Unfortunately as part of our standard server updates, ES got upgraded to 7.12.0 and after a server crash today and doing some digging, I noticed the warning about not upgrading to ES 7.11 or greater (I wish this was sent out as a better warning but anyway).
So, I guess waiting for an updated version of Graylog is not really an option. We were also looking at another backup solution so we don’t have any pre-upgrade backup of ES.
Any suggestions on what we should do now?
Would it be a reasonable option to install GL and ES on a new server and then use something like elasticdump to move the data across to the new server?
Any help will be sincerely appreciated. Thanks in advance.
Hello @mahomed, you can consult with the Elastic forums and documentation for an Elasticsearch downgrade process. Potentially you could alternatively build up an Elasticsearch cluster and admit a node with 7.11 as a member, allow replication to occur to all nodes, and then remove the node with version 7.12 from the cluster. I don’t know if this is supported, Elastic is the best place to look.
That being said, we’ve been running on 7.12 for awhile and while we did encounter an issue after the first time our indexes rotated subsequent rotations haven’t caused any problems. Our use case can tolerate some limited data loss (although ours wasn’t a case of data loss just a problem with visualization temporarily), so our retention and uptime requirements are fairly loose.
@mahomed your option at this point would be to stand up a 7.10.2 instance/cluster as the case may be, and reindex from remote. You can’t snapshot and restore, as I believe indices, once in 7.11+, are changed and thus not readable by simply doing a restore from a snapshot.
Thanks. This is what I suspected from my reading. I was planning on migrating from a VM to a physical server anyway so I guess this is as good a time as any.
