We know many of you have been asking for this and we are excited to say that it’s almost here: Elasticsearch 5 support is coming in Graylog v2.3!
In fact, we are making a much bigger change:
Switching to the Elasticsearch REST APIs
Graylog has a very strict dependency on the Elasticsearch versions it supports. This is due to the current way Graylog interacts with Elasticsearch by joining the Elasticsearch cluster as a node. The benefit of this is that we can send the log messages we want to store as serialized objects and avoid HTTP and JSON parsing overhead.
However, benchmarks of Elasticsearch have shown that the overhead introduced by using the REST API is slight and the benefits are extensive. Using the REST API will not only allow us to support Elasticsearch 5, but also loosen up the strict version dependency. This change will make installing, running and maintaining Graylog much easier.