Upgrading Graylog version 2.5 to the latest version

Hello everyone,

I have a Graylog cluster of 3 nodes and an ElasticSearch cluster of three nodes, all running CentOS 7.

The versions are:

Graylog version 2.5
MongoDB version 3.6
ElasticSearch version 6.8

And the goal is to upgrade all components to the latest version, and I want to ensure the correct order of the steps and upgrade path, with your help.

From the documentation, I understand that after backing up everything, I have to:

  1. Upgrade Graylog from version 2.5 to 3.0 and then 3.3
  2. Upgrade MongoDB from version 3.6 to 4.0 and then 4.2
  3. Upgrade Graylog from version 3.3 to 4.0 and then to 4.2.x
  4. Upgrade Elastic from version 6.8 to 7.10.2

Are the steps, order and upgrade paths correct?

Thank you in advance for you help!

Hello && Welcome @occamschainsaw

I did this upgrade process 3+ years ago. I might be able to give you some insight on what I did.

Checked a checkpoint on all my VM’s (Safety first)

That is correct.
Before upgrading Insure you have the latest version of Graylog 2.x

Yes , this is correct.

Before upgrading Insure you have the latest version of MongoDb 3.x

NOTE: I found this out when upgrade Mongodb version.

mongo >> db.adminCommand( { getParameter: 1, featureCompatibilityVersion: 1 } )

Executing that command once the new version of MongoDb is installed should show the same version that is installed.

Lets say you installed MongoDb 4.0. When you execute that command above it shows MongoDb 3.6
The next command would be is which enable the new features.

mongo >> db.adminCommand( { setFeatureCompatibilityVersion: "4.0" } )

You may want to read about it here

Before upgrading Insure you have the latest version of Elasticsearch 6.x
I personal would upgrade Elasticsearch to 7.0 , then to 7.10.

I would highly suggest when you upgrade a major versions, check the status of that service out to insure it all running as expected before upgrading further.

Your steps seam correct. Graylog to version 3.3 upgrade MongoDb next to 4.0 then I would upgrade Elasticsearch to 7.0 . wait and check it out. Then full upgrade every to the compatible versions.

EDIT: Special Note, be aware there are Graylog configuration that are no longer in the newer versions. This will create errors stating it cant find packages or settings. You either have to remove old plugins that are no longer needed and/or configurations that might not be valid. Specially notifications template, alert settings, and Content Packs.


On a side note - in near future versions of Graylog - there will be the possibility of using OpenSearch instead of Elasticsearch - this is related to Elasticsearch being capped at 7.10.2.


This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.