Hello!
I am looking to upgrade a single-node ELK stack cluster running version 5.4.0 to 6.6.0 on RHEL 7.6. I have read through the ELK documentation and have found that a "rolling upgrade" is the way to go.
I do have a few questions that I would like to confirm/clarify prior to moving forward with this procedure:
Does the "rolling upgrade" procedure work for a single-node cluster?
Is there a need to do any re-indexing prior to the upgrade/after the upgrade?
Would it be possible to still have access to log data gathered prior to the upgrade and be able to query for them/use them in visualizations etc?
I imagine that, during the upgrade, the service must go down while the packages are upgraded/restored. Would the data being shipped from other servers running filebeat get lost?
Should I upgrade the filebeat nodes before the ELK stack to prevent data loss or is it the other way around?
I apologize if people have asked this before but I glanced through some of the existing upgrade discussions and haven't really seen something that would answer all my questions.
Any help or clarification on this would be greatly appreciated!
Bader.
As you have a single node, you are going to experience downtime. Beats will queue data until they can access Elasticsearch again, but you will also want to upgrade them.
You may want to upgrade to 5.5 or 5.6 first, so you can run the upgrade assistant in Kibana to help get to 6.X.
Thank you for this valuable information.
Would I still be able to access the old data after the upgrade?
Also, I use search guard for security. Would I need to upgrade it to 5.6 during the initial upgrade then again to 6.6?
[EDIT] Additionally, to upgrade from 5.4 to 5.5/5.6, am I to use this guide or is there something else that I should use?
[EDIT2]: I have double checked the breaking changed for version 6 and have found that I would still be able to access old data when upgrading to 6:
Elasticsearch 6.0 can read indices created in version 5.0 or above. An Elasticsearch 6.0 node will not start in the presence of indices created in a version of Elasticsearch before 5.0.
@warkolm sorry to re-open this but I do have a follow-up if that is okay.
I was reading through the Filebeat documentation and it also mentions that in order to upgrade from 5.x to 6.x you must be on 5.6.
My questions are:
When upgrading from beats 5.4 to 5.6, would the already-queued data be lost?
Can Filebeat 5.4 correctly forward logs to ELK v 5.6 AND 6.x or should I be upgrading Filebeat in the same procedure as the ELK stack (minor for ELK and Beats then major for ELK and Beats)?
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.