Upgrade Graylog 2.4 to 4.x

linden06 · April 24, 2021, 8:47am

I have an existing Graylog 2.4 server running on Ubuntu 16.04, and I want to upgrade Graylog from 2.4 to 4.x.

Should I upgrade to 3.0.x first, upgrade Elasticsearch to 6.x, then lastly upgrade Graylog to 4.0.x?

Or, I’m also open to installing Graylog 4.0 on a new server, and migrating the existing logs, if that is possible?

reimlima · April 24, 2021, 9:10pm

My guess is that you will face a lot of pain trying to migrate due to the hell of dependencies for such an old Ubuntu version.

I thing you will be in a good place starting a new server for the ground and then point it to your Elasticsearch cluster.

This way you will only have to handle the upgrade in ES.

aaronsachs · April 25, 2021, 12:26pm

Hey there @linden06

I’ll confirm that @reimlima is correct. Between the OS dependencies and the fact that you’re jumping two major versions, it’s easier to stand up a new Graylog stack and import the logs than it would be to try and get your stack upgraded piece by piece. I’ll note that given you’re upgrading major versions, each major version would include some sort of breaking change, as is the case with most projects that use semantic versioning.

Consider this: in order to go from 2.4 to 4.0, you’d have to

Upgrade Graylog to ~3.0 first, then upgrade to 3.3, then upgrade to 4.X
- As a note, each time you upgrade, there’s going to be a database migration that happens in MongoDB
Upgrade Elasticsearch to 6.X and ensure you reindex, as if you plan to do any upgrades to Elasticsearch in the future, any indices that you have that were created on 5.X won’t work
Upgrade Mongodb–I’ve posted on the forums before that an upgrade path for Mongo isn’t as simple as upgrading to the latest version. You’d have to go from 3.2–>3.6–>4.0–4.2 if you were to run 4.2 in your new stack.

So given the amount of leapfrogging that has to happen, you’d be better off spinning up Graylog with Mongodb 4.0 or 4.2 and Elasticsearch 6.X , and then reindexing from remote so that the new Elasticsearch instance can slurp up the old indices.

linden06 · April 28, 2021, 2:43am

Hi @aaronsachs and @reimlima, thank you for your guidance, and I’ve done as recommended to create a new Graylog 4 server, running Ubuntu 20.

I just have a question on the Elasticsearch cluster. It’s not on a remote server, but on the Grayloy2.4 server. How can I migrate logs from there?

reimlima · April 28, 2021, 11:13am

Hi @linden06

Your logs are pretty much Elasticsearch indexes. Once you have successful in migrate your ES to a new version you just need to point your Graylog to the new ES server.

system · May 12, 2021, 11:13am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Graylog Upgrade from 2.4.6 to 3.x Graylog Central (peer support)	2	2460	May 20, 2019
Upgrading mongodfb 3.6.22 to 4.2 Graylog Central (peer support)	10	1046	March 19, 2021
Help/advice upgrading from graylog 3 to 5 Graylog Central (peer support)	6	260	September 2, 2023
Help with upgrading for a graylog beginner Graylog Central (peer support)	7	1428	December 31, 2021
Updaing graylog from 4.2 to 5.1 New to Graylog Community? READ-ME FIRST Guides	7	408	August 29, 2023

Upgrade Graylog 2.4 to 4.x

Related Topics