Before you upgrade to OpenSearch, review these planning steps to facilitate your upgrade process. As we note in our user documentation, the backup and restore process for Graylog is relatively straightforward.
Keep the following key considerations in mind during the planning phase:
- Software requirements (prerequisites)
- Backups
- Upgrade methods
- Impacts on your Graylog environment
- Journal configuration
- Upgrading to OpenSearch version 2.x
Prerequisites and Requirements
To upgrade to OpenSearch 2.x from Elasticsearch within a Graylog environment, the following pre-requisites are required:
- An Elasticsearch version of 7.10.2
- A Graylog version of 5.0+
- The index.version.created of Elasticsearch indices must be 6082399 (v6.8 or greater)
In some cases you may need to upgrade Elasticsearch, Graylog, and/or MongoDB to satisfy these requirements. To upgrade your Graylog instance, see Upgrading Graylog user guides. If you are updating from an older instance, refer to the recommended upgrade path. If you need to upgrade to Elasticsearch 7.10.2, refer to the Elasticsearch documentation
You can also refer to the table below to determine compatibility and interoperability between Graylog, MongoDB, Elasticsearch/OpenSearch:
Software Interoperability Chart
| Graylog version | Minimum MongoDB version | Maximum MongoDB version | Minimum Elasticsearch version | Maximum Elasticsearch version | Minimum OpenSearch version | Maximum OpenSearch version |
|---|---|---|---|---|---|---|
| 2.0.x | 2.4 | 3.2 | 2.1.0 | 2.3.5 | Not supported | Not supported |
| 2.1.x | 2.4 | 3.2 | 2.1.0 | 2.3.5 | Not supported | Not supported |
| 2.2.x | 2.4 | 3.4 | 2.1.0 | 2.3.5 | Not supported | Not supported |
| 2.3.x | 2.4 | 3.4 | 2.3.5 | 5.x | Not supported | Not supported |
| 2.4.x | 2.4 | 3.4 | 2.3.5 | 5.x | Not supported | Not supported |
| 2.5.x | 2.4 | 3.4 | 2.3.5 | 6.x | Not supported | Not supported |
| 3.0 | 3.6 | 3.6 | 5.x | 6.x | Not supported | Not supported |
| 3.1 | 3.6 | 4 | 5.x | 6.x | Not supported | Not supported |
| 3.2 | 3.6 | 4 | 5.x | 6.x | Not supported | Not supported |
| 3.3 | 3.6 | 4.2 | 5.x | 6.x | Not supported | Not supported |
| 4.0 | 3.6 | 4.2 | 6.8 or 7.0 | 7.1 | Not supported | Not supported |
| 4.1 | 3.6 | 4.4 | 6.8 or 7.0 | 7.1 | Not supported | Not supported |
| 4.2 | 3.6 | 4.4 | 6.8 or 7.0 | 7.10.2 | Not supported | Not supported |
| 4.3 | 3.6 | 4.4 | 6.8 to 7.10.2 | 7.10.2 | 1.1x (for Graylog Open) 1.1.x (for Graylog Operations) 1.2.x (for Graylog Security) |
1.3.x |
|
5.0 |
6.0 |
7.10.2 |
7.10.2 |
1.1.x (or 1.3.x for Graylog Security) |
2.5.x
|
|
|
5.0 |
6.0 |
7.10.2 |
7.10.2 |
1.1.x (or 1.3.x for Graylog Security) |
2.5.x
|
Elasticsearch Indices
The idea of an Elasticsearch index version may be new to some. When an Elasticsearch index is created, the version of the Elasticsearch server that created the index becomes the version of that index. An upgrade of an Elasticsearch server does not change the version of Elasticsearch indices. In other words, the software version changes, but the indices' (data) version does not. New copies of the indices must be created in order to upgrade them.
Updating indices in Elasticsearch by copying them to a new version is called re-indexing. To upgrade the Elasticsearch indices, re-index them on an Elasticsearch server higher than the existing indices.
For example, if the indices on your Elasticsearch server(s) within your Graylog environment were created with Elasticsearch v5.x (or older), then you would need to re-index them on Elasticsearch server(s) of version 6. x or greater before you upgrade to OpenSearch. You can decide which version of Elasticsearch to re-index with, i.e. 6. x or 7. x, but we recommend being as up-to-date as possible.
