Upgrade Graylog 2.2 to 2.3

Upgrading graylog 2.2 to 2.3 adds in another step due to so changes to the way graylog connects to the elasticsearch cluster.

This is all documented here.

sudo rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-2.3-repository_latest.rpm
sudo yum clean all
sudo reboot
sudo yum update

The gist of it is all of your elasticsearch settings in your existing graylogserver.conf file are now not used.  If you just do a flat upgrade and you use an external elasticsearch cluster your graylog cluster will not function as the new default is to look at localhost.

You will get a 500 every time you go to the search page or try to do any type of query that requires access to the index if you use an external elastic-search cluster.

This is a welcome change as I was never a fan of having gray-log connect to the non-master non-data node on localhost on each gray-log node which then connects to the actual elastic-search cluster.

Fortunatly you only need to add one line to your graylogserver.conf and you can take the existing entries in elasticsearch_discovery_zen_ping_unicast_hosts and just add http and change the port to 9200.

Example:

#Elasticsearch nodes in graylog cluster

elasticsearch_hosts = http://192.168.5.20:9200, https://192.168.5.21:9200, https://192.168.5.22:9200

restart gray-log and everything should start working

systemctl restart graylog-server

To watch it happen tail -75 /etc/graylog/server/graylogserver.log

Next post will be upgrading elasticsearch now that graylog supports 5.x

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Powered by WordPress.com.

Up ↑

%d bloggers like this: