Upgrade path from 4.3.15

Graylog Central (peer support)
1

Before you post: Your responses to these questions will help the community help you. Please complete this template if you’re asking a support question.
Don’t forget to select tags to help index your topic!

1. Describe your incident:
Not an incident but a recommendation to upgrade from Graylog 4.3.15 and the steps to take

2. Describe your environment:

  • OS Information:
    Ubuntu 20.04(surely needs to be upgraded but dont want to break current install)
  • Package Version:
    elasticsearch-oss/stable,now 6.8.23 all [installed]
    graylog-4.0-repository/now 1-2 all [installed,local]
    graylog-enterprise/stable,now 4.3.15-1 amd64 [installed]
    mongodb-org-mongos/now 4.0.25 amd64 [installed,local]
    mongodb-org-server/now 4.0.25 amd64 [installed,local]
    mongodb-org-shell/now 4.0.25 amd64 [installed,local]
    mongodb-org-tools/now 4.0.25 amd64 [installed,local]
    mongodb-org/now 4.0.25 amd64 [installed,local]

graylog-enterprise: /usr/share/graylog-server/bin
graylog-enterprise: /usr/share/graylog-server/installation-source.sh
graylog-enterprise: /usr/share/graylog-server/bin/chromedriver_amd64
graylog-enterprise: /etc/init/graylog-server.conf
graylog-enterprise: /etc/default/graylog-server
graylog-enterprise: /etc/init.d/graylog-server
graylog-enterprise: /usr/share/graylog-server/plugin/graylog-storage-elasticsearch6-4.3.15.jar
graylog-enterprise: /usr/lib/systemd/system/graylog-server.service
graylog-enterprise: /etc/graylog/server/log4j2.xml
graylog-enterprise: /usr/share/graylog-server/graylog.jar
graylog-enterprise: /usr/share/graylog-server/plugin/graylog-plugin-enterprise-integrations-4.3.15.jar
graylog-enterprise: /etc/logrotate.d/graylog-server
graylog-enterprise: /usr/share/graylog-server/plugin/graylog-plugin-collector-4.3.15.jar
graylog-enterprise: /usr/share/doc/graylog-enterprise/changelog.gz
graylog-enterprise: /usr/share/graylog-server/LICENSE
graylog-enterprise: /usr/share/graylog-server/plugin/graylog-plugin-integrations-4.3.15.jar
graylog-enterprise: /usr/share/graylog-server/plugin
graylog-enterprise: /usr/share/graylog-server/plugin/graylog-plugin-enterprise-es7-4.3.15.jar
graylog-4.0-repository: /usr/share/doc/graylog-4.0-repository/changelog.gz
graylog-enterprise: /usr/share/graylog-server/scripts
graylog-4.0-repository: /etc/apt/trusted.gpg.d/graylog-keyring.gpg
graylog-enterprise, graylog-server: /etc/graylog
graylog-enterprise: /etc/graylog/server/server.conf
graylog-enterprise: /usr/share/graylog-server
graylog-enterprise: /usr/share/graylog-server/bin/chromedriver_start.sh
graylog-4.0-repository: /usr/share/doc/graylog-4.0-repository
graylog-enterprise: /usr/share/doc/graylog-enterprise
graylog-enterprise: /usr/share/graylog-server/plugin/graylog-plugin-aws-4.3.15.jar
graylog-enterprise: /usr/share/graylog-server/bin/graylog-server
graylog-enterprise: /usr/share/graylog-server/plugin/graylog-plugin-threatintel-4.3.15.jar
graylog-enterprise: /usr/share/graylog-server/plugin/graylog-storage-elasticsearch7-4.3.15.jar
graylog-enterprise, graylog-server: /etc/graylog/server
graylog-enterprise: /usr/share/graylog-server/plugin/graylog-plugin-enterprise-es6-4.3.15.jar
graylog-enterprise: /usr/share/graylog-server/bin/headless_shell_amd64
graylog-enterprise: /usr/share/graylog-server/plugin/graylog-plugin-enterprise-4.3.15.jar
graylog-4.0-repository: /etc/apt/sources.list.d/graylog.list

  • Service logs, configurations, and environment variables:

3. What steps have you already taken to try and solve the problem?

4. How can the community help?
I would like to know how to upgrade to a more recent version to simplest way on ubuntu without breaking the current setup since we have a few devices logging to it. Thanks a bunch in advance for any good recommendations

Can I follow:
https://go2docs.graylog.org/current/upgrading_graylog/upgrading_graylog_in_ubuntu.htm?tocpath=Upgrading%20Graylog|_____5
and upgrade straight from where I am to version 6 using that method?

Helpful Posting Tips: Tips for Posting Questions that Get Answers [Hold down CTRL and link on link to open tips documents in a separate tab]

2

Hello @MrJake

You can follow that guide, please ensure when upgrading you increment through minor versions. So that would be 4.3 => 5.0, 5.0 => 5.1, 5.1 => 5.2, 5.2 => 6.0 ensuring at each step that at least the minimum requirements for Mongo/Elastic are being met and that at each incremental upgrade the services are started.

Mongo will also need to follow an incremental upgrade 4.0 => 4.2, 4.2 => 4.4, 4.4 => 5.0. The upgrade to 5.0 will require whatever CPU you are using to support AVX instructions, it probably won’t matter but something to be aware of.

The last supported version of Elasticsearch is 7.10.2 so only upgrade as far as this. Once there it would be worth jumping to Opensearch 1.3. I believe indices created within Elastic 6.8 are compatible with Opensearch up to 1.3 but Opensaerch 2.x would complain about them.

3

how do you do that with apt? because if I change the repository then do a apt update then upgrade it will bring it to the latest i guess in 1 go. How to i force it to do a step up upgrade like this?

4

You can use the below to list the versions available, same goes for Mongo and Elastic/Opensearch

apt list graylog-enterprise -a

Then to install a specific version

apt install graylog-enterprise=6.1.0-13.rc.1

5

so is there a matrix to follow so that graylog, monog and elasticsearch upgrade toget or by specifity a certain version of graylog it will upgrad those auto?

6

Unfortunately you will have to upgrade each component manually. The site you link to has the Matrix but i’ve posted for prosperity.

Screenshot 2024-10-09 at 16.49.51
Screenshot 2024-10-09 at 16.49.512082×1594 336 KB

7

For a wine Merchant you sure know your graylog. You are a legend. Thanks for your help.

1 Like
8

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.