I’m trying to understand the current state of Graylog’s OpenSearch support. The latest OpenSearch release is 3.1, but Graylog only supports up to 2.15 — and even then, with a pretty alarming warning:
“Warning: We caution you not to install or upgrade to OpenSearch 2.16+! It is not supported. Doing so will break your instance!”
This is concerning for a couple of reasons:
OpenSearch 2.15 is already EOL — so Graylog is relying on a version that’s no longer supported by OpenSearch itself.
Being six versions behind the current release seems like a pretty big gap.
I completely understand that it takes time to test and validate compatibility with major backend changes, and I’m not expecting OpenSearch 3.1 support overnight. But I’m wondering why there appears to be such a large lag — and no visible roadmap or ETA.
Is there any official explanation for this? Are there technical blockers or resource limitations behind the scenes?
This was originally caused by some pretty impactful bugs in opensearch that effected certain features of graylog.
Opensearch had a sort of “move fast an break things” mentality, so lets just day it may have taken them a few versions to correctly fix all the problems.
Then layered on top of this is the timing of their releases and ours, how much time that gives to actually test etc.
We will absolutly be supporting future versions, its just a question of when all that gets sorted out.
This is important for us as well… our OpenSearch cluster has been upgrading since 2.10 and is now currently at 2.19.2 - the final 2.x version. When we started with Graylog 5.1.3, there wasn’t really any indication that there was going to be a problem with any OpenSearch 2.x versions so we didn’t have it locked (I expect the <2.16 documentation didn’t even exist).
We are preparing to upgrade to 6.x, but now I feel stuck… we’re already way past the supported version of OpenSearch.
Also, where are the bug details and have they been addressed in Graylog versions and/or do they have known workarounds?
