Hi,
I am using below versions of ELK
Elasticsearch 1.5
Logstash 1.5.3
Kibana 4.0.0
filebeat 1.2.1
I am planning to upgrade ELK and FB versions . Please suggest me which one should I go for now?
What new features I can get in latest one? Though I am going through breaking changes documntation, a quick expert comment will help.
Here's the upgrade path I chose a few months ago from about the same version you are running now. My use case is log shipping and analysis.
I use puppet as a configuration management system and I had the luxury of getting new hardware for the new setup which meant that I did not need to deal with backing up Elasticsearch indices and restoring them to the new setup.
I am also running three clusters (testing, staging and production) which gives me a bit of tolerance when trying new features...
The new versioning makes life much easier so I would just choose the latest stable release (which should be 5.5.2 at the moment) for all of the Elastic products. I pushed 5.5.2 to testing yesterday and will upgrade staging today. With a configuration management system the minor version upgrades are quite easy.
Configuration changes I had to do for the upgrade from pre version 5
Logstash GROK filters needed rewriting
Elasticsearch will need to bind to an IP other than localhost to cluster
I had not noticed that I was running an old JAVA version so had to update that ("We recommend installing Java version 1.8.0_131 or later")
As far as I remember those were the major things in addition to anything that is mentioned in the breaking changes documentation
I made sure to use the same input settings in Logstash so I could point DNS at the new setup when everything was ready. Then I worked through anything that was still coming in to the old setup, one by one, to restart services that had cached the old DNS data.
I was not really looking for any specific new features so can't comment on that
Can't remember exactly anymore... Something changed with multiline and maybe some other plugins like GeoIP as well. It was just a matter of testing the config agains the new Logstash.
-t, --config.test_and_exit
Check configuration for valid syntax and then exit. Note that grok patterns are not checked for correctness with this flag. Logstash can read multiple config files from a directory. If you combine this flag with --log.level=debug, Logstash will log the combined config file, annotating each config block with the source file it came from.
Some of the features in X-Pack does require a subscription, but there is also a free Basic license available. The features included in this are shown on the Subscriptions page.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.