Updating two different version of elastic search from one log stash

Rahul_Gupta1 · November 16, 2022, 11:17am

Hi,

i have two different version of Elasticsearch, one is old(6.3.4) and another one as new(8.3.2), currently we are writting into old cluster from logstash, and are willing to miggrate to new cluster, to avoid any data loss we were looking for an approch using which we don't have any data loss, and we can just simply add an additional Elasticsearch configuration in app.conf file, same config is been shared below


input {
    file {
        start_position => "beginning"
        path => "C:/Softwares/elk-demo/elk-demo/logs/spring.log"
        sincedb_path => "NUL"
    }
}

filter {
    json {
        source => "message"
    }
}

output {
    elasticsearch {
        hosts => [http://localhost:9201]
        index => "application_logs_1"
    }
              elasticsearch {
        hosts => [http://localhost:9202]
        index => "application_logs_2"
    }
    stdout {}
}

Question 1st:- can we write into two Elasticsearch cluster from one logstash, be updating and passing the same in config file of logstash?

warkolm · November 16, 2022, 11:10pm

Unfortunately you cannot do this from a single instance of Logstash due to compatibility issues.

You might need to send the data to a second Logstash instance that handles the newer version of Elasticsearch.

leandrojmp · November 16, 2022, 11:35pm

As Warkolm already said, it is not possible with those versions.

The earliest version of Logstash that is compatible with Elasticsearch 8.X is 7.17.0, but Logstash 7.17.0 is not compatible with Elasticsearch 6.X, the latest version that is compatible is Logstash 6.8.X.

One easy way to solve your issue is to add Kafka in your infrastructure.

You would a Logstash 6.8.X to read your file in send it to a Kafka topic, then in the same Logstash you could have a pipeline that would read from this topic and send the data to your Elasticsearch 6.3.4

You would then spin-up another Logstash instance, now on version 8.3.2 (or 8.5.1, which is the latest) to read from the same Kafka Topic and send the data to the new cluster.

system · December 14, 2022, 11:36pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Different versions of ELK cluster Elasticsearch	6	928	July 19, 2023
Migrating data from Elastic Search 2.X to 8.X using logstash Logstash	4	601	November 8, 2023
Sending data from old version of es(7.17) to newest version(8.1.1) Logstash	2	177	July 12, 2022
ELK Migartion to 8.4.3 Elasticsearch migration	2	372	December 12, 2022
How to migrate older logs stored in one elasticsearch cluster to another new one? Elasticsearch elastic-stack-monitoring , ilm-index-lifecycle-management	9	164	June 18, 2024

Updating two different version of elastic search from one log stash

Related Topics