Upgrading Graylog to 5.0 from 4.3 in Docker compose
I’ve been ignoring my instance of Graylog as it dutifully ingests the roughly 700 Meg of data it’s being sent daily. I first setup Graylog on version 3.2 in late 2019 later migrating it to containers in 2021. I would visit it from time to time to better understand an event on my network, or to explore it’s features like capturing Pfsense logs or using the Geo location processor. I kept thinking that I’d get to updating it eventually. Graylog 5 was released late in 2022 and I wanted to investigate new feature and stay current. What I didn’t understand was the number of steps that would be required.
Upgrade path
One of the challenges in an upgrade of a package that depends on several other packages, is taking into consideration the supporting package migration paths. After a few searches I found this excellent documentation from Graylog on the migration process. I quickly glanced through the document and thought this would be a snap. My current install consisted of
- Graylog version 4.3
- Mongodb version 4.2
- Elasticsearch version 7.10.2
The documentation expects you to start with
- Graylog 4.3
- MongoDB 4.4.18
- OpenSearch 1.3.4
