For OpenSearch's documented FAQs, see this corresponding article.

What are some of the most common issues encountered when performing an OpenSearch upgrade?

Graylog index sets without replicas can cause "red" statuses in an Elasticsearch cluster during rolling upgrades. For example, when you take an Elasticsearch node offline to upgrade to OpenSearch, primary shards that the node was hosting are unavailable. When the primary shards are then available and reallocated to the node, then the cluster returns to a "green" state. After OpenSearch finishes starting up on the node, it allocates the shards and reports them to the cluster.

What is OpenSearch's security feature?

Like Elasticsearch, OpenSearch also includes similar security features implemented via a plugin. These include, but are not limited to: roles, role-mappings, and TLS-encrypted cluster communication. The instructions for enabling and configuring these features are similar to configuring Elasticsearch. OpenSearch has defined them here. Again, if you do not already have security configured within Elasticsearch, disable it in OpenSearch as per their instructions and revisit your interest in enabling it after the upgrade.

I’m using AWS Elasticsearch service. Can I upgrade to OpenSearch?

Yes. AWS has specific instructions to accomplish this task. Ensure you have sufficient disk space on your Graylog server(s) to buffer traffic with your journal(s), as the new OpenSearch cluster may not be ready to resume indexing by Graylog until the blue/green deployment is complete. Also confirm that the auto index-create feature is disabled by using the cluster API for the AWS Elasticsearch domain:

Copy
curl -X PUT "'https://<blah>.es.amazonaws.com/_cluster/settings" -H 'Content-Type: application/json' -d'

{

    "persistent": {

        "action.auto_create_index": "false" 

    }

}

'