Moving from older versions of Graylog can be a challenge, so it is especially important to update your Graylog instance(s) in a timely manner. The following article describes the recommended incremental upgrade path for major upgrades when performing an update from an older version.

Warning: Not all Graylog servers must be on the same version; however, they will need to be no more than one major upgrade apart. (For example, one server could be at Graylog 3.3 with the others at 3.0.) It is recommended to upgrade the leader node first before the follower nodes can be completed.

Approach to Upgrading

Upgrading Graylog is generally a straightforward process:

  1. The Graylog server is shut down.

  2. The software is updated. (Some changes may also be made to configuration files.)

  3. Finally, the Graylog server is started.

However, there are two major areas that need to be addressed BEFORE the upgrade:

  1. Satisfy prerequisites of Elasticsearch and MongoDB before upgrading Graylog.

HintIn preparation for upgrading Graylog, you must first satisfy any software prerequisites. MongoDB and Elasticsearch/OpenSearch must be running the minimum required version by the version of Graylog to which you wish to upgrade before beginning the upgrade process. Once prerequisites are satisfied, you can begin to upgrade Graylog.

  1. Do not skip a major version when upgrading Graylog.

When upgrading to a newer version of Graylog, consider whether you are upgrading to a newer major version or minor version.

For example, to upgrade from 3.3.x to 4.3.x, first upgrade to the major version 4.0.x and then to 4.3.x. To upgrade from 3.3.x to 5.x.x, follow the same progression, i.e. first upgrade to the major versions then to 5.x.x (3.3.x > 4.0 > 5.0 > 5.1.6).

  • The first number of a Graylog version is the major version.

  • The second number that follows indicates the minor version.

  • The third number is the patch version.

The Upgrade Process Per Version

Below is a list of sections for each version of Graylog that contains an ordered list of steps that describe how to upgrade from one major version of Graylog to the next.

For more detailed information, please refer to the relevant upgrade page in the side menu, for example, Upgrading to Graylog 5.1.x.

You may also download different formats of the package from Graylog Packages.

Upgrading from 1.x

A rebuild is generally recommended. The efforts to upgrade a 1.x deployment to a current version far outweigh the effort of building a fresh deployment and migrating the data.

Upgrade Path from 2.0+

If you are upgrading from an older version of Graylog, here is the generally recommended path to follow in order to update your instance to the latest version. This is a gradual approach, meaning that incremental updates from previous versions to recommended versions is strongly advised rather than moving from an older version of Graylog directly to the most recent version.

Previous Version Upgrade To Notes
2.0-2.3 2.4.6
2.4.6 3.0 Several settings in server.conf will need to be updated before moving to 3.0. In 3.x, the REST and UI components were merged, as were their settings.
3.0 3.3 3.3 requires ElasticSearch 6.0 or later.
3.3 4.0 Upgrade MongoDB to 4.2 and Elasticsearch to 7.1. Upgrade Graylog to 3.3.17-1 then to 4.0.17-1(latest) or other desired 4.0.x version.
4.0 4.3 4.3 supports both the is_master and is_leader settings.

For additional notes on upgrading previous versions, see the sections below.

Upgrading from 3.3.x to 4.0.x

Warning: Upgrading to version 4.0.x requires Graylog to be running the latest 3.3.x version (3.3.17-1).
  1. Upgrade Mongo to 4.2 (if needed).

  2. Upgrade Elasticsearch to 7.1 (if needed).

  3. Reindex Elasticsearch indexes (unless already version 6.8 or greater).

  4. Upgrade Graylog to version 3.3.17-1 (if needed).

  5. Upgrade Graylog to version 4.0.17-1 (latest) or other desired 4.0.x version.

  6. Note(s):

    1. Existing LDAP authentication configuration settings will be migrated to a new backend, but as a result will be disabled by default in 4.0.x.

Further Reading:

Upgrading from 4.0.x to 4.1.x

Warning: Upgrading to version 4.1.x requires Graylog to be running the latest 4.0.x version (4.0.17-1).

  1. Upgrade Mongo to 4.4. Upgrade Elasticsearch to 7.1 (if needed).

  2. Re-index Elasticsearch indexes (unless already version 6.8 or greater).

  3. Upgrade Graylog to version 4.0.17-1 (if needed).

  4. Upgrade Graylog to version 4.1.14-1 (latest) or other desired 4.1.x version.

TLS v1.3 support is now enabled by default along with 1.2. Older version 1.1 of the protocol is still supported.

Further Reading:

Upgrading from 4.1.x to 4.2.x

Warning: Upgrading to version 4.2.x requires Graylog to be running the latest 4.1.x version which is (4.1.14-1).

  1. Upgrade Mongo to 4.4 (if needed).

  2. Upgrade Elasticsearch to 7.1.

  3. Re-index Elasticsearch indexes (unless already version 6.8 or greater).

  4. Upgrade Graylog to version 4.1.14-1 (if needed).

  5. Upgrade Graylog to version 4.2.13-1 (latest) or other desired 4.2.x version.

Further Reading:

Upgrading from 4.2.x to 4.3.x

Warning: Upgrading to version 4.3.x requires Graylog to be running the latest 4.2.x version which is (4.2.13-1).

  1. Upgrade Mongo to 4.4 (if needed).

  2. Upgrade Elasticsearch to 7.10.2.

  3. Re-index Elasticsearch indexes (unless already version 6.8 or greater).

  4. Upgrade Graylog to version 4.2.13-1 (if needed).

  5. Upgrade Graylog to the latest (or desired) 4.3.x version.

Further Reading: