Migration from elasticsearch to Wazuh native
289 views
Skip to first unread message
Atul Chadha
Jul 17, 2023, 1:45:35 AM7/17/23
to Wazuh mailing list
We are running a multi node wazuh (4.3.x) + elasticsearch basic license (7.17.x) cluster and planning to upgrade to wazuh native stack ( wazuh indexer, manager and dashboard )
We have a data of about 20TB and can not afford to stop logging during the migration. What is the best way to move over to the above mentioned setup.
Would our setup support the steps mentioned in the below guide for opensearch ( we are using elasticsearch )
https://documentation.wazuh.com/current/migration-guide/wazuh-indexer.html
https://documentation.wazuh.com/current/migration-guide/wazuh-indexer.html
OR we would have to reindex all indices to the new setup ?
Diego Mendez Sakugawa
Jul 17, 2023, 7:11:44 AM7/17/23
to Wazuh mailing list
Hello Atul,
Looking forward to your feedback!
For the migration, you will need to stop Elasticsearch to properly install and set up the Wazuh Indexer service as per the documentation. During the procedure, the Wazuh Manager will still receive information. After finishing the migration and once you have all the services up and running, you can use the Wazuh Recovery Tool to reindex any missing events in your environment.
Looking forward to your feedback!
Please let me know if you have any remaining questions!
Reply all
Reply to author
Forward
0 new messages