Upgrading Graylog 2.20rc1 to latest, Kibana Reporting Plugin

Can anyone point me to reliable instructions to upgrade the Graylog server in the VM to the latest without breaking anything.

Stock Kibana has a very nice reporting plugin (requires a late version of Kibana) - create the desired view then click report for output in csv or pdf formats. Reporting is sorely missing in Graylog (unless one is inclined to get their hands dirty with REST API and scripts).

Any possibility that the Kibana Reporting plugin or a plugin similar functionality could work in Graylog?



After installing the graylog repository, apt-get update then apt-get dist-upgrade will not update 2.2.0-rc.1-1 to 2.2.1. Likely because the 2.2.0-rc.1-1 installation was not from repository.

Any suggestion to upgrade to 2.2.1 through the repository?

~$ dpkg -l | grep graylog
ii  graylog                              2.2.0-rc.1-1                      amd64        The full stack of graylog
ii  graylog-2.2-repository               1-5                               all          Package to install Graylog 2.2 GPG key and repository

~$ sudo apt-get dist-upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

~$ sudo apt-get install graylog-server
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 96.8 MB of archives.
After this operation, 107 MB of additional disk space will be used.

This is most likely to break Graylog if I allow fresh 2.2.1 installation from Graylog repository.

Can you suggest a fix so apt-get thinks 2.2.0-rc.1-1 was installed from repository in order to process with the upgarde?

See http://docs.graylog.org/en/2.2/pages/configuration/graylog_ctl.html#upgrade-graylog for upgrading the Omnibus package.

But I really don’t recommend using the Omnibus package (on which the OVA is based) in a “normal” setup. You might be better off setting up everything from scratch.

Agree. We are in a pilot phase for the time being.

I notice that an official Graylog docker image is downloadable (graylog2/graylog - 276MB), along which MongoDB and ElasticSearch containers are required.

Is that Docker image suitable for a production deployment? Can it be upgraded using the Graylog repository?

Just as much as Docker is suitable for production deployments.

No, following the immutable infrastructure philosophy, you’d pull a new Docker image with the version you want to use.

I have not tested the docker yet, but I assume all settings/data will reside on the docker host, in elasticsearch and in MongoDB. So theoretically, using an updated image should not result in the loss of data or settings – assuming no data/settings migration is necessary to go from older to newer version.

Does the docker image keep pace with the latest version of Graylog or does it lag behind?

What I am really trying to understand - in the specific case of Graylog - are the pros and cons of using docker images vs. native O/S packages?

In both cases, what would be the preferred underlying O/S and version: debian 8.X, ubuntu 16.0.4, or centos 7.X?

It’s part of our release process.