These steps worked to upgrade the service Logstash (v2.2 to v7.x) consuming data from Filebeat (v7.8):
# Steps followed (in order):
service filebeat stop
ps -eaf | grep filebeat
service logstash stop
ps -eaf | grep logstash
sudo apt remove logstash
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
sudo apt-get install apt-transport-https
echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list
sudo apt-get install logstash
apt-get update
service logstash status # returns `logstash stop/waiting`
# modify `/etc/logstash/pipelines.yml`
# modify/remove/add the required .conf files in `/etc/logstash/conf.d/`
service logstash start
ps -eaf | grep logstash
service filebeat start
ps -eaf | grep filebeat
I tried upgrading to v7.13.x based on compatibility matrix, using the following cmd: echo "deb https://artifacts.elastic.co/packages/7.13.4/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-7.13.4.list
But v7.14 got installed anyway. And the pipeline is working great, and the results are as expected.
Will that cause future Filebeat compatibility issues?
I didn't read all the change nodes, but the run of 7.13.x and 7.14 seems to have been mostly security fixes in Elasticsearch. IMHO, the beats often get released just to keep the versions in sync.
FYI, there are other posts about filebeat-god like Filebeat-god description? - #3 by paulkeogh. Did you notice what your old version of filebeat was? I wonder if it was older, I don't find file in my current install.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.