version:

Graylog 4.2.9

• Service logs, configurations, and environment variables:

4. How can the community help?

Greetings!

I would like to ask since I am running Graylog 4.2.9, I would like to upgrade to 4.3.0 and keep my ElasticSearch install but am a bit confused with this warning:

We caution you not to install or upgrade Elasticsearch to 7.11 and later! It is not supported. If you do so, it will break your instance!

When I run curl -X GET "localhost:9200/?pretty" I show that my ElasticSearch version is 7.17.2 so that means I should not upgrade?

    {
      "name" : "u1804graylog",
      "cluster_name" : "graylog",
      "cluster_uuid" : "xxxxxxxxxxx",
      "version" : {
        "number" : "7.17.2",
        "build_flavor" : "default",
        "build_type" : "deb",
        "build_hash" : "xxxxxxxxxxx",
        "build_date" : "2022-03-28T15:12:21.446567561Z",
        "build_snapshot" : false,
        "lucene_version" : "8.11.1",
        "minimum_wire_compatibility_version" : "6.8.0",
        "minimum_index_compatibility_version" : "6.0.0-beta1"
      },
      "tagline" : "You Know, for Search"
    }

Does that mean I shouldn’t upgrade to 4.3.0 since I am above the recommended 7.11?

Hello,

Some bad news.

1.Graylog supports Elasticsearch-7.10.x not recommended to go beyond that version
2.OpenSearch for Graylog only supports 1.2,1.3 which is equal to Elasticsearch 7.10.x
3.Since your above 7.10 not sure but I don’t think its going to be good.
4.Last, Graylog 4.3 has a PRE-FLIGHT CHECKS "When Graylog starts up, it now performs connectivity and version checks for MongoDB and Elasticsearch/OpenSearch. " Thats probably why you see those errors when upgrading to 4.3.

Depending on this environment you could down grade ES BUT there will be data loss.

Resources

• Graylog To Add Support for OpenSearch | Graylog

• Upgrade from Elasticsearch OSS to OpenSearch - OpenSearch documentation

• Announcing Graylog v4.3, Graylog Operations, & Graylog Security | Graylog

I had this happen before, it was a mess downgrading Elasticsearch . Now I always “PIN” my repo.

I don’t think I will chance it and simply upgrade to OpenSearch as the instructions for migrating seems straightforward enough.

Anything I should be aware of before I make the move?

@junior466
Yes this section of the link posted.

image1375×225 17.1 KB

EDIT: Just an FYI

If you install OpenSearch as instructed it will be either version 1.2 or 1.3 which equals ES 7.10. So that statement is incorrect you will be down grading not upgrading

If you install OpenSearch as instructed it will be either version 1.2 or 1.3 which equals ES 7.10. So that statement is incorrect you will be down grading not upgrading

Sorry for reviving this but not sure I fully understand. What version of OpenSearch should I install/recommended?

I just tried following the migration guide today but ran across some issues as the documentation doesn’t appear to be complete. I am running Ubuntu 18.04 and not sure if I should be installing the docker, docker-compose or tar method.

Just looking for the most reliable and easiest way.

Hello @junior466

I just posted this above, “Three times a charm” I have installed 1.3, this would be up to you

image1103×215 15.9 KB

As for this…

I agree the documentation is behind a little. You can use YUM/RPM now to install OpenSearch but not with APT yet.

Please take a look at this link.

To be honest, I would wait to upgrade, one reason is that you have Elasticsearch version that’s is beyond what is supported by Graylog and/or OpenSearch

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.