- 14 Sep 2022
- 2 Minutes to read
Planning Your OpenSearch Migration
- Updated on 14 Sep 2022
- 2 Minutes to read
Before you upgrade to OpenSearch, review these planning steps to faciliate your upgrade process. As we note in our user documentation, the backup and restore process for Graylog is relatively straightforward.
Keep the following key considerations in mind during the planning phase:
- Software requirements (prerequisites)
- Upgrade methods
- Impacts on your Graylog environment
- Journal configuration
- Upgrading to OpenSearch version 1.3.4
While Graylog 4.3 supports OpenSearch versions 1.x to 1.3.4, features such as Graylog Security require, at minimum, OpenSearch version 1.2. Upgrading to OpenSearch version 1.3.4 will improve your Graylog environment's posture to support Graylog Security and other new features.
Do NOT install OpenSearch v2.0 or higher. This is not compatible with Graylog!
Prerequisites and Requirements
To upgrade to OpenSearch 1.3.4 from Elasticsearch within a Graylog environment, the following pre-requisites are required:
- An Elasticsearch version of 7.10.2
- A Graylog version of 4.3.x
- The index.version.created of Elasticsearch indices must be 6082399 (v6.8 or greater)
In some cases you may need to upgrade Elasticsearch, Graylog, and/or MongoDB to satisfy these requirements. To upgrade your Graylog instance, see Upgrading Graylog user guides. If you are updating from an older instance, refer to the recommended upgrade path. If you need to upgrade to Elasticsearch 7.10.2, refer to the Elasticsearch documentation
You can also refer to the table below to determine compatibility and interoperability between Graylog, MongoDB, Elasticsearch/OpenSearch:
Software Interoperability Chart
|Graylog version||Minimum MongoDB version||Maximum MongoDB version||Minimum Elasticsearch version||Maximum Elasticsearch version||Minimum OpenSearch version||Maximum OpenSearch version|
|2.0.x||2.4||3.2||2.1.0||2.3.5||Not supported||Not supported|
|2.1.x||2.4||3.2||2.1.0||2.3.5||Not supported||Not supported|
|2.2.x||2.4||3.4||2.1.0||2.3.5||Not supported||Not supported|
|2.3.x||2.4||3.4||2.3.5||5.x||Not supported||Not supported|
|2.4.x||2.4||3.4||2.3.5||5.x||Not supported||Not supported|
|2.5.x||2.4||3.4||2.3.5||6.x||Not supported||Not supported|
|3.0||3.6||3.6||5.x||6.x||Not supported||Not supported|
|3.1||3.6||4||5.x||6.x||Not supported||Not supported|
|3.2||3.6||4||5.x||6.x||Not supported||Not supported|
|3.3||3.6||4.2||5.x||6.x||Not supported||Not supported|
|4.0||3.6||4.2||6.8 or 7.0||7.1||Not supported||Not supported|
|4.1||3.6||4.4||6.8 or 7.0||7.1||Not supported||Not supported|
|4.2||3.6||4.4||6.8 or 7.0||7.10.2||Not supported||Not supported|
|4.3||3.6||4.4||6.8 to 7.10.2||7.10.2||1.1x (for Graylog OpenSource)||1.3x (for Graylog OpenSource|
The idea of an Elasticsearch index version may be new to some. When an Elasticsearch index is created, the version of the Elasticsearch server that created the index becomes the version of that index. An upgrade of an Elasticsearch server does not change the version of Elasticsearch indices. In other words, the software version changes, but the indices' (data) version does not. New copies of the indices must be created in order to upgrade them.
Updating indices in Elasticsearch by copying them to a new version is called re-indexing. To upgrade the Elasticsearch indices, re-index them on an Elasticsearch server higher than the existing indices.
If you do not re-index your data before or after upgrading an Elasticsearch server, it will become incompatible with later versions of Elasticsearch/OpenSearch.
For example, if the indices on your Elasticsearch server(s) within your Graylog environment were created with Elasticsearch v5.x (or older), then you would need to re-index them on Elasticsearch server(s) of version 6. x or greater before you upgrade to OpenSearch. You can decide which version of Elasticsearch to re-index with, i.e. 6. x or 7. x, but we recommend being as up-to-date as possible.