We would like to get some consultation with the community if we need to upgrade the ELK stack version to 8.x if we have Winlogbeat agents of v7.17.6 producing events not directly to Elasticsearch but via kafka cluster and subscribed via logstash to index into Elasticsearch (7.17.7).
Is this recommended to upgrade ELK stack even if we don't directly produce via Beats agent to Elasticsearch?
Hello,
It is not clear if you want to upgrade anything and what, you also didn't mention which version is your Logstash
If you have Winlogbeat on version 7.17.6 and Elasticsearch on version 7.17.7 there is no reason to upgrade.
@leandrojmp
We have ELK stack (Elasticsearch, Logstash & Kibana) running with 7.17.7 and a winlogbeat agent v7.17.6.
The winlogbeat agent is connecting to Kafka cluster which is then consumed with the ELK stack v7.17.7.
Now, we have been asked if we suppose to upgrade the Winlogbeat agent to v8.x, does that also need an upgrade to ELK stack?
OR
Upgrading Winlogbeat agent doesn't need an ELK stack upgrade?
If you plan to upgrade Winlogbeat to 8.X, then you should also upgrade Elasticsearch to the same version.
You can check in the support matrix that Elasticsearch 7.17.X is compatible with beats from version 6.8.x-7.17.x, so Elasticsearch 7.17.7 would not be compatible with any beats or logstash with verison 8.X.
This means that some things may not work as expected or not work at all.
Another thing is that on version 8.X the logic processing for parsing the field was moved from the winlogbeat agent to an ingest pipeline in Elasticsearch, so this is a big breaking changing depending if you are doing enrichments on Logstash or not.
This would also require other changes in your data pipeline as the parse needs to be done in Elasticsearch side.
There are a lot of breaking changes in this case, you will need to check them.
Also, I would recommend upgrading when possible because version 7.X is going to get unsupported in the near future when version 9.0 is released.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.