Hi,
I am using below versions of ELK
Elasticsearch 1.5
Logstash 1.5.3
Kibana 4.0.0
filebeat 1.2.1
I am planning to upgrade ELK and FB versions . Please suggest me which one should I go for now?
What new features I can get in latest one? Though I am going through breaking changes documntation, a quick expert comment will help.
br,
Sunil
Hi Sunil,
Here's the upgrade path I chose a few months ago from about the same version you are running now. My use case is log shipping and analysis.
I use puppet as a configuration management system and I had the luxury of getting new hardware for the new setup which meant that I did not need to deal with backing up Elasticsearch indices and restoring them to the new setup.
I am also running three clusters (testing, staging and production) which gives me a bit of tolerance when trying new features...
The new versioning makes life much easier so I would just choose the latest stable release (which should be 5.5.2 at the moment) for all of the Elastic products. I pushed 5.5.2 to testing yesterday and will upgrade staging today. With a configuration management system the minor version upgrades are quite easy.
Configuration changes I had to do for the upgrade from pre version 5
As far as I remember those were the major things in addition to anything that is mentioned in the breaking changes documentation
I made sure to use the same input settings in Logstash so I could point DNS at the new setup when everything was ready. Then I worked through anything that was still coming in to the old setup, one by one, to restart services that had cached the old DNS data.
I was not really looking for any specific new features so can't comment on that 
-AB
Hi,
Thank you for precise reply.
However, please elaborate this?
Does that mean, there are some different syntaxes?
Cant I just copy the same old configuration to new installation?
br,
Sunil
Can't remember exactly anymore... Something changed with multiline and maybe some other plugins like GeoIP as well. It was just a matter of testing the config agains the new Logstash.
There also seems to be a new Grok debugger Debugging Grok Expressions | Kibana User Guide [5.5] | Elastic
I think I used this as well Running Logstash from the Command Line | Logstash Reference [8.11] | Elastic
(does not help with Grok patterns though)
-t, --config.test_and_exit
Check configuration for valid syntax and then exit. Note that grok patterns are not checked for correctness with this flag. Logstash can read multiple config files from a directory. If you combine this flag with --log.level=debug, Logstash will log the combined config file, annotating each config block with the source file it came from.
-AB
Hi,
You mentioned about xpack. I think it needs license. its not free right?
Some of the features in X-Pack does require a subscription, but there is also a free Basic license available. The features included in this are shown on the Subscriptions page.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.