Hi All,
I am just mucking around with an ELK stack in a test environment, sending metricbeat, filebeat and winlogbeat to it. I had a large amount of data in elasticsearch and some customised kibana dashboards.
I killed the virtual machine and restarted it to test recovery and it seems the recovery process lost all the ,kibana customisations.
I think it is to do with too much data and the virtual machine not having enough RAM/CPU, thus swapping to disk and performance is terrible when recovering the index. I leave it for a long time and it finally gets up and running, however in kibana, it thinks it is starting fresh without any understanding of the indicies. I have to re-add them all and then the customisations are gone.
I have snapshots so can rolled back in time to before that to try an recover the .kibana folder.
However when I went to copy the data i see that in ES5 has moved the indicies folder to /var/lib/elasticsearch/nodes/0/indicies - there is no longer a "data" folder. Also all the folder names are scrambled like "zx3yWrqjQ-WqbiJpHqEaTg". There is no .kibana folder.
Is the data corrupted or has ES5 changed the way it labels data. I see in the log file it then links the index name to those random pathnames. I was pretty happy with my kibana customisations and wouldn't mind getting them back if I can, but a bit lost what to do next.
Thanks