GrayLog Open v6 Install (no more OVA, not docker)

GeorgeK1973 · August 5, 2025, 10:53am

In My Opinion: Lawrence Systems sets the bar high for what qualifies as a great guide/tutorial!

Thank you for your guide for GrayLog Open v5!

Your GrayLog Open v5 guide relied upon downloading the GrayLog Open official ova virtual appliance.

Unfortunately GrayLog Open v6 is no longer provided in a GrayLog Open official ova virtual appliance.

(and I am very hesitant to trust an OVA hosted on someone else’s google or dropbox drive)

(yikes)

Your GrayLog Open v6 guide is focused on docker deployment.

(Spoiled by Lawence Systems level of quality of guides)

Perhaps I am overlooking this:

#1 - has anyone seen a comparably good guide for installing GrayLog Open v6 (not docker)?

#2 - does anyone have other GrayLog guides (including post-install) they felt were worth bookmarking/archiving and willing to share?

Might as well ask this too: did I miss anything, I thought I confirmed from graylog itself (somewhere) that for v6 GrayLog no longer provide a GrayLog Open OVA appliance.

So far, I have the basic install working and finishing up securing the web then on to configuring syslog receiver. (GrayLog has a particular approach to documentation, not hard to follow once you are on the wavelength of the doc author. They are good helpful docs which are solidly minimal as needed – almost to a fault, which caught me up at first.)

Thanks!

DrHeat · August 5, 2025, 7:04pm

I am a bit confused. Perhaps I misunderstood but if you already have a v.5.something GrayLog install, wouldn’t it be simpler to update it to the latest 6.x version rather than reinstall from scratch? Even if the original was packaged as an OVA you can update it yourself rather than look for a prepackaged 6.x OVA.

LTS_Tom · August 5, 2025, 11:25pm

I prefer the docker version as it’s easier to maintain. The docker versions are maintained by Graylog.

GeorgeK1973 · August 15, 2025, 2:03pm

holy smokes what are the proper upgrade instructions??

I just installed graylog ova (newest version I could find was v3.3.8-1) … and I grok the incremental upgrade path is very incremental:

3.3.x >>4.0.x >> 4.1.x >>4.2.x >>4.3.x>> 5.0.x>> 6.0.x (then onward)

And then I tried to look in into official upgrade procedures

And… Yikes … hopefully I am failing to find the correct magic document

Where are the upgrade guides?

What’s more the graylog forums are full of people agreeing writing a document would be a good idea…. and then the threads are closed (and that was 3 years ago).

LTS_Tom · August 16, 2025, 11:07am

Now you know why I use the Docker version.

DrHeat · August 17, 2025, 4:02pm

Where did you see that upgrade path? It doesn’t feel right.

Here’s the official documentation: Graylog Upgrade Path

TLDR there are only 2 requirements:

Make sure the minimum version for Mongo and Elastic/OpenSearch are satisfied
Do not skip baseline versions unless you’re in a hurry. For example when upgrading from 3.3.x to 6.0.x it is recommended to go 3.3.x → 4.0.x → 5.0.x → 6.0.x. However there’s nothing preventing you from doing a direct 3.3.x → 6.0.x and double check to make sure everything works. Their product and update process is quite resilient and well thought out.