Hi all,
So we are using EFK stack for logging purposes. We have ES at 7.17.23 and filebeat at 7 version. Unfortunately on some of the machines, the filebeat got upgraded to 8 , it forcefully modified the Index template that is connected to the filebeat to have Data Streams enabled. So every day the index is getting created is not regular index but rather its a datastream. I tried forcefully changing back the index template without successfully.
We have a cron job to trigger the snapshots on the regular indices, So we used to that to create the snapshots on the indices created by these data streams but when we tried to restore it back to regular index from the snapshot. I have been unsuccessful. Any suggestions or directions I can follow, I would highly appreciate it.
I found this older StackOverflow post, which seems to suggest deleting the data stream first and the corresponding index template by running Elasticsearch/Kibana connection on a different port.
Thanks @jessgarson . I looked at that solution, That will not work, given we have months of data logs and can't delete them. However, we decided it best to snapshot the data Streams for now.
@rugenl Absolutely agree with you. Trying to find the correct balance with managing overhead and productivity at a small company.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
