The embedded Elasticsearch node being used by Graylog has been upgraded to Elasticsearch 2.x which includes some breaking changes. Graylog 2.x does not work with Elasticsearch 1.x anymore and cannot communicate with existing Elasticsearch 1.x clusters.
Please see Breaking changes in Elasticsearch 2.x for details.
The blog article Key points to be aware of when upgrading from Elasticsearch 1.x to 2.x also contains interesting information about the upgrade path from Elasticsearch 1.x to 2.x.
Graylog applies a custom index template to ensure that the indexed messages adhere to a specific schema.
Unfortunately the index template being used by Graylog 1.x is incompatible with Elasticsearch 2.x and has to be removed prior to upgrading.
In order to delete the index template the following curl command has to be issued against on of the Elasticsearch nodes:
curl -X DELETE http://localhost:9200/_template/graylog-internal
Graylog will automatically create the new index template on the next startup.
One of the most important breaking changes in Elasticsearch 2.x is that field names may not contain dots anymore.
Using the Elasticsearch Migration Plugin might help to highlight some potential pitfalls if an existing Elasticsearch 1.x cluster should be upgraded to Elasticsearch 2.x.
Graylog 2.x requires MongoDB 2.4 or newer. We recommend using MongoDB 3.x and the WiredTiger storage engine.
When upgrading from MongoDB 2.0 or 2.2 to a supported version, make sure to read the Release Notes for the particular version.
Please refer to the Log4j Migration Guide for information on how to update your existing logging configuration.
Some settings, which have been deprecated in previous versions, have finally been removed from the Graylog configuration file.
| Setting name | Replacement |
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
(moved to collector plugin) |
|
(moved to collector plugin) |
|
UI in web interface (System/Indices) |
|
UI in web interface (System/Indices) |
|
UI in web interface (System/Indices) |
|
UI in web interface (System/Indices) |
|
UI in web interface (System/Indices) |
|
UI in web interface (System/Indices) |
For better consistency, the defaults of some configuration settings have been changed after the project has been renamed from Graylog2 to Graylog.
| Setting name | Old default | New default |
|---|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
In the past it was possible to override configuration settings in Graylog using environment variables or Java system properties with a specific prefix.
For better consistency, these prefixes have been changed after the project has been renamed from Graylog2 to Graylog.
| Override | Old prefix | New prefix | Example |
|---|---|---|---|
Environment variables |
|
|
|
System properties |
|
|
|
The output ID key for the list of outputs in the /streams/* endpoints has been changed from _id to id.
{
"id": "564f47c41ec8fe7d920ef561",
"creator_user_id": "admin",
"outputs": [
{
"id": "56d6f2cce45e0e52d1e4b9cb", (1)
"title": "GELF Output",
"type": "org.graylog2.outputs.GelfOutput",
"creator_user_id": "admin",
"created_at": "2016-03-02T14:03:56.686Z",
"configuration": {
"hostname": "127.0.0.1",
"protocol": "TCP",
"connect_timeout": 1000,
"reconnect_delay": 500,
"port": 12202,
"tcp_no_delay": false,
"tcp_keep_alive": false,
"tls_trust_cert_chain": "",
"tls_verification_enabled": false
},
"content_pack": null
}
],
"matching_type": "AND",
"description": "All incoming messages",
"created_at": "2015-11-20T16:18:12.416Z",
"disabled": false,
"rules": [],
"alert_conditions": [],
"title": "ALL",
"content_pack": null
}-
Changed from
_idtoid