Alert Notice: Opensearch V2.16 Update 2

Please be advised, an issue has been identified with Opensearch V2.16.

Search queries in Opensearch generated from Alerting do not provide proper expected results. Graylog recommends only upgrading Opensearch to the supported release stated in the documentation, which can be found here. It is also recommended to pin your Opensearch release to the current supported version.

The details of the issue are identified here.

Graylog V6.0 can be installed and supported with Opensearch V2.15.

Updated August 16th, 2024

Graylog continues to recommend only upgrading Opensearch versions in the matrix provided here: Graylog and Opensearch Support Matrix

There is now a configuration workaround to mitigate the issue found in Opensearch release V2.16. For customers who have upgraded to Opensearch V2.16 we recommend this change:

In 2.16 Opensearch clusters,

search.max_aggregation_rewrite_filters=0

will mitigate this issue. In order to do this, is by the environment configuration during startup or by setting the cluster setting through the Opensearch API.

For details please see: Opensearch Cluster Settings

Categories

Get the Monthly Tech Blog Roundup

Subscribe to the latest in log management, security, and all things Graylog blog delivered to your inbox once a month.