Should I update to elasticsearch 5.x?


#1

Currently running graylog 2.2.3 and elasticsearch 2.4.4 for several instances. Will soon be updating to graylog 2.3.1, but have not considered elasticsearch 5 yet because of how it handles directories for indices.
Once you upgrade to elasticsearch 5, it will rename all of the index directories with a new UUID, making it difficult to figure out which one is associated with a particular index set and when it was created. also when elasticsearch is restarted, the directories and files are touched so you cannot rely on ls to show the date of the directory. I believe you can stat the write.lock file underneath, but this is less than ideal.
On occasion we will want to move individual indices out of elasticsearch and the easiest way has always been to stop the service, move the directory, and start it back up. This works great in test environments when we don’t have to worry about the integrity of orphaned indices.

you now have to either rely on snapshots with curl commands or graylog’s archive feature.


#2

See https://github.com/Graylog2/graylog2-server/issues/4227.


#3

Well that answers my question. Either harden the existing systems and ride it out till end of contract if new features are not needed or adapt and upgrade. thanks for the info


(system) #4

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.