Create backups before you begin the upgrade process to ensure that you can restore to a known good state if complications arise. Please note that certain backups, like Elasticsearch snapshots, are a point in time, meaning any data created after the backup will not be captured until another snapshot is created.

A dump of your MongoDB database, an Elasticsearch snapshot, and a file system backup of all configuration files as a whole can then be used to restore a Graylog environment to its last known state.

The following guide provides an overview for creating these backups.

MongoDB

In MongoDB, the tool mongodump creates a binary export of a database. A database typically named graylog is created as part of a Graylog deployment. This database needs to be backed up. You can find information on how to use this tool in the MongoDB documentation.

You also need to determine whether you have MongoDB deployed as a single host or as a replica set. To determine which you are using, check the value of the mongodb_uri parameter in your Graylog node(s) server.conf configuration file. More information on that can also be found from MongoDB's knowledge base.

In addition to backing up your Graylog MongoDB database, back up the configuration files of your MongoDB replica members. Here are their default locations listed by platform. If you have security enabled, consider backing up other files, such as certificates and keystore files.

Elasticsearch

Elasticsearch supports snapshot creation for backup/restore purposes. These are incremental backups of your data and can contain everything from a single index to an entire cluster, which can be stored in a repository that is either local or remote to the cluster. Moreover, they can then be restored to the same or other Elasticsearch clusters.

To prepare for migrating from Elasticsearch to OpenSearch, create a snapshot of your entire cluster.

Snapshot repositories are used to store snapshots. Once the repository has been created/defined in the Elasticsearch cluster, you can create a snapshot of your cluster. Elasticsearch provides more information on this process in the following documentation:

• Elasticsearch 6.8 - Snapshot and Restore
• Elasticsearch 7.10 - Snapshot and Restore

AWS S3

In our experience, AWS S3 is a convenient way to store snapshots. To do so, install the Elasticsearch plugin for AWS S3 on all nodes in the Elasticsearch cluster of which you wish to create a snapshot and store in AWS S3.

You also need to create backups of your Elasticsearch node configuration files before you upgrade to a newer version of Elasticsearch. If you have security enabled, also consider consider backing up other files, such as certificates and keystore files.

Graylog

Backing up your Graylog servers is a fairly straightforward process when you only need file system copies. Default locations are also listed by platform. Similar to MongoDB and Elasticsearch backups, consider backing up other files such as certificates and keystore files if you have security enabled. Last but not least, consider backing up your Graylog node files.

Once you create these backups, you can begin the upgrade process.