Please be advised, an issue has been identified with Opensearch V2.16.
Search queries in Opensearch generated from Alerting do not provide proper expected results. Graylog recommends only upgrading Opensearch to the supported release stated in the documentation, which can be found here. It is also recommended to pin your Opensearch release to the current supported version.
The details of the issue are identified here.
Graylog V6.0 can be installed and supported with Opensearch V2.15.
Updated August 16th, 2024
Graylog continues to recommend only upgrading Opensearch versions in the matrix provided here: Graylog and Opensearch Support Matrix
There is now a configuration workaround to mitigate the issue found in Opensearch release V2.16. For customers who have upgraded to Opensearch V2.16 we recommend this change:
In 2.16 Opensearch clusters,
search.max_aggregation_rewrite_filters=0will mitigate this issue. In order to do this, is by the environment configuration during startup or by setting the cluster setting through the Opensearch API.
For details please see: Opensearch Cluster Settings
