Upgrading to OpenSearch
  • 14 Sep 2022
  • 1 Minute to read
  • Dark

Upgrading to OpenSearch

  • Dark


Graylog 4.3 introduces the ability for users to use OpenSearch as their data service.

The following guide reviews the installation process for users wishing to upgrade to OpenSearch. If you are performing a migration from Elasticsearch to OpenSearch, then begin by reviewing the OpenSearch migration guide before beginning your installation.


  • Graylog 4.3 is required prior to OpenSearch installation. Earlier versions of Graylog are not compatible with OpenSearch.
  • It is recommended that you install OpenSearch 1.3.4.
  • Before installing, ensure that you have obtained a working DNS or host file updated with the interface used for OpenSearch traffic.

Do NOT install OpenSearch v2.0 or higher. This is not compatible with Graylog!

OpenSearch Installation


A full installation guide for OpenSearch is available in their documentation, including download files containing their software. This guide will provide you with additional information to supplement these existing guides when upgrading to OpenSearch to use with Graylog.

The installation process for OpenSearch is similar to Elasticsearch. Noteworthy differences between Elasticsearch and OpenSearch from an installation perspective include the software packages and minor differences in parameter names within configuration files.

When installing the OpenSearch software, its destination should be different from any existing Elasticsearch software. Depending on how the OpenSearch software is deployed, be mindful of where the archived contents are extracted (e.g. tarballs). This will prevent overwriting Elasticsearch configuration files and data in the indices.

At the time of writing, OpenSearch is available for download via HTTP and installation via the following package types depending on your operating system and/or method of deployment:

  • Tarball
  • RPM package (available in v1.3.2 & above)
  • YUM repository
  • Docker image

The configuration file for an OpenSearch node also has a similar location to an Elasticsearch node:

  • Linux (RPM/YUM): /etc/opensearch/opensearch.yml
  • Tar-ball: /opensearch-1.x.x/config/opensearch.yml
  • Docker: /usr/share/opensearch/config/opensearch.yml

Graylog has tested upgrades of Elasticsearch versions 6.8.23 and 7.10.2 to OpenSearch versions 1.1-1.3 on the following platforms:

  • Red Hat Enterprise Linux 8 (RPM+YUM installation)
  • Ubuntu 20.04 LTS (Tar-ball installation)
  • Docker Engine v20.10.17

In addition, we have also tested the restoration of a snapshot created in Elasticsearch v7.10.2 to an OpenSearch v1.1.0 cluster.


RPM/YUM installation of OpenSearch 1.x is available in v1.3.2 (and above). Prior to this version, tarballs are available.

For specific installation instructions, the following user guides are available in the Graylog documentation to supplement comprehensive OpenSearch installation documentation:

Was this article helpful?