If you are currently running ElasticSearch:
You MUST migrate to OpenSearch BEFORE migrating to Data Node!!!!
This guide assumes 2 servers. One Graylog Server and one Graylog Data Node server.
Ensure the following rules exist for Cluster communication:
Graylog Server Host:
Allow from <data-node-ip> to 27017/tcp (MongoDB)Graylog Data Node Host:
Allow from <graylog-server-ip> to 8999/tcp (Data Node)1. Use this guide to configure MongoDB to use authentication. This definitely needs to be enabled since all servers in the Graylog cluster will access the database over the network.
If you're starting this migration with a single Graylog server (Graylog Server, MongoDB, and Elasticsearch on the same host) make sure to update any Graylog Server config to use the new MongoDB credentials.
2. Use this guide to install Graylog Data Node on a new host server.