Hi
I currently have a two node graylog 6 cluster using opensearch (3 nodes) and a mongodb replication set.
We are planning for a disaster.
We already replicate the graylog and mongodb VM to another physical site, ok so far, but an opensearch server is to big and too many data changes for our replication bandwidth. Also in a disaster situation the historical data would not be relevant.
so my question:
what would happen if I create a new empty containered opensearch cluster in the case of disaster and connect the existing servers to it?
graylog and mongdb would be the same and i can reconfigure to point to the empty opensearch cluster.
Will the existing index structure be created without intervention and everything will work Or will it stutter and fail?
I was tempted to test this locally by using docker compose to create another graylog node and point it to the existing mongodb and an empty opensearch clustger but i’m concerned that mongodb might get corrupted.
Anyone tried this or have another suggestion on how i could achieve this ?
Thanks for reading
Peter
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.