(Tim Desrochers) #1

I have just upgraded my nodes to 2.0 from 1.7. I upgraded via RPM package. When I restart my nodes I get the following error:

[2015-11-03 10:13:02,789][ERROR][gateway ] [MASTER_NODE_1] failed to read local state, exiting...
java.lang.IllegalStateException: unable to upgrade the mappings for the index [logstash-2015.10.21], reason: [Field name [] cannot contain '.']

I cannot figure out why I am getting this exception. Did I miss something in the breaking changes?

(Magnus Bäck) #2

Field names may not contain dots in 2.0:

(Tim Desrochers) #3

I guess I somewhat understand this. I have many fields that contain dots in them. I am using BroIDS and almost all fields from their logs have dots in them. The only exception I am getting at the moment is the one listed above. I don't have an issue deleting the index and starting fresh since I am upgrading my test network before attempting this on a production network, but it seems strange that this is the one field creating the exception.

Since now I cannot start the nodes where I upgraded to 2.0 how do I interact with the ES API to change index mappings or delete indices?

(Magnus Bäck) #4

I'd assume you have to downgrade to 1.7, start up ES, and the necessary adjustments, double-check that the migration plugin is happy, then reattempt the upgrade.

(Tim Desrochers) #5

thanks, I got things to work on my Master nodes. Now when I try to get my worker nodes started I get:

CONF_FILE setting is no longer supported. elasticsearch.yml must be placed in the config directory and cannot be renamed.

Not sure where to change this and its not well documented.

This upgrade is not going well (all user error for sure) I'm sure it will be worth it in the end

my elasticsearch.yml files in in /etc/elasticsearch/.

I installed the upgrade via RPM

(system) #6