Hi,
I’m trying to import an Elasticsearch dump generated in my old VM (Ubuntu 16 + Graylog 3.3.11+9335407) to my new VM (Ubuntu 20 + Graylog 4.2.7+879e651). But even after conclude the export and import steps Graylog can’t find the Elasticsearch data.
Those are the steps I followed:
Backup
- I registered a snapshot repository in VM containing Graylog 3.3.11+9335407
curl -X PUT "localhost:9200/_snapshot/graylog_backup?pretty" -H 'Content-Type: application/json' -d'
{
"type": "fs",
"settings": {
"location": "/var/backups/elasticsearch/"
}
}
'
- Then I created the snapshot
curl -X PUT "localhost:9200/_snapshot/graylog_backup/snapshot_20220307?wait_for_completion=true&pretty"
- And last all of /var/backups/elasticsearch/ directory content was archived (using tar) and sent to the new server (Graylog 4.2.7+879e651):
cd /var/backups/elasticsearch/
tar fczP elasticsearch-07032022.tar.gz *
scp -P 60022 /var/backups/elasticsearch/elasticsearch-07032022.tar.gz tomasi@N.N.N.N:/home/tomasi/
Restore
In the new server I followed those steps:
-
I registered a snapshot repository
-
Then I moved the .tar.gz file to /var/backups/elasticsearch/ directory and extracted it:
cd /var/backups/elasticsearch/
mv /home/tomasi/elasticsearch-07032022.tar.gz .
tar -xvf elasticsearch-07032022.tar.gz
- And last I imported the snapshot in the new server:
curl -X POST "localhost:9200/_snapshot/graylog_backup/snapshot_20220307/_restore?pretty"
- Linux showed a succesful message:
{
"accepted" : true
}
The new server (Ubuntu 20 + Graylog 4.2.7+879e651) detected the Elasticsearch data (5.5GiB)
But I can’t search inside that data (for example the last 7 days):
Do you have suggestions about what to do next step?
Thank you
