Upgrades

You can check the current version using the API command:

curl -u $USER:$PASSWORD -X GET http://localhost:9200/license

Upgrade from version 7.0.1

General note

  • Update the kibana role to include index-pattern .kibana*
  • Update the alert role to include index-pattern .alertrules* and alert_status*
  • Install python36 which is required for the Alerting engine
yum install python3 on client-node
  • AD users should move their saved objects from the adrole.
  • Indicators of compromise (IOCs auto-update) require access to the software provider’s servers.
  • GeoIP Databases (auto-update) require access to the software provider’s servers.

Upgrade steps

  • Stop services
systemctl stop elasticsearch alert kibana
  • Upgrade client-node (includes alert engine)
yum update ./energy-logserver-client-node-7.0.2-1.el7.x86_64.rpm
  • Login in the GUI Energy Logserver and go to the Alert List on the Alerts tab and click SAVE button

../_images/image143.png

  • Start alert and kibana service
systemctl start alert kibana
  • Upgrade data-node
yum update ./energy-logserver-data-node-7.0.2-1.el7.x86_64.rpm
  • Start services
systemctl start elasticsearch alert

Extra note

If the Elasticsearch service has been started on the client-node, then it is necessary to update the client.rpm and data.rpm packages on the client node.

After update, you need to edit:

/etc/elasticsearch/elasticsearch.yml

and change:

node.data: false

Additionally, check the file:

elasticsearch.yml.rpmnew

and complete the configuration in elasticsearch.yml with additional lines.

Changing OpenJDK version

Logstash

OpenJDK 11 is supported by Logstash from version 6.8 so if you have an older version of Logstash you must update it.

To update Logstash, follow the steps below:

  1. Back up the following files

    • /etc/logstash/logstash.yml
    • /etc/logstash/piplines.yml
    • /etc/logstash/conf.d
  2. Use the command to check custom Logstash plugins:

    /usr/share/bin/logstash-plugin list --verbose
    

    and note the result

  3. Install a newer version of Logstash according to the instructions:

    https://www.elastic.co/guide/en/logstash/6.8/upgrading-logstash.html

    or

    https://www.elastic.co/guide/en/logstash/current/upgrading-logstash.html

  4. Verify installed plugins:

    /usr/share/bin/logstash-plugin list --verbose
    
  5. Install the missing plugins if necessary:

    /usr/share/bin/logstash-plugin install plugin_name
    
  6. Run Logstash using the command:

    systemctl start logstash
    

Elasticearch

Energy Logserver can use OpenJDK version 10 or later. If you want to use OpenJSK version 10 or later, configure the Elasticsearch service as follows:

  1. After installing OpenJDK, select the correct version that Elasticsearch will use:

    alternative --config java
    
  2. Open the /etc/elasticsearch/jvm.options file in a text editor:

    vi /etc/elasticsearch/jvm.options
    
  3. Disable the OpenJDK version 8 section:

    ## JDK 8 GC logging
    
    #8:-XX:+PrintGCDetails
    #8:-XX:+PrintGCDateStamps
    #8:-XX:+PrintTenuringDistribution
    #8:-XX:+PrintGCApplicationStoppedTime
    #8:-Xloggc:/var/log/elasticsearch/gc.log
    #8:-XX:+UseGCLogFileRotation
    #8:-XX:NumberOfGCLogFiles=32
    #8:-XX:GCLogFileSize=64m
    
  4. Enable the OpenJDK version 11 section

    ## G1GC Configuration
    # NOTE: G1GC is only supported on JDK version 10 or later.
    # To use G1GC uncomment the lines below.
    10-:-XX:-UseConcMarkSweepGC
    10-:-XX:-UseCMSInitiatingOccupancyOnly
    10-:-XX:+UseG1GC
    10-:-XX:InitiatingHeapOccupancyPercent=75
    
  5. Restart the Elasticsearch service

    systemctl restart elasticsearch