Stable ELK version from 7.11.2 to what next?

We have ELK stack version 7.11.2 with Enterprise license.. Planning to upgrade and I wish to know what should be ELK version we need to upgrade into.

Since, we have customers with ELK features, SSO, ElastAlert, Visualization, Scripted fields etc., what should be the next version to move into ?

Also, I am sure that it is not just a click to upgrade.. it should be like install latest or stable version and below activities as manually ..

  1. Manually ingest the data
  2. Import the Kibana config / Dashboard / Visualization
  3. Enable ElastAlert
  4. Enable MFA / SSO

Last but not least, We already have Enterprise license for version 7.11.2 which will expire in 2025. If we opt 8.x.x then do we need to buy new license or we can reuse the existing license ?

Pls share your inputs to us to get clarity on this version upgrade !
Thanks in advance

The best thing to do is to check with the support team and the sales team.

IMHO:

  • Upgrade at least to 7.17 latest
  • Better to upgrade to 8.13.2

I don't think that you have to buy a new license. The license is per cluster, whatever the version you are running.

But please check all that with the support :wink:

Which version of ElastAlert are you using? Keep in mind that ElastAlert is a third-party tool that is not made nor supported by Elastic.

There are 2 versions, the first one is the original ElastAlert by Yelp, this version is not mantained anymore and I don't think that it supports Elasticsearch 8, and there is the fork called ElastAlert2, this one is still active and you supports Elasticsearch 8, but you need to check their documentations to change somethings.

ElastAlert uses a deprecated mapping format for the date types called dateOptionalTime that does not exist in version 8, and if you do not change this mapping in your template you can break your entire cluster.

If you are not using ElastAlert2, you will need to upgrade it before you upgrade your Elastic cluster.