Points: when we plan to upgrade the ELK

Elastic Stack Elasticsearch
1

Hello all,

Need some clarifications. Kindly suggest with your inputs.

  1. If we plan to upgrade the full ELK stack to version 8.11 or the latest from version 7.17?

Note: There’s a catch here as the main ELK server is running on version 7.17 and because of the time constraint.

  • Can we flush all the data (uninstall everything) and install full stack ELK for version 8.11? Don’t need any version 7.17 anymore on this server

  • Can the configuration files e.g. filebeat.yml, elasticsearch.yml and kibana.yml and others be restored (from the 7.17) and copied in the latest version and things will be back into action? Or will there be compatibility issues?

  1. Can I only upgrade the filebeat version from 7.17 to 8.11, the filebeat module which is a part of the main ELK server where the other modules on this server are elasticsearch, kibana,logstash and nginx.

  2. When I upgrade my ELK stack to 8.11? How do I manage the filebeat indices data coming from the other users (client servers) and which are running on filebeat 7.x.

curl -X GET "localhost:9200/_cat/indices/filebeat-7.17*?v"

health status index                              uuid                   pri rep docs.count docs.deleted store.size pri.store.size
yellow open   filebeat-7.17.15-2024.01.12        S_Xu9N9wQXmIPogZl0a9Aw   1   1       7726            0      4.6mb          4.6mb
yellow open   filebeat-7.17.18                   gzXXrHfcQSSjyJR40JGF4A   1   1  160730053            0     58.7gb         58.7gb
yellow open   filebeat-7.17.15-2024.03.04-000072 ALPiF1w6TsGTtgtRLTx69Q   1   1       9822            0      5.3mb          5.3mb
yellow open   filebeat-7.17.15-2024.02.26-000071 _rhNm0VqRIixhPXjsacYDw   1   1     380930            0    162.6mb        162.6mb

Please suggest.

Thanks,
Ravi

2

Hello,

Please need inputs on my recent post above.

Thanks,
Ravi

3

But do you need the old indices? Or do you want to start from scratch?

Can the configuration files e.g. filebeat.yml, elasticsearch.yml and kibana.yml and others be restored (from the 7.17) and copied in the latest version and things will be back into action? Or will there be compatibility issues?

I honestly don't know and you will probably need to read the documentation.

No. You need to upgrade the whole stack.

I think this might work in that way. Having an older filebeat sending data to Elasticsearch 8 but I'm not sure.

4

Hello,

What will be the challenges in both the cases? As per my current understanding on this subject. I think we need to go through the below steps, if I need the old indices.

  • Fix the elasticsearch deprecation issues
  • Back up data (using snapshot and restore)
  • Migrate system indices
  • Review and fix depreciated issues
  • Address API deprecations
  • Upgrade to Elastic 8.x

Well, this is a standalone server/ single node solution and in certain cases and considering the time factor sometimes I feel it would be a good call, if we start from the scratch.

If it is needed to do it from the scratch what measures needs to be taken and do we have a documentation? i.e. upgrading from 7.17 to 8.x.

Thanks,
Ravi

5

It's just easier to start from blank as you don't have to think about migration.

True.

I feel it would be a good call, if we start from the scratch.

Yes.

Just start from here: Installing the Elastic Stack | Elastic Installation and Upgrade Guide [8.12] | Elastic