Upgrading to Graylog 4.2.x
  • 15 Sep 2022
  • 1 Minute to read
  • Dark
    Light

Upgrading to Graylog 4.2.x

  • Dark
    Light

4.2.x Compatibility

Elasticsearch Version Compatibility

GRAYLOG VERSIONMINIMUM ES VERSIONMAXIMUM ES VERSION
4.2.X6.8, 77.10.2

MongoDB Version Compatibility

GRAYLOG VERSIONMINIMUM MONGO VERSIONMAXIMUM MONGO VERSION
4.2.X3.64.4
Warning

Please make sure to create a MongoDB database backup before starting the upgrade to Graylog 4.2!

Breaking Changes

Search From/To by Keyword

Prior to this version, if the time was inferred from the keyword string (e.g. "last week" or "last monday"), the interval did not make much sense, because the hour/minute/sec part of the interval was taken from the moment in time, the query was submitted. So, the intervals were not aligned to something that made sense.

This has been changed so that. e.g. "last monday" is indeed aligned to start at 00:00:00 and ends on the next day at 00:00:00.

Also, ending on the next day at 00:00:00 is a breaking change. This was chosen so that millis/nanos etc. until the very end of the interval are included in the search (and not because of different messages with handling of millis, nanos etc. some messages
get omitted).

API Changes

/system/pipelines/pipeline

The stages structure in the pipeline source response changed due to the introduction of a new pipeline match parameter.

The match_all field was replaced witht he match field. The field value may be ALL, EITHER, or PASS.

This mainly affects the response. Since the stages field is not used for pipeline creation or modification and can be omitted for those kind of requests. (only the source field is used)

Example response:

{
  "id": "61a095074f21422df947a9b5",
  "title": "Test Pipeline",
  "description": "",
  "source": "pipeline \"Test Pipeline\"\nstage 0 match either\nend",
  "created_at": "2021-06-26T08:04:23.995Z",
  "modified_at": "2021-06-26T08:04:23.995Z",
  "stages": [
    {
      "stage": 0,
      "match": "EITHER",
      "rules": []
    }
  ],
  "errors": null
}

Was this article helpful?