Member of newly formed SOC in a mid sized company (3k monitored hosts/machines)
ELK 8.3.2 on 3 VM machines.
Logstash, Fleet Server on a separate VM machine.
Ubuntu 22 LTS
4 cores, 16 GB RAM, 200 GB Storage each
We've upgraded ELK to the latest version from 8.2. We're unable to upgrade Elastic Agent from GUI. It was deployed via LINUX binary (tar.gz) and enrolled that way into ELK. Debian packages do not work properly (certificate issues, other issues that are going to be solved once the ELK is on prem, it doesn't affect infrastructure otherways).
What we've tried:
- Upgrade via gui,
- Upgrade via CLI elastic-agent upgrade command ( shows that we need to upgrade via GUI or shows that cannot write into socket while using URI)
- Overwriting via binary and then upgrade via CLI, Overwriting via binary then upgrade via GUI,
- Overwriting via DPKG,
What we haven't tried and wouldn't do:
- Unenroll, uninstall and install with new version (it means that all other agents assigned to that fleet have to be uninstalled aswell, whole procedure of onboarding all hosts must be done then)
Please, give us an advice!
Sincerely SOC Analyst.