Migrating from elastic 5.x to 6.0.0 with elastalert


I want to migrate from ELK stack 5.4.3 (and 5.6.4) to 6.0.0 and keep on using elastalert.

There is a pull request which should make this possbile. However, I need to keep the old elastalert index from the 5.x version as it cannot be created in elasticsearch 6.x due to changes of the type mapping (only one doctype allowed for a new created index). Also see https://github.com/Yelp/elastalert/pull/1426#issuecomment-345230535 and the comments above there for details.

My question is: How can I use the old index from elastic 5.x in elastic 6.0.0. I use docker for running the stack. Can I simply use the new elastic 6.0.0 container instead of the 5.x container, using the same volume like before and elastic will automatically migrate everything?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.