Get Started with Data Node

A Graylog Data Node is a component of the Graylog architecture that is responsible for managing OpenSearch. This feature allows Graylog to manage your search backend so that you don't have to install and manage OpenSearch separately.

Data Node enhances the security of the data layer in Graylog by implementing certificates, managing cluster membership, and facilitating the addition of new nodes. In addition, it ensures the correct version of OpenSearch and its necessary extensions are installed to enable proper functionality of Graylog.

Hint: Graylog provides a migration wizard to help transition your existing search backend to Data Node management.

Install Graylog with Data Node

To install Graylog with Data Node, see the following step-by-step guides covering installation methods for supported systems and services:

• Operating Systems
  • Install Graylog on Ubuntu
  • Install Graylog on Debian
  • Install Graylog on Red Hat
  • Install Graylog on SUSE
• Install Graylog in Docker

Manage the Data Node

Navigate to the Data Node page in the Graylog web interface via System > Data Nodes. This section is the central hub that provides visibility into your data nodes as well as certificate management for increased security. You can also view metrics to help you gain insight into the performance of your search backend. (Note that access to metrics requires a Graylog Enterprise license.)

Data Nodes

The Data Nodes tab lists each of your active data nodes. The table view provides information such as the current node status and certificate expiration. Click any node for more details. From the Actions menu, you can select these additional actions:

• Renew certificate: Renews the certificate for the node.

• Stop/Start: Stops or starts the OpenSearch service for the node.

• Remove: Removes the node from the cluster.

• Show logs: Opens a dialog box to show OpensSearch logs, which you can view as either STDOUT or STDERR.

Cluster Management

The Cluster Management tab is a pre-made dashboard that displays insights about your search backend, providing real-time data from your OpenSearch data nodes. You can adjust time ranges of the displayed data, but the dashboard is not generally editable.

Hint: This feature requires a Graylog Enterprise license. If you don’t have the appropriate license, or if you don't have Data Node set up, this tab shows a static example dashboard. The information displayed in that case is not based on your underlying data but is intended only as a demonstration of the types of metrics that would be presented.

Configuration

Use this tab to issue or renew certificates. If you opt to manage certificates with Graylog rather than importing your own, you are required to establish a certificate authority (CA) either when you perform your initial preflight configuration or when you go through the migration wizard. Any certificates you issue here are secured by the Graylog CA.

For complete information about managing certificates, see Manage Certificates with Data Node.

Migration

Use the Migration tab if you have an existing search backend that you want to transition to the Data Node architecture.

Hint: This tab does not appear if you have already migrated to Data Node or you performed a fresh installation that includes Data Node.

The migration wizard accessed via this tab walks you through the migration, step-by-step. This in-place migration helps you transition from an existing self-managed OpenSearch instance to Data Node. For complete information, see Data Node In-Place Migration.

Hint: Migration is available only if your search backend is OpenSearch. If you are using Elasticsearch, you first need to perform your own transition from Elasticsearch to OpenSearch, and then the migration wizard in Graylog is available.