Replace old Cold Node by a new one and migrate data

Hello,
I have an ELK cluster with 3 nodes (debian 11 and ELK 7.17.0) :

• node1 (master+hot+ingest+content) 2Tb
• node2 (master+worm) 3Tb
• node3 (master+cold) 4Tb
  the cluster now is on red status cause the node3 is full , and i can't add more space on it cause the disk is an azure managed disk which cannot exceed the limit of 4Tb ,
  Is there a way to create a new VM with ELK Cold role and migrate the data to it ??

Generally, if sharding is appropriate you can just run up an additional cold VM and have it join the cluster. This would rebalance shards away from the existing cold node to the new cold node.
This assumes that cluster.routing.rebalance.enable is set to "all".

Need more information as to the shard count for each of your indices to see what you are dealing with. If you need to find out _cat/Indicies will provide the info you need.

So as i understand i need to create a second cold nod (with the appropriate disk space) join this node to the cluster and move the shards to the new node then i can remove the old cold node without disturbing the cluster ??

Yep!

is there a tutorial to how to made this migration step by step ??

1. Add new node to the cluster
2. Use Cluster-level shard allocation and routing settings | Elasticsearch Guide [8.5] | Elastic to exclude allocation on the old node
3. Wait till re-allocation is complete then remove the old node

Hello Thanks for replying
Is these steps are good even when there are no replicas for all shards ?? i mean all the shards on the cold node are primary and the cluster dosen't allow replicas ??

Yes.

Thanks i will try this solution and i will give you a feed back .

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.