Please advise , Long back we have ELK cluster running on 5.x after some months we have upgraded to 6.8. After a year we got VAs and we have decided to upgrade the cluster from 6.8.x to 7.17 . We are facing one compatibility issue the index which were created on version 5.x is not restoring to latest version(7.17) and index created on version 6.8 is restoring on same.
The index size is of 1tb doing reindex is time consuming as we have more than 500 index and if we install 5.x again VAs will come.
Yes, this is expected, you can only restore indices created on one previous versions.
Unfortunately this is what you need to do, you need to spin up a 5.X cluster to restore this index, and then you need to reindex it on the new cluster using reindex to remote, but You will need to test it, I'm not sure if this will work or if you will need extra steps, like reindexing to a 6.X cluster before or not.
If it is juts 1 TB of data it should not take that long to reindex.
You need a cluster on version 5.X to be able to restore the data, once the data is restored in the cluster you can reindex it into a new cluster, but how you do that is entirely up to you.
You can try to use reindex from remote from the 7.17.X cluster, you can try to use Logstash, you can try to use a custom python script or any other tool available, but this is not really documented and you will need to test it yourself.
But you need a cluster on version 5.X to get this data.
Our old data is in tape server(where we dump the data) when backup team restore the old data and put it in our server mount_point after that we run snapshot restore(in 7.17x ELK) to restore that data
Just thinking out the box, you don’t have to bring up a 5.x cluster in same network location as the current cluster. Get the data from backup guys (securely) out of sight of the VAs guys, do the re indexing / version upgrading all off-piste, then pull THAT data into your 7.x cluster.
I can’t see a way to avoid using an older version if the only copy is a 5.x created snapshot.
And a nod for confirming people still use tape backups, and that they were useful!. LTO + DDS == COOL.
Sorry i am asking another question today we have faced one more challenge that is when backup team restore the jan 19 data and when we run snapshot api it thrown error .dat file missing and in path.repo path i can see 2 .dat file there was no snapshot failed status when we took the snapshot of jan 19,2025 and even backup team said backup of your data was successful .
I am wondering about where .dat was missed . If it missed how can we restore if we have 2 dat files
I can’t really help on that point, just don’t know and possibly you haven’t shared enough detail to be sure.
I’m more confused by the lifecycle of the 5.x created indices? They were not used or backed up again since Jan 2019, just living on tape for 6 years? Someone made a backup/snapshot and then deleted them without testing they could restore?
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.