Upgrade To Opensearch

Graylog Central (peer support)
1

Hello Everyone,

Looking for tips on getting Graylog working again. Tried upgrading to Opensearch and now have issue with Graylog starting. I have graylog 4.2 and opensearch 1.3.2. OpenSearch is up. However, Graylog is starting and stopping and I cant get to GUI which was not an issue before migration. Not sure the issue at this point. I am thinking of just doing a complete reinstall at this point. So, here I post to you. I have the logs below using command : tail -f /var/log/graylog-server/server.log. I see the error for elasticsearch version and have enabled the ignore option in conf file. Any ideas are appreciated.

2023-12-09T11:20:51.655-05:00 INFO [ImmutableFeatureFlagsCollector] Following feature flags are used: {}
2023-12-09T11:20:52.067-05:00 INFO [CmdLineTool] Loaded plugin: AWS plugins 4.2.13 [org.graylog.aws.AWSPlugin]
2023-12-09T11:20:52.068-05:00 INFO [CmdLineTool] Loaded plugin: Collector 4.2.13 [org.graylog.plugins.collector.CollectorPlugin]
2023-12-09T11:20:52.069-05:00 INFO [CmdLineTool] Loaded plugin: Threat Intelligence Plugin 4.2.13 [org.graylog.plugins.threatintel.ThreatIntelPlugin]
2023-12-09T11:20:52.069-05:00 INFO [CmdLineTool] Loaded plugin: Elasticsearch 6 Support 4.2.13+9c90b93 [org.graylog.storage.elasticsearch6.Elasticsearch6Plugin]
2023-12-09T11:20:52.069-05:00 INFO [CmdLineTool] Loaded plugin: Elasticsearch 7 Support 4.2.13+9c90b93 [org.graylog.storage.elasticsearch7.Elasticsearch7Plugin]
2023-12-09T11:20:52.081-05:00 INFO [CmdLineTool] Running with JVM arguments: -Xms1g -Xmx1g -XX:NewRatio=1 -XX:+ResizeTLAB -XX:-OmitStackTraceInFastThrow -Djdk.tls.acknowledgeCloseNotify=true -Dlog4j2.formatMsgNoLookups=true -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled -XX:+CMSClassUnloadingEnabled -Dlog4j.configurationFile=file:///etc/graylog/server/log4j2.xml -Djava.library.path=/usr/share/graylog-server/lib/sigar -Dgraylog2.installation_source=rpm
2023-12-09T11:20:52.158-05:00 INFO [Version] HV000001: Hibernate Validator null
2023-12-09T11:20:53.581-05:00 INFO [InputBufferImpl] Message journal is enabled.
2023-12-09T11:20:53.593-05:00 INFO [NodeId] Node ID: 1ffcf07d-db87-40a7-bdf2-05ea48f0fc77
2023-12-09T11:20:53.716-05:00 INFO [LogManager] Loading logs.
2023-12-09T11:20:53.731-05:00 WARN [Log] Found a corrupted index file, /var/lib/graylog-server/journal/messagejournal-0/00000000000000007248.index, deleting and rebuilding index…
2023-12-09T11:20:53.752-05:00 INFO [LogManager] Logs loading complete.
2023-12-09T11:20:53.755-05:00 INFO [LocalKafkaJournal] Initialized Kafka based journal at /var/lib/graylog-server/journal
2023-12-09T11:20:53.773-05:00 INFO [cluster] Cluster created with settings {hosts=[localhost:27017], mode=SINGLE, requiredClusterType=UNKNOWN, serverSelectionTimeout=‘30000 ms’, maxWaitQueueSize=5000}
2023-12-09T11:20:53.800-05:00 INFO [cluster] Cluster description not yet available. Waiting for 30000 ms before timing out
2023-12-09T11:20:53.812-05:00 INFO [connection] Opened connection [connectionId{localValue:1, serverValue:13949}] to localhost:27017
2023-12-09T11:20:53.815-05:00 INFO [cluster] Monitor thread successfully connected to server with description ServerDescription{address=localhost:27017, type=STANDALONE, state=CONNECTED, ok=true, version=ServerVersion{versionList=[6, 0, 12]}, minWireVersion=0, maxWireVersion=17, maxDocumentSize=16777216, logicalSessionTimeoutMinutes=30, roundTripTimeNanos=2130475}
2023-12-09T11:20:53.823-05:00 INFO [connection] Opened connection [connectionId{localValue:2, serverValue:13950}] to localhost:27017
2023-12-09T11:20:53.946-05:00 INFO [InputBufferImpl] Initialized InputBufferImpl with ring size <65536> and wait strategy , running 2 parallel message handlers.
2023-12-09T11:20:54.210-05:00 INFO [ElasticsearchVersionProvider] Elasticsearch cluster is running v1.3.2
2023-12-09T11:20:54.280-05:00 INFO [ProcessBuffer] Initialized ProcessBuffer with ring size <65536> and wait strategy .
2023-12-09T11:20:54.294-05:00 INFO [ProcessBuffer] Initialized ProcessBuffer with ring size <65536> and wait strategy .
2023-12-09T11:20:54.304-05:00 INFO [ProcessBuffer] Initialized ProcessBuffer with ring size <65536> and wait strategy .
2023-12-09T11:20:54.393-05:00 INFO [ProcessBuffer] Initialized ProcessBuffer with ring size <65536> and wait strategy .
2023-12-09T11:20:54.402-05:00 INFO [ProcessBuffer] Initialized ProcessBuffer with ring size <65536> and wait strategy .
2023-12-09T11:20:54.584-05:00 INFO [ProcessBuffer] Initialized ProcessBuffer with ring size <65536> and wait strategy .
2023-12-09T11:20:54.596-05:00 INFO [ProcessBuffer] Initialized ProcessBuffer with ring size <65536> and wait strategy .
2023-12-09T11:20:54.600-05:00 INFO [OutputBuffer] Initialized OutputBuffer with ring size <65536> and wait strategy .
2023-12-09T11:20:54.631-05:00 ERROR [CmdLineTool]

################################################################################

ERROR: Unsupported Elasticsearch version: 1.0.0

Please see the following link(s) to help you with this error:

Terminating. :frowning:

2

Why not upgrade Graylog to at least 4.3 which officially supports opensearch? Prerequisites

3

Joel,

Yes, I was just lookng at the chart of compatible versions. I upgraded and was able to access the GUI. I am now looking to see if things are actually working within GL itself. I will post back and appreciate the quick response and tips. I went with 5.0 for GL.

4

With 5 you should be good on the opensearch side, just watch MongoDB because there was some requirements changes over the last few versions.

5

Everything looks good. Mongo is at 6 which looks good in the chart. Logs are flowing. I think I can now try to get this working on production server. I greatly appreciate the quick response time. Thank you again for your time.

6

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.