ELK6.2升级到7.17

Callie2099

已于 2022-10-27 11:29:19 修改

阅读量923

点赞数

文章标签： elasticsearch java elk

于 2021-09-29 11:32:43 首次发布

本文链接：https://blog.csdn.net/gjjhyd/article/details/120544416

版权

提示：文章写完后，目录可以自动生成，如何生成可参考右边的帮助文档

文章目录

版本升级依次从6.2升级到6.8，再升级到7.17.6
我的版本是6.2.4，升级到6.8.9，再升级到7.17.6
版本兼容性参考官方
https://www.elastic.co/cn/support/matrix#matrix_compatibility

6.2.4升级到6.8.9

集群升级需要将节点依次升级，优先升级非主节点，升级后作为主节点

一、升级Elasticsearch

1、Back up your data by taking a snapshot
1.1 Register a snapshot repository
PUT /_snapshot/backup
{
“type”: “fs”,
“settings”: {
“location”: “/localdata/snapshot” //提前创建目录并授权给elasticsearch用户
}
}
查看Register
GET /_snapshot/backup
1.2 Create a snapshot
在kibana界面Dev Tools中输入如下内容，创建名为snapshot_1的snapshot
在这里插入图片描述
查看

2、升级非主节点的Elasticsearch
2.1 Disable shard allocation.
2、升级非主节点的ES
2.1 Disable shard allocation.
PUT _cluster/settings
{
“persistent”: {
“cluster.routing.allocation.enable”: “primaries”
}
}
2.2 Stop non-essential indexing and perform a synced flush
POST _flush/synced
2.3 Shut down a single node.
[root@elktest ~]# systemctl stop elasticsearch.service
2.4 Upgrade the node you shut down
由于旧版本使用RPM包安装，所以rpm方式升级
[root@elktest ~]# rpm -Uvh elasticsearch-6.8.9.rpm
2.5 Start the upgraded node.
[root@elktest ~]# systemctl start elasticsearch.service
查看
GET _cat/nodes
2.6 Reenable shard allocation.
PUT _cluster/settings
{
“persistent”: {
“cluster.routing.allocation.enable”: null
}
}
2.7 Wait for the node to recover.
GET _cat/health?v=true
Wait for the status column to switch to green. Once the node is green, all primary and replica shards have been allocated
GET _cat/recovery
GET /_cat/health?v=true
GET /_cat/nodes?h=ip,name,version&v=true
接下来依次升级其他节点，升级完成的节点作为主节点（必须高版本为主节点）

二、升级Kibana

[root@elktest ~]# systemctl stop kibana
[root@elktest ~]# rpm -Uvh kibana-6.8.9-x86_64.rpm
[root@elktest ~]# systemctl daemon-reload
[root@elktest ~]# systemctl start kibana

三、升级Logstash

[root@elktest ~]# rpm -Uvh logstash-6.8.9.rpm
[root@elktest ~]# systemctl start logstash

四、升级Beats

[root@elktest ~]# systemctl stop filebeat
[root@elktest ~]# rpm -Uvh filebeat-6.8.9-x86_64.rpm
[root@elktest ~]# systemctl start filebeat

6.8.9升级到7.17.6

一、升级java

参考如下链接
https://blog.csdn.net/gjjhyd/article/details/127495021

二、升级Elasticsearch

1、步骤同6.2.4升级到6.8.9，rpm执行完成后执行如下操作
[root@elktest ~]# vim /etc/elasticsearch/jvm.options //注销以下3行
#-XX:+UseConcMarkSweepGC
#-XX:CMSInitiatingOccupancyFraction=75
#-XX:+UseCMSInitiatingOccupancyOnly
[root@elktest ~]# vim /etc/elasticsearch/elasticsearch.yml //修改以下行
#discovery.zen.ping.unicast.hosts: [“elktest”]
discovery.seed_hosts: [“elktest”]
cluster.initial_master_nodes: [“elktest”] 第一个升级的节点为master
[root@elktest ~]# systemctl start elasticsearch
2、Start the upgraded node.
[root@elktest ~]# systemctl start elasticsearch.service
在这里插入图片描述
3、Reenable shard allocation.

4、Wait for the node to recover
GET _cat/health?v=true
GET _cat/recovery
5、check which nodes have been upgraded
GET /_cat/nodes?h=ip,name,version&v=true

三、升级Kibana

[root@elktest ~]# systemctl stop kibana
[root@elktest ~]# rpm -Uvh kibana-7.17.6-x86_64.rpm
[root@elktest ~]# vim /etc/kibana/kibana.yml
#elasticsearch.url: “http://elktest:9200”
elasticsearch.hosts: [“http://elktest:9200”]
[root@elktest ~]# systemctl daemon-reload
[root@elktest ~]# systemctl start kibana

四、升级redis

注：Beats output is expected to work with all Redis versions between 3.2.4 and 5.0.8. Other versions might work as well, but are not supported.
[root@elktest ~]# tar zxvf redis-5.0.4.tar.gz -C /usr/local/etc/
[root@elktest ~]# vim /usr/local/etc/redis-5.0.4/redis.conf
bind 0.0.0.0
protected-mode no
port 6379
tcp-backlog 1024
logfile “/var/log/redis.log”
requirepass 123456
[root@elktest ~]# cd /usr/local/etc/redis-5.0.4/src/
[root@elktest ~]# make
[root@elktest ~]# make install
[root@elktest ~]# ./redis-server /usr/local/etc/redis-5.0.4/redis.conf &
[root@elktes src]# redis-cli
127.0.0.1:6379> auth 123456
OK
127.0.0.1:6379> keys *

“syslog”

五、升级Logstash

[root@elktest ~]# systemctl stop logstash
[root@elktest ~]# rpm -Uvh logstash-7.17.6.rpm
[root@elktest ~]# vim /etc/logstash/jvm.options //注释掉以下行
#-XX:+UseParNewGC
#-XX:+UseConcMarkSweepGC
#-XX:CMSInitiatingOccupancyFraction=75
#-XX:+UseCMSInitiatingOccupancyOnly
[root@elktest ~]# systemctl start logstash

六、升级Beats

1、升级Filebeat
[root@elktest ~]# systemctl stop filebeat
[root@elktest ~]# rpm -Uvh filebeat-7.17.6-x86_64.rpm
[root@elktest ~]# vim /etc/filebeat/filebeat.yml //复制一个7.17版本的filebeat.yml，将output部分改为以下内容
#filebeat.prospectors: //将filebeat.prospectors改为filebeat.inputs
filebeat.inputs:
enabled: false //input false,使用module收集
output.redis: //修改redis部分
hosts: [“elktest”]
password: “123456”
key: “syslog”
db: 0
timeout: 5
[root@elktest ~]# cd /etc/filebeat/modules.d/
[root@elktest modules.d]# filebeat modules list
[root@elktest modules.d]# filebeat modules enable system
[root@elktest modules.d]# vim system.yml
在这里插入图片描述
[root@elktest ~]# systemctl start filebeat
升级后kibana中的Visualize需要更改，Field都变更为*.Keyword，例如beat.hostname更改为beat.hostname.keyword

2、升级Auditbeat
[root@elktest ~]# systemctl stop auditbeat
[root@elktest ~]# rpm -Uvh auditbeat-7.17.6-x86_64.rpm
[root@elktest ~]# vim /etc/auditbeat/auditbeat.yml
output.redis: //将output.redis部分改成如下内容
hosts: [“elktest”]
password: “123456”
key: “syslog”
db: 0
timeout: 5
worker: 2
[root@elktest ~]# systemctl start auditbeat