Hello,
My main goal is to upgrade from elastic search 5.6.16 > 6.x
I have indices graylog2_21 - graylog2_65 but only 21-54 require that I reindex them since they were created in version 2.x. Version 6.x cannot use indices created in the 2.x.
One idea was to reindex them to number minus 1 then delete the old.
graylog2_21 > graylog2_20
graylog2_22 > …_21
I did try that with graylog2_20 but when I tried absolute searching for logs in the timerange that the new graylog2_19 (reindexed) had, I got some message “missing graylog2_20” I wasnt sure what to do. I unfortunately didnt save the message…(graylog2_20 was lost forever…
)
I saw someone posting back in 2017 that they went the opposite direction. 1 + highest_index (my case graylog2_66). Which I also tried, but then I didnt not see logs being recorded to index graylog2_65, which the deflector should be sending to.
So im stumped now as to what to do.
Just want to reindex the indeces that are too old (<5.x) for elasticsearch 6.x to read while graylog still being able to read those old indices.
Any input would be much appreciated.
Thank you,
Dave