Hi,
Is it possible to migrate an elasticsearch index from one graylog to another graylog server?
I don’t need to migrate the entire graylog. Just a particular elasticsearch index.
Hello @syntax
Yes this is posibible. I performed this on one of my CentOS 7 server and migrated to Ubuntu 20.0.4.
It was actually simple just like a MySQL Dump.
One issue I did run into was when I started the restore proccess.
If this error occurs check index your indice
ERROR [IndexRotationThread] Couldn’t point deflector to a new index
java.lang.IllegalArgumentException: [alias] is unsupported for [REMOVE_INDEX]
curl -XGET 'http://localhost:9200/_cat/indices?pretty=true'
I belive this was due from my restore index had the same name as my index on the new node. Since this was a new Graylog Server I just deleted the index on the new node and executed the restore process.
Hope that helps
hi gsmith. thanks for the reply once again.
a few questions,
- how does graylog detect the restored index?
- does this process work for multi-node setup?
Hello,
Only thing I did with Graylog is restart the service, so yes. Dont have indices with the same name when you do a restore and your good.
Have a look here on that subject, @aaronsachs explains this procedure well.
As for
To be honest, I have not done this on a multi node setup yet. I would image it can be done. If you have a cluster this could be dupicated on each ES node. All I used was scp command to migrate my indices to another node and performed a restore.
NOTE: Make sure the vsersion of Elasticsearch is the same before you do a restore or you might run into trouble.
Hope that helps
2 Likes
For the multi-node question, a snapshot/restore works for a single-node or multi-node deployment since this is done through the API.
2 Likes
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.