Hello,
Here is the list of changes/recommendations (I hope I don't miss anything):
-
Logstash:
ES output plugin will change the document_type from logs to doc -
ElasticSearch:
Indices created in Elasticsearch 6.0.0 or later may only contain a single mapping type.
default mapping will be removed on ES 7 (so it's better to not use this one). -
Concerning the upgrade:
Recommended upgrade order is Elasticsearch --> Kibana --> Logstash
Actual infrastructure:
-
Logstash 5.6 is inserting data to Elasticsearch 5.3 and Kibana 5.6 is used to view the data.
-
Logstash is creating different indexes every days with
index => "logstash-index1-%{+YYYY.MM.dd}"(using custom templates stored in Elasticsearch) in Elasticsearch. -
For the predefined templates I use the following mapping:
... "mappings" : { "Log" : { "dynamic" : false, "_source" : { "enabled" : true }, "properties":{ ....
Upgrade to ELK 6
I plan to update ELK stack to 6.x (with the shortest downtime possible), and I've few questions about how to do it:
- Before starting the upgrade can I update the mapping of the templates to:
... "mappings" : { "doc" : { "dynamic" : false, "_source" : { "enabled" : true }, "properties":{ ...
Then do I need to add the document_type value and set it to doc?
And few days later I will update the ELK stack in the recommended order.
Can it work in that way?
-
If I upgrade ES and Kibana first, can I let Logstash in the 5.6 or will I have issues when the new indexes will be created the day after?
-
Or must I stop Logstash before the daily indexes creation, and then:
a/ Upgrade the ES templates as mentioned previously.
b/ Upgrade ES --> Kibana --> Logstash
c/ Start ES --> Kibana --> Logstash
Thanks.