Need some clarifications. Kindly suggest with your inputs.
If we plan to upgrade the full ELK stack to version 8.11 or the latest from version 7.17?
Note: There’s a catch here as the main ELK server is running on version 7.17 and because of the time constraint.
Can we flush all the data (uninstall everything) and install full stack ELK for version 8.11? Don’t need any version 7.17 anymore on this server
Can the configuration files e.g. filebeat.yml, elasticsearch.yml and kibana.yml and others be restored (from the 7.17) and copied in the latest version and things will be back into action? Or will there be compatibility issues?
Can I only upgrade the filebeat version from 7.17 to 8.11, the filebeat module which is a part of the main ELK server where the other modules on this server are elasticsearch, kibana,logstash and nginx.
When I upgrade my ELK stack to 8.11? How do I manage the filebeat indices data coming from the other users (client servers) and which are running on filebeat 7.x.
curl -X GET "localhost:9200/_cat/indices/filebeat-7.17*?v"
health status index uuid pri rep docs.count docs.deleted store.size pri.store.size
yellow open filebeat-7.17.15-2024.01.12 S_Xu9N9wQXmIPogZl0a9Aw 1 1 7726 0 4.6mb 4.6mb
yellow open filebeat-7.17.18 gzXXrHfcQSSjyJR40JGF4A 1 1 160730053 0 58.7gb 58.7gb
yellow open filebeat-7.17.15-2024.03.04-000072 ALPiF1w6TsGTtgtRLTx69Q 1 1 9822 0 5.3mb 5.3mb
yellow open filebeat-7.17.15-2024.02.26-000071 _rhNm0VqRIixhPXjsacYDw 1 1 380930 0 162.6mb 162.6mb
But do you need the old indices? Or do you want to start from scratch?
Can the configuration files e.g. filebeat.yml, elasticsearch.yml and kibana.yml and others be restored (from the 7.17) and copied in the latest version and things will be back into action? Or will there be compatibility issues?
I honestly don't know and you will probably need to read the documentation.
No. You need to upgrade the whole stack.
I think this might work in that way. Having an older filebeat sending data to Elasticsearch 8 but I'm not sure.
What will be the challenges in both the cases? As per my current understanding on this subject. I think we need to go through the below steps, if I need the old indices.
Fix the elasticsearch deprecation issues
Back up data (using snapshot and restore)
Migrate system indices
Review and fix depreciated issues
Address API deprecations
Upgrade to Elastic 8.x
Well, this is a standalone server/ single node solution and in certain cases and considering the time factor sometimes I feel it would be a good call, if we start from the scratch.
If it is needed to do it from the scratch what measures needs to be taken and do we have a documentation? i.e. upgrading from 7.17 to 8.x.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.