Graylog 5.0 added support for OpenSearch 2.x versions. At this time the latest released version is OpenSearch 2.5. We have removed support for Elasticsearch 6.8, which reached its end-of-life date in February 2022. Support for Elasticsearch 7.10 remains in Graylog 5.0+, but we recommend users upgrade to OpenSearch.

Overview

The following guide reviews the installation process for users wishing to upgrade to OpenSearch. If you are performing a migration from Elasticsearch to OpenSearch, then begin by reviewing the OpenSearch migration guide before beginning your installation.

Prerequisites

• Ensure that you have upgraded to Graylog 5.0+ prior to migration.

• It is recommended that you install the latest OpenSearch 2.x version.

• Before installing, ensure that you have obtained a working DNS or host file updated with the interface used for OpenSearch traffic.

OpenSearch Installation

Hint: A full installation guide for OpenSearch is available in their documentation, including download files containing their software. This guide will provide you with additional information to supplement these existing guides when upgrading to OpenSearch to use with Graylog.

The installation process for OpenSearch is similar to Elasticsearch. Noteworthy differences between Elasticsearch and OpenSearch from an installation perspective include the software packages and minor differences in parameter names within configuration files.

When installing the OpenSearch software, its destination should be different from any existing Elasticsearch software. Depending on how the OpenSearch software is deployed, be mindful of where the archived contents are extracted (e.g. tarballs). This will prevent overwriting Elasticsearch configuration files and data in the indices.

At the time of writing, OpenSearch is available for download via HTTP and installation via the following package types depending on your operating system and/or method of deployment:

• Tarball

• RPM package (available in v1.3.2 & above)

• YUM repository

• Docker image

The configuration file for an OpenSearch node also has a similar location to an Elasticsearch node:

• Linux (RPM/YUM): /etc/opensearch/opensearch.yml

• Tar-ball: /opensearch-1.x.x/config/opensearch.yml

• Docker: /usr/share/opensearch/config/opensearch.yml

Graylog has tested upgrades of Elasticsearch versions 6.8.23 and 7.10.2 to OpenSearch versions 1.1-2.3 on the following platforms:

• Red Hat Enterprise Linux 8 (RPM+YUM installation)

• Ubuntu 20.04 LTS (Tar-ball installation)

• Docker Engine v20.10.17

For specific installation instructions, the following user guides are available in the Graylog documentation to supplement comprehensive OpenSearch installation documentation:

• Debian (tarball installation)

• Red Hat (RPM/YUM installation)