The following checklist is a summation of the major steps involved in executing a migration from Elasticsearch to OpenSearch for use with your Graylog instance. It is recommended that you use this checklist as a general introduction to the tasks necessary for a successful migration and to ensure that each step is followed in the correct sequence.

For detailed instructions on your OpenSearch migration, see the complete guide outlined in the Graylog documentation.

Software Requirements

  • Elasticsearch version 7.10.2
  • Graylog version 5.0
  • Elasticsearch indices version 6082399 (v6.8 or greater)

Backups

  • MongoDB dump
  • Elasticsearch snapshot, configuration-files, an other files if used (e.g. TLS certificates/keys)
  • Graylog configuration files and other files if used (e.g. TLS certificates/keys)

Create a Deployment Plan

  • Determine the length of time needed for installation and configuration of OpenSearch software. How will the software be deployed and installed? How will the software be configured?
  • Determine the length of time needed for Elasticsearch to completely shut down. Test this by running a shutdown process and timing it.

Assess Data Ingest and Storage Requirements

  • Determine how much data Graylog will receive in the amount of time it takes for you to shut down Elasticsearch and install, configure, and start OpenSearch.
  • Confirm that the Graylog journal's storage hardware has sufficient free storage space to hold that data. If not, make necessary changes, e.g. increase available free disk space and then adjust the message_journal_max_size).

Confirm Graylog server.conf (message_journal_*) Parameters Are Set Appropriately Based on Time and Date Size

  • message_journal_max_age
  • message_journal_max_size

Test High Utilization of Graylog Journal on Graylog Node(s)

  • Pause message processing for the upgrade process time. Resume message processing after upgrade completion.
  • Note how much time it takes for the Graylog cluster to process the contents of the journal until use returns to normal.