How to copy elastic, kibana configuration file and indices into new server
329 views
Skip to first unread message
ismailctest C
Aug 22, 2023, 8:54:02 AM8/22/23
to Wazuh mailing list
Hi Team,
We are planning to migrate all wazuh, elk to new server,
Please let us know how to copy/migrate elastic, kibana configuration files, data and indices into the new server.
Lucio Donda
Aug 22, 2023, 9:11:15 AM8/22/23
to Wazuh mailing list
Hi Ismail!
We have a specific documentation section for backing up all the needed files. link -> https://documentation.wazuh.com/current/user-manual/files-backup/index.html
Here there's a list of command on how to back up indexer and dashboard -> https://documentation.wazuh.com/current/user-manual/files-backup/creating/wazuh-central-components.html#backing-up-the-wazuh-indexer-and-dashboard
Try to check each step every time.
And also over here ( https://documentation.wazuh.com/current/user-manual/files-backup/restoring/wazuh-central-components.html#restoring-wazuh-indexer-files ) how to restore those backups.
Try to pay attention to the difference between single or multinode if it's you case.
Let me know if that was what you where looking for.
We have a specific documentation section for backing up all the needed files. link -> https://documentation.wazuh.com/current/user-manual/files-backup/index.html
Here there's a list of command on how to back up indexer and dashboard -> https://documentation.wazuh.com/current/user-manual/files-backup/creating/wazuh-central-components.html#backing-up-the-wazuh-indexer-and-dashboard
Try to check each step every time.
And also over here ( https://documentation.wazuh.com/current/user-manual/files-backup/restoring/wazuh-central-components.html#restoring-wazuh-indexer-files ) how to restore those backups.
Try to pay attention to the difference between single or multinode if it's you case.
Let me know if that was what you where looking for.
ismailctest C
Aug 22, 2023, 10:41:09 AM8/22/23
to Wazuh mailing list
Hi Lucio,
We have installed wazuh and elk with this ref link
Have checked the shared documentation for the migration of elastic index. But, not found how to copy/migrate elastic indices & kibana configuration.
Can you support on this since we have 90 days of index files there in the old server, those are to be copied to the new server for monitoring old logs.
Lucio Donda
Aug 22, 2023, 12:08:05 PM8/22/23
to Wazuh mailing list
Sorry Ismail, I just answered quickly without noticing that detail.
Let me ask if in the team there's anyone with experience in that process, but, as you said, by using the ELK stack you should search on Elastic's documentation, right?
Here for more info -> https://www.elastic.co/guide/en/cloud/current/ec-migrating-data.html
Does this make sense to you? let me know
Let me ask if in the team there's anyone with experience in that process, but, as you said, by using the ELK stack you should search on Elastic's documentation, right?
Here for more info -> https://www.elastic.co/guide/en/cloud/current/ec-migrating-data.html
Does this make sense to you? let me know
ismailctest C
Aug 23, 2023, 11:35:49 AM8/23/23
to Wazuh mailing list
Hi Team,
Could you please share the details to
copy/migrate elastic indices & kibana configuration to a new server.
Lucio Donda
Aug 23, 2023, 2:09:00 PM8/23/23
to Wazuh mailing list
Hi Ismail,
As said in the previous mail I've just asked if there's anyone on the team with experience in that process. Menawhile, have you checked the link that I share earlier from elastic ?
As said in the previous mail I've just asked if there's anyone on the team with experience in that process. Menawhile, have you checked the link that I share earlier from elastic ?
ismailctest C
Aug 24, 2023, 6:02:45 AM8/24/23
to Wazuh | Mailing List
Hi,
That link is not helpful.
Lucio Donda
Aug 24, 2023, 11:58:10 AM8/24/23
to Wazuh | Mailing List
Hi Ismail,
Sadly I haven't yet received any answer from someone on the team. But let me double check some items before trying again.
You need to migrate the whole Elasticstack from one server to another, right? this can be divided into 2
The kibana configuration file you are already using can be moved directly to the new server. In previous wazuh versions we didn't have the indexer, so I'm assuming that you'll need a similar procedure as the one defined for the elastic Stack 7.x upgrade.
Here for more details -> https://documentation.wazuh.com/4.0/upgrade-guide/legacy/upgrading-elastic-stack/from-6.8-to-7.x.html#upgrading-elastic-stack-from-6-8-to-7-x
You can retrieve old logs and kibana data following this guide by elastic -> https://www.elastic.co/guide/en/elasticsearch/reference/current/snapshot-restore.html
Beside that have you already defined the OS to use on the new server, try to check the requirements -> https://documentation.wazuh.com/4.2/installation-guide/requirements.html#installation-requirements
Let me know if you have been able to proceed somehow and if there's any particular item that concerns you in this process.
Sadly I haven't yet received any answer from someone on the team. But let me double check some items before trying again.
You need to migrate the whole Elasticstack from one server to another, right? this can be divided into 2
The kibana configuration file you are already using can be moved directly to the new server. In previous wazuh versions we didn't have the indexer, so I'm assuming that you'll need a similar procedure as the one defined for the elastic Stack 7.x upgrade.
Here for more details -> https://documentation.wazuh.com/4.0/upgrade-guide/legacy/upgrading-elastic-stack/from-6.8-to-7.x.html#upgrading-elastic-stack-from-6-8-to-7-x
You can retrieve old logs and kibana data following this guide by elastic -> https://www.elastic.co/guide/en/elasticsearch/reference/current/snapshot-restore.html
Beside that have you already defined the OS to use on the new server, try to check the requirements -> https://documentation.wazuh.com/4.2/installation-guide/requirements.html#installation-requirements
Let me know if you have been able to proceed somehow and if there's any particular item that concerns you in this process.
ismailctest C
Aug 24, 2023, 1:01:33 PM8/24/23
to Wazuh | Mailing List
Hi Lucio,
Thanks for your support.
I have installed and configured new wazuh and elk in new server.
I have taken snapshot from old elastic server (All index), and backup folder is available in old elk server.
How to restore this snapshot in new elk server? Could you please help me.
Lucio Donda
Aug 24, 2023, 1:10:35 PM8/24/23
to ismailctest C, Wazuh | Mailing List
Ismail,
did you check this link that I shared before on how to restore a snapshot from elastic ?
https://www.elastic.co/guide/en/elasticsearch/reference/current/snapshot-restore.html
Let me know if you have some doubts
did you check this link that I shared before on how to restore a snapshot from elastic ?
https://www.elastic.co/guide/en/elasticsearch/reference/current/snapshot-restore.html
Let me know if you have some doubts
--
You received this message because you are subscribed to a topic in the Google Groups "Wazuh | Mailing List" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/wazuh/EnmqPc-OTpo/unsubscribe.
To unsubscribe from this group and all its topics, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/7664f865-b984-47ea-9f49-db4de7f05929n%40googlegroups.com.
 | Lucio Donda C/C++ Developer - Core Engine - RunTime Terror |
ismailctest C
Aug 24, 2023, 11:35:40 PM8/24/23
to Wazuh | Mailing List
Hi Lucio,
Thanks for your quick response.
We have the option to take a snapshot, pl find the below document.
ELK_old: 1.1.1.1
ELK_new: 1.1.1.2
Note:
1. I have taken a snapshot from ELK_old & saved it
/mount/elasticsearch_backup in
ELK_old.
2.
elasticsearch_backup folder copied to ELK_new server with rsync command.
3. Restored this snapshot in
ELK_new server & working fine.
Please let me know, what is the exact method to move snapshot from elk_old to elk_new server and restore it in elk_new server?
If you don't mind, please share the steps.
Is there any wazuh doc available for this?
Lucio Donda
Aug 25, 2023, 9:41:07 AM8/25/23
to Wazuh | Mailing List
Ismail!
Based on what you've mentioned the part of taking the snapshot and restoring it is already done. Your problem now is moving the old snapshot to the new one right? because as you mentioned restoring it should be exactly as you've done with the new one. If not do please take a look on this doc https://www.elastic.co/guide/en/elasticsearch/reference/current/snapshots-restore-snapshot.html (indirectly mentioned on the one you shared).
Searching on similar cases I found that if your intentions is to move to a different server then make sure you compress all your snapshots and respect the same structured as you had in the original server.
Here form more clarity -> https://discuss.elastic.co/t/moving-snapshot-to-another-machine/47502/2
Hope it helps!
Based on what you've mentioned the part of taking the snapshot and restoring it is already done. Your problem now is moving the old snapshot to the new one right? because as you mentioned restoring it should be exactly as you've done with the new one. If not do please take a look on this doc https://www.elastic.co/guide/en/elasticsearch/reference/current/snapshots-restore-snapshot.html (indirectly mentioned on the one you shared).
Searching on similar cases I found that if your intentions is to move to a different server then make sure you compress all your snapshots and respect the same structured as you had in the original server.
Here form more clarity -> https://discuss.elastic.co/t/moving-snapshot-to-another-machine/47502/2
Hope it helps!
Reply all
Reply to author
Forward
0 new messages