The Graylog blog

Graylog To Add Support for OpenSearch

Beginning with v4.3, which is expected to be available within a month, Graylog will add support for OpenSearch v1.1 and v1.2 as the log message and event data repository. We will continue to also support Elasticsearch v6.8 and 7.10 with this release, though Graylog Security v2.0 will require OpenSearch.

WILL I BE REQUIRED TO SWITCH TO OPENSEARCH?

Not at this time, but Elastic is no longer providing Security updates to Elasticsearch 6.8 or 7.10 so we strongly encourage you to do so.

WILL YOU OFFER SUPPORT FOR ELASTICSEARCH V8?

With the licensing and structural changes Elastic introduced in v7.11 we have not offered support past v7.10 and do not plan to support v8.

IS THE MIGRATION FROM ELASTICSEARCH TO OPENSEARCH DIFFICULT/TIME CONSUMING?

Within the Graylog environment, it is the same process as if you were upgrading to a newer version of Elasticsearch as long as you are not on Elasticsearch 7.11+. This is a rolling upgrade with no downtime. OpenSearch has provided an excellent blog article on this topic here.

WHAT IF I AM USING ELASTICSEARCH 7.11+ WITH GRAYLOG?

Migrating from Elasticsearch v7.11+ requires reindexing existing data using the reindex-from-remote feature. This is due to a file format incompatibility introduced by Elasticsearch v7.11. We strongly recommend backing up your data, testing your backup, and writing down a detailed technical migration plan before beginning this process. Reach out to the Graylog Community if you have specific questions or contact Graylog Customer Support if you are an Enterprise customer.

WHY ARE YOU MAKING THIS CHANGE?

Elastic licensing and functional changes beginning with v7.11 introduced risks to our users and customers, especially those running on Cloud (ours, theirs, or our service provider partners), and does not support our roadmap. Since you cannot rollback once you are on v7.11 we felt that we needed to offer customers and open users an option to move to OpenSearch.

CAN I USE OPENSEARCH WITH OLDER VERSIONS OF GRAYLOG?

No. We have included functionality and QA testing to ensure that v4.3 will be compatible with OpenSearch 1.1 and 1.2, and we strongly recommend against trying to use OpenSearch with older versions of Graylog.

IS THIS FOR GRAYLOG OPEN USERS OR ONLY ENTERPRISE CUSTOMERS?

Support for OpenSearch will be available to all Graylog users on v4.3 or greater.

We hope this update helps with your planning and answers your questions. Community-based support can be found at https://community.graylog.org/ or reach out to Graylog Customer Support if you are on a paid plan.

Documentation with instructions on how to switch from Elasticsearch to OpenSearch will be provided when v4.3 is released at https://docs.graylog.org/.

Get the Monthly Tech Blog Roundup

Subscribe to the latest in log management, security, and all things Graylog Blog delivered to your inbox once a month.