I am upgrading Elastic Stack from 2.4 to 5.6. I came across some bumps, but nothing I couldn't handle until now. it appears that all the indices are now a bunch of random characters. I am not sure if I messed something up or what. I could not get the migration tool to work ( I have a thread open for that ) so I proceeded with what I could find in the documentation to the best of my skills.
Those indexes should be named firewall, logstash, etc. Do you have any advice? Maybe Elasticsearch isn't done doing it's thing? I see these logs in ES:
[2018-02-13T13:47:26,254][INFO ][o.e.c.m.MetaDataMappingService] [lDTtoAj] [firewall3-2018-02-13/_8oF-lTeS-2FjXkwQje-yQ] update_mapping [firewall] [2018-02-13T13:47:38,631][INFO ][o.e.m.j.JvmGcMonitorService] [lDTtoAj] [gc] overhead, spent [254ms] collecting in the last [1s] [2018-02-13T13:48:02,699][INFO ][o.e.m.j.JvmGcMonitorService] [lDTtoAj] [gc] overhead, spent [250ms] collecting in the last [1s]
with a lot more of these...
[2018-02-13T13:48:17,765][INFO ][o.e.m.j.JvmGcMonitorService] [lDTtoAj] [gc] overhead, spent [270ms] collecting in the last [1s] [2018-02-13T13:48:19,815][INFO ][o.e.m.j.JvmGcMonitorService] [lDTtoAj] [gc] overhead, spent [280ms] collecting in the last [1s] [2018-02-13T13:48:26,841][INFO ][o.e.m.j.JvmGcMonitorService] [lDTtoAj] [gc] overhead, spent [289ms] collecting in the last [1s]
Logstash is also throwing all kinds of errors saying the indices cant be found, but data is sent anyways and the data according to Kibana is in the firewall index. Many thanks.
Every one of these events contains the entire string of data in the log being sent. I had logstash running for about 20 seconds and it has one of these types of errors in the log. As you can guess, the log file filled up rather quickly.
I am not sure if this is normal for having ES on 5.6 while logstash is on 2.4 still. I am just stating some observations during my experience of the upgrade process.
I'm upgrading the lab Elastic environment. I've ready that you have to have Elasticsearch and Kibana on the same compatible versions, but LogStash is able to be put off.
I opened a thread on LogStash. Thank you for your help :smiley:
NEW: Monitor These Apps!
Apache Lucene, Apache Solr and all other Apache Software Foundation project and their respective logos are trademarks of the Apache Software Foundation.
Elasticsearch, Kibana, Logstash, and Beats are trademarks of Elasticsearch BV, registered in the U.S. and in other countries. This site and Sematext Group is in no way affiliated with Elasticsearch BV.
Service operated by Sematext