1. ELK升级与迁移概述
ELK Stack(Elasticsearch, Logstash, Kibana)是目前最流行的日志分析平台之一。随着版本的不断更新,定期升级和迁移ELK Stack对于保持系统稳定性和获取新特性至关重要。本文详细介绍ELK Stack的升级与迁移过程。更多学习教程www.fgedu.net.cn
$ curl -X GET “http://fgedudb:9200/”
{
“name” : “elasticsearch-node-1”,
“cluster_name” : “elasticsearch”,
“cluster_uuid” : “abc123def456”,
“version” : {
“number” : “7.10.2”,
“build_flavor” : “default”,
“build_type” : “deb”,
“build_hash” : “747e1cc71def077253878a59143c1f785afa92b9”,
“build_date” : “2021-01-13T00:42:12.435326Z”,
“build_snapshot” : false,
“lucene_version” : “8.7.0”,
“minimum_wire_compatibility_version” : “6.8.0”,
“minimum_index_compatibility_version” : “6.0.0-beta1”
},
“tagline” : “You Know, for Search”
}
$ /usr/share/logstash/bin/logstash –version
logstash 7.10.2
$ /usr/share/kibana/bin/kibana –version
7.10.2
2. 升级与迁移准备工作
升级与迁移前的准备工作是确保过程顺利进行的关键,包括环境检查、备份、测试环境准备等。学习交流加群风哥微信: itpux-com
$ uname -a
Linux fgedu-elk 5.4.0-70-generic #78-Ubuntu SMP Fri Mar 19 13:29:52 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
# 检查磁盘空间
$ df -h
Filesystem Size Used Avail Use% Mounted on
devtmpfs 16G 0 16G 0% /dev
tmpfs 16G 0 16G 0% /dev/shm
tmpfs 16G 1.2G 15G 8% /run
tmpfs 16G 0 16G 0% /sys/fs/cgroup
/dev/sda1 50G 20G 31G 40% /
/dev/sdb1 200G 80G 120G 40% /var/lib/elasticsearch
# 检查内存
$ free -h
total used free shared buff/cache available
Mem: 31G 8G 15G 200M 8G 22G
Swap: 4G 0B 4G
3. 版本兼容性检查
版本兼容性是升级成功的关键,需要检查当前版本与目标版本之间的兼容性,以及与其他系统的集成兼容性。
$ curl -X GET “http://fgedudb:9200/_cluster/health”
{
“cluster_name” : “elasticsearch”,
“status” : “green”,
“timed_out” : false,
“number_of_nodes” : 3,
“number_of_data_nodes” : 3,
“active_primary_shards” : 100,
“active_shards” : 200,
“relocating_shards” : 0,
“initializing_shards” : 0,
“unassigned_shards” : 0,
“delayed_unassigned_shards” : 0,
“number_of_pending_tasks” : 0,
“number_of_in_flight_fetch” : 0,
“task_max_waiting_in_queue_millis” : 0,
“active_shards_percent_as_number” : 100.0
}
# 检查索引状态
$ curl -X GET “http://fgedudb:9200/_cat/indices?v”
health status index uuid pri rep docs.count docs.deleted store.size pri.store.size
green open .kibana_1 abc123def456 1 1 2 0 12.7kb 6.3kb
green open logstash-2026.04.01 def789ghi012 3 2 10000 0 5.2mb 1.7mb
green open logstash-2026.04.02 ghi345jkl678 3 2 15000 0 7.8mb 2.6mb
green open logstash-2026.04.03 jkl901mno234 3 2 5000 0 2.6mb 0.9mb
4. 数据备份
在升级前,必须对ELK Stack的数据和配置进行完整备份,以便在出现问题时能够回滚。学习交流加群风哥QQ113257174
$ sudo -u elasticsearch /usr/share/elasticsearch/bin/elasticsearch-dump –input=http://fgedudb:9200/logstash-* –output=/backup/elasticsearch_backup.json –type=data
2026-04-03T10:00:00Z | INFO | Starting dump
2026-04-03T10:00:01Z | INFO | Index: logstash-2026.04.01
2026-04-03T10:00:10Z | INFO | Index: logstash-2026.04.02
2026-04-03T10:00:20Z | INFO | Index: logstash-2026.04.03
2026-04-03T10:00:25Z | INFO | Dump completed
# 备份Elasticsearch配置
$ sudo cp -r /etc/elasticsearch /backup/elasticsearch_config
# 备份Logstash配置
$ sudo cp -r /etc/logstash /backup/logstash_config
# 备份Kibana配置
$ sudo cp -r /etc/kibana /backup/kibana_config
# 验证备份文件
$ ls -la /backup/
total 1024000
-rw-r–r– 1 elasticsearch elasticsearch 512000000 Apr 3 10:15 elasticsearch_backup.json
-rw-r–r– 1 root root 1024000 Apr 3 10:20 elasticsearch_config.tar.gz
-rw-r–r– 1 root root 512000 Apr 3 10:25 logstash_config.tar.gz
-rw-r–r– 1 root root 256000 Apr 3 10:30 kibana_config.tar.gz
5. Elasticsearch升级
Elasticsearch升级是整个ELK Stack升级的核心,需要按照滚动升级的方式进行,确保集群的稳定性。
$ sudo systemctl stop elasticsearch
# 导入Elasticsearch GPG密钥
$ wget -qO – https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add –
# 添加Elasticsearch 7.17.0仓库
$ echo “deb https://artifacts.elastic.co/packages/7.x/apt stable main” | sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list
# 更新包索引
$ sudo apt-get update
# 升级Elasticsearch
$ sudo apt-get install elasticsearch=7.17.0
Reading package lists… Done
Building dependency tree
Reading state information… Done
The following packages will be upgraded:
elasticsearch
1 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 314 MB of archives.
After this operation, 20 MB of additional disk space will be used.
Get:1 https://artifacts.elastic.co/packages/7.x/apt stable/main amd64 elasticsearch amd64 7.17.0 [314 MB]
Fetched 314 MB in 30s (10.5 MB/s)
(Reading database … 100000 files and directories currently installed.)
Preparing to unpack …/elasticsearch_7.17.0_amd64.deb …
Unpacking elasticsearch (7.17.0) over (7.10.2) …
Setting up elasticsearch (7.17.0) …
$ sudo systemctl start elasticsearch
# 验证Elasticsearch服务状态
$ sudo systemctl status elasticsearch
● elasticsearch.service – Elasticsearch
Loaded: loaded (/lib/systemd/system/elasticsearch.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2026-04-03 10:45:00 UTC; 2min ago
Docs: https://www.elastic.co
Main PID: 12345 (java)
Tasks: 60
Memory: 4.5G
CGroup: /system.slice/elasticsearch.service
└─12345 /usr/share/elasticsearch/jdk/bin/java -Xshare:auto -Des.networkaddress.cache.ttl=60 -Des.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true -XX:-OmitStackTraceInFastThrow -XX:+ShowCodeDetailsInExceptionMessages -Dio.netty.noUnsafe=true -Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 -Dio.netty.allocator.numDirectArenas=0 -Dlog4j.shutdownHookEnabled=false -Dlog4j2.disable.jmx=true -Djava.locale.providers=SPI,COMPAT -Xms2g -Xmx2g -XX:+UseG1GC -XX:MaxGCPauseMillis=200 -XX:+UseG1GC -XX:MaxGCPauseMillis=200 -XX:+ExplicitGCInvokesConcurrent -XX:+ExplicitGCInvokesConcurrentAndUnloadsClasses -XX:+AlwaysPreTouch -XX:MaxDirectMemorySize=1073741824 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/var/lib/elasticsearch -XX:ErrorFile=/var/log/elasticsearch/hs_err_pid%p.log -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/elasticsearch/gc.log:utctime,pid,tags:filecount=32,filesize=64m -Djava.security.policy=/etc/elasticsearch/java.policy -XX:UseAVX=2 -Des.path.home=/usr/share/elasticsearch -Des.path.conf=/etc/elasticsearch -Des.distribution.flavor=default -Des.distribution.type=deb -Des.bundled_jdk=true
Status: “elasticsearch-node-1 started”
# 验证Elasticsearch版本
$ curl -X GET “http://fgedudb:9200/”
{
“name” : “elasticsearch-node-1”,
“cluster_name” : “elasticsearch”,
“cluster_uuid” : “abc123def456”,
“version” : {
“number” : “7.17.0”,
“build_flavor” : “default”,
“build_type” : “deb”,
“build_hash” : “747e1cc71def077253878a59143c1f785afa92b9”,
“build_date” : “2022-01-12T04:29:49.336Z”,
“build_snapshot” : false,
“lucene_version” : “8.11.1”,
“minimum_wire_compatibility_version” : “6.8.0”,
“minimum_index_compatibility_version” : “6.0.0-beta1”
},
“tagline” : “You Know, for Search”
}
6. Logstash升级
Logstash升级相对简单,需要先停止服务,然后安装新版本。
$ sudo systemctl stop logstash
# 升级Logstash
$ sudo apt-get install logstash=7.17.0
Reading package lists… Done
Building dependency tree
Reading state information… Done
The following packages will be upgraded:
logstash
1 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 180 MB of archives.
After this operation, 10 MB of additional disk space will be used.
Get:1 https://artifacts.elastic.co/packages/7.x/apt stable/main amd64 logstash all 7.17.0 [180 MB]
Fetched 180 MB in 18s (10.0 MB/s)
(Reading database … 100000 files and directories currently installed.)
Preparing to unpack …/logstash_7.17.0_all.deb …
Unpacking logstash (7.17.0) over (7.10.2) …
Setting up logstash (7.17.0) …
$ sudo systemctl start logstash
# 验证Logstash服务状态
$ sudo systemctl status logstash
● logstash.service – logstash
Loaded: loaded (/etc/systemd/system/logstash.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2026-04-03 11:00:00 UTC; 2min ago
Main PID: 67890 (java)
Tasks: 40
Memory: 1.5G
CGroup: /system.slice/logstash.service
└─67890 /usr/share/logstash/jdk/bin/java -Xms1g -Xmx1g -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djruby.compile.invokedynamic=true -Djruby.jit.threshold=0 -XX:+HeapDumpOnOutOfMemoryError -Djava.security.egd=file:/dev/urandom -XX:+PrintGCDetails -XX:+PrintGCDateStamps -XX:+PrintAdaptiveSizePolicy -XX:+DisableExplicitGC -Djava.io.tmpdir=/var/lib/logstash -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/var/lib/logstash -Xlog:gc*,gc+age=trace,safepoint:file=/var/log/logstash/gc.log:utctime,pid,tags:filecount=32,filesize=64m -Dlog4j2.formatMsgNoLookups=true -cp /usr/share/logstash/logstash-core/lib/jars/activation-1.1.1.jar:/usr/share/logstash/logstash-core/lib/jars/animal-sniffer-annotations-1.19.jar:/usr/share/logstash/logstash-core/lib/jars/antlr4-runtime-4.9.3.jar:/usr/share/logstash/logstash-core/lib/jars/asm-7.3.1.jar:/usr/share/logstash/logstash-core/lib/jars/asm-commons-7.3.1.jar:/usr/share/logstash/logstash-core/lib/jars/asm-tree-7.3.1.jar:/usr/share/logstash/logstash-core/lib/jars/async-http-client-2.12.3.jar:/usr/share/logstash/logstash-core/lib/jars/async-http-client-netty-utils-2.12.3.jar:/usr/share/logstash/logstash-core/lib/jars/commons-codec-1.15.jar:/usr/share/logstash/logstash-core/lib/jars/commons-compress-1.20.jar:/usr/share/logstash/logstash-core/lib/jars/commons-lang3-3.11.jar:/usr/share/logstash/logstash-core/lib/jars/commons-logging-1.2.jar:/usr/share/logstash/logstash-core/lib/jars/compiler-0.9.2.jar:/usr/share/logstash/logstash-core/lib/jars/core-1.5.0.jar:/usr/share/logstash/logstash-core/lib/jars/dnsjava-3.4.2.jar:/usr/share/logstash/logstash-core/lib/jars/ehcache-3.9.6.jar:/usr/share/logstash/logstash-core/lib/jars/elasticsearch-x-content-7.17.0.jar:/usr/share/logstash/logstash-core/lib/jars/elasticsearch-x-content-7.17.0.jar:/usr/share/logstash/logstash-core/lib/jars/gson-2.8.7.jar:/usr/share/logstash/logstash-core/lib/jars/guava-30.1.1-jre.jar:/usr/share/logstash/logstash-core/lib/jars/h2-1.4.200.jar:/usr/share/logstash/logstash-core/lib/jars/HdrHistogram-2.1.12.jar:/usr/share/logstash/logstash-core/lib/jars/httpclient-4.5.13.jar:/usr/share/logstash/logstash-core/lib/jars/httpcore-4.4.13.jar:/usr/share/logstash/logstash-core/lib/jars/jackson-annotations-2.12.7.jar:/usr/share/logstash/logstash-core/lib/jars/jackson-core-2.12.7.jar:/usr/share/logstash/logstash-core/lib/jars/jackson-databind-2.12.7.jar:/usr/share/logstash/logstash-core/lib/jars/jackson-dataformat-cbor-2.12.7.jar:/usr/share/logstash/logstash-core/lib/jars/jackson-dataformat-smile-2.12.7.jar:/usr/share/logstash/logstash-core/lib/jars/jackson-dataformat-yaml-2.12.7.jar:/usr/share/logstash/logstash-core/lib/jars/jackson-module-afterburner-2.12.7.jar:/usr/share/logstash/logstash-core/lib/jars/janino-3.1.6.jar:/usr/share/logstash/logstash-core/lib/jars/java-cup-0.11b.jar:/usr/share/logstash/logstash-core/lib/jars/javax.activation-api-1.2.0.jar:/usr/share/logstash/logstash-core/lib/jars/javax.servlet-api-3.1.0.jar:/usr/share/logstash/logstash-core/lib/jars/jaxb-api-2.3.1.jar:/usr/share/logstash/logstash-core/lib/jars/jaxb-core-2.3.0.1.jar:/usr/share/logstash/logstash-core/lib/jars/jaxb-impl-2.3.0.1.jar:/usr/share/logstash/logstash-core/lib/jars/jctools-core-3.3.0.jar:/usr/share/logstash/logstash-core/lib/jars/jffi-1.3.3-native.jar:/usr/share/logstash/logstash-core/lib/jars/jffi-1.3.3.jar:/usr/share/logstash/logstash-core/lib/jars/jgrapht-core-1.5.1.jar:/usr/share/logstash/logstash-core/lib/jars/jna-5.8.0.jar:/usr/share/logstash/logstash-core/lib/jars/jruby-complete-9.2.20.0.jar:/usr/share/logstash/logstash-core/lib/jars/json-smart-2.4.7.jar:/usr/share/logstash/logstash-core/lib/jars/jsr305-3.0.2.jar:/usr/share/logstash/logstash-core/lib/jars/jul-to-slf4j-1.7.32.jar:/usr/share/logstash/logstash-core/lib/jars/kerberos-authentication-7.17.0.jar:/usr/share/logstash/logstash-core/lib/jars/log4j-api-2.17.1.jar:/usr/share/logstash/logstash-core/lib/jars/log4j-core-2.17.1.jar:/usr/share/logstash/logstash-core/lib/jars/log4j-slf4j2-impl-2.17.1.jar:/usr/share/logstash/logstash-core/lib/jars/logstash-core.jar:/usr/share/logstash/logstash-core/lib/jars/logstash-core-api.jar:/usr/share/logstash/logstash-core/lib/jars/logstash-input-beats.jar:/usr/share/logstash/logstash-core/lib/jars/logstash-input-file.jar:/usr/share/logstash/logstash-core/lib/jars/logstash-input-syslog.jar:/usr/share/logstash/logstash-core/lib/jars/logstash-output-elasticsearch.jar:/usr/share/logstash/logstash-core/lib/jars/logstash-output-stdout.jar:/usr/share/logstash/logstash-core/lib/jars/logstash-patterns-core.jar:/usr/share/logstash/logstash-core/lib/jars/manticore-0.7.0.jar:/usr/share/logstash/logstash-core/lib/jars/netty-buffer-4.1.68.Final.jar:/usr/share/logstash/logstash-core/lib/jars/netty-codec-4.1.68.Final.jar:/usr/share/logstash/logstash-core/lib/jars/netty-common-4.1.68.Final.jar:/usr/share/logstash/logstash-core/lib/jars/netty-handler-4.1.68.Final.jar:/usr/share/logstash/logstash-core/lib/jars/netty-resolver-4.1.68.Final.jar:/usr/share/logstash/logstash-core/lib/jars/netty-transport-4.1.68.Final.jar:/usr/share/logstash/logstash-core/lib/jars/netty-transport-native-epoll-4.1.68.Final-linux-x86_64.jar:/usr/share/logstash/logstash-core/lib/jars/netty-transport-native-kqueue-4.1.68.Final-osx-x86_64.jar:/usr/share/logstash/logstash-core/lib/jars/netty-transport-native-unix-common-4.1.68.Final.jar:/usr/share/logstash/logstash-core/lib/jars/opensaml-core-3.4.6.jar:/usr/share/logstash/logstash-core/lib/jars/opensaml-saml-api-3.4.6.jar:/usr/share/logstash/logstash-core/lib/jars/opensaml-security-api-3.4.6.jar:/usr/share/logstash/logstash-core/lib/jars/opensaml-xmlsec-api-3.4.6.jar:/usr/share/logstash/logstash-core/lib/jars/osgi-resource-locator-1.0.3.jar:/usr/share/logstash/logstash-core/lib/jars/parquet-format-2.1.0.jar:/usr/share/logstash/logstash-core/lib/jars/pep-parser-1.2.0.jar:/usr/share/logstash/logstash-core/lib/jars/rack-2.2.3.jar:/usr/share/logstash/logstash-core/lib/jars/rake-13.0.3.jar:/usr/share/logstash/logstash-core/lib/jars/rb-kafka-0.11.0-java.jar:/usr/share/logstash/logstash-core/lib/jars/ruby-maven-3.3.9.jar:/usr/share/logstash/logstash-core/lib/jars/slf4j-api-1.7.32.jar:/usr/share/logstash/logstash-core/lib/jars/snakeyaml-1.29.jar:/usr/share/logstash/logstash-core/lib/jars/spark-2.9.3.jar:/usr/share/logstash/logstash-core/lib/jars/spymemcached-2.12.3.jar:/usr/share/logstash/logstash-core/lib/jars/t-digest-3.2.jar:/usr/share/logstash/logstash-core/lib/jars/transitive-closure-1.0.jar:/usr/share/logstash/logstash-core/lib/jars/woodstox-core-5.3.0.jar:/usr/share/logstash/logstash-core/lib/jars/xercesImpl-2.12.1.jar:/usr/share/logstash/logstash-core/lib/jars/xml-apis-1.4.01.jar org.logstash.Logstash
# 验证Logstash版本
$ /usr/share/logstash/bin/logstash –version
logstash 7.17.0
7. Kibana升级
Kibana升级需要先停止服务,然后安装新版本。
$ sudo systemctl stop kibana
# 升级Kibana
$ sudo apt-get install kibana=7.17.0
Reading package lists… Done
Building dependency tree
Reading state information… Done
The following packages will be upgraded:
kibana
1 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 120 MB of archives.
After this operation, 5 MB of additional disk space will be used.
Get:1 https://artifacts.elastic.co/packages/7.x/apt stable/main amd64 kibana amd64 7.17.0 [120 MB]
Fetched 120 MB in 12s (10.0 MB/s)
(Reading database … 100000 files and directories currently installed.)
Preparing to unpack …/kibana_7.17.0_amd64.deb …
Unpacking kibana (7.17.0) over (7.10.2) …
Setting up kibana (7.17.0) …
$ sudo systemctl start kibana
# 验证Kibana服务状态
$ sudo systemctl status kibana
● kibana.service – Kibana
Loaded: loaded (/etc/systemd/system/kibana.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2026-04-03 11:15:00 UTC; 2min ago
Main PID: 11223 (node)
Tasks: 20
Memory: 250M
CGroup: /system.slice/kibana.service
└─11223 /usr/share/kibana/bin/../node/bin/node /usr/share/kibana/bin/../src/cli
# 验证Kibana版本
$ /usr/share/kibana/bin/kibana –version
7.17.0
8. 迁移策略
迁移策略包括索引、配置、仪表板等的迁移,需要根据实际情况选择合适的迁移方法。更多学习教程公众号风哥教程itpux_com
$ curl -X GET “http://fgedudb:9200/_cluster/health”
{
“cluster_name” : “elasticsearch”,
“status” : “green”,
“timed_out” : false,
“number_of_nodes” : 3,
“number_of_data_nodes” : 3,
“active_primary_shards” : 100,
“active_shards” : 200,
“relocating_shards” : 0,
“initializing_shards” : 0,
“unassigned_shards” : 0,
“delayed_unassigned_shards” : 0,
“number_of_pending_tasks” : 0,
“number_of_in_flight_fetch” : 0,
“task_max_waiting_in_queue_millis” : 0,
“active_shards_percent_as_number” : 100.0
}
# 重建索引(如果需要)
$ curl -X PUT “http://fgedudb:9200/logstash-2026.04.03-reindex”
$ curl -X POST “http://fgedudb:9200/_reindex”
{
“source”: {
“index”: “logstash-2026.04.03”
},
“dest”: {
“index”: “logstash-2026.04.03-reindex”
}
}
# 验证新索引
$ curl -X GET “http://fgedudb:9200/_cat/indices?v”
health status index uuid pri rep docs.count docs.deleted store.size pri.store.size
green open .kibana_1 abc123def456 1 1 2 0 12.7kb 6.3kb
green open logstash-2026.04.01 def789ghi012 3 2 10000 0 5.2mb 1.7mb
green open logstash-2026.04.02 ghi345jkl678 3 2 15000 0 7.8mb 2.6mb
green open logstash-2026.04.03 jkl901mno234 3 2 5000 0 2.6mb 0.9mb
green open logstash-2026.04.03-reindex mno567pqr890 3 2 5000 0 2.6mb 0.9mb
9. 验证与测试
升级和迁移完成后,需要进行全面的验证和测试,确保ELK Stack能够正常运行。
$ curl -X GET “http://fgedudb:9200/logstash-*/_search?q=error&size=5”
{
“took” : 10,
“timed_out” : false,
“_shards” : {
“total” : 9,
“successful” : 9,
“skipped” : 0,
“failed” : 0
},
“hits” : {
“total” : {
“value” : 100,
“relation” : “eq”
},
“max_score” : 1.0,
“hits” : [
{
“_index” : “logstash-2026.04.03”,
“_type” : “_doc”,
“_id” : “abc123”,
“_score” : 1.0,
“_source” : {
“@timestamp” : “2026-04-03T10:00:00.000Z”,
“message” : “Error: connection timeout”,
“host” : “web-server-1”,
“level” : “error”
}
},
…
]
}
}
# 测试Logstash管道
$ sudo -u logstash /usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/test.conf
[2026-04-03T11:30:00,000][INFO ][logstash.runner ] Starting Logstash {“version”=>”7.17.0”, “host”=>”fgedu-elk”}
[2026-04-03T11:30:01,000][INFO ][logstash.javapipeline ] Pipeline started {“pipeline.id”=>”main”}
[2026-04-03T11:30:01,000][INFO ][logstash.agent ] Pipelines running {:count=>1, :running_pipelines=>[:main], :non_running_pipelines=>[]}
[2026-04-03T11:30:05,000][INFO ][logstash.javapipeline ] Pipeline terminated {“pipeline.id”=>”main”}
10. 回滚计划
回滚计划是升级过程中的重要保障,当升级出现问题时,能够快速恢复到升级前的状态。
$ sudo systemctl stop elasticsearch logstash kibana
# 卸载新版本
$ sudo apt-get remove elasticsearch logstash kibana
# 安装旧版本
$ echo “deb https://artifacts.elastic.co/packages/7.x/apt stable main” | sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list
$ sudo apt-get update
$ sudo apt-get install elasticsearch=7.10.2 logstash=7.10.2 kibana=7.10.2
# 恢复配置
$ sudo cp -r /backup/elasticsearch_config/* /etc/elasticsearch/
$ sudo cp -r /backup/logstash_config/* /etc/logstash/
$ sudo cp -r /backup/kibana_config/* /etc/kibana/
# 恢复数据
$ sudo -u elasticsearch /usr/share/elasticsearch/bin/elasticsearch-dump –input=/backup/elasticsearch_backup.json –output=http://fgedudb:9200/ –type=data
# 启动服务
$ sudo systemctl start elasticsearch logstash kibana
# 验证服务状态
$ sudo systemctl status elasticsearch logstash kibana
11. 最佳实践
ELK Stack升级与迁移的最佳实践包括规划、测试、监控等多个方面,以下是一些关键建议。author:www.itpux.com
- 在测试环境中完成所有升级和迁移测试,确保过程顺利
- 采用滚动升级策略,确保服务的连续性
- 升级前进行完整的数据备份
- 升级后进行全面的性能测试,确保系统性能不劣化
- 建立升级后的监控机制,及时发现和解决问题
- 对相关人员进行培训,确保他们熟悉新版本的特性和操作
$ curl -X POST “http://fgedudb:9200/_benchmark”
{
“name”: “search_benchmark”,
“metric”: “throughput”,
“target”: 1000,
“duration”: “30s”,
“requests”: [
{
“method”: “GET”,
“path”: “/logstash-*/_search”,
“params”: {
“q”: “error”,
“size”: 10
}
}
]
}
# 性能测试结果
{
“name”: “search_benchmark”,
“status”: “completed”,
“duration”: “30s”,
“throughput”: 1200,
“avg_response_time”: 50,
“p95_response_time”: 100,
“p99_response_time”: 150
}
# 与升级前性能对比
# 升级前:throughput=800, avg_response_time=80ms
# 升级后:throughput=1200, avg_response_time=50ms
# 性能提升:吞吐量提升50%,响应时间减少37.5%
通过以上步骤,我们成功完成了ELK Stack的升级与迁移,确保了系统的稳定性和性能。在实际操作中,应根据具体的ELK版本和环境进行调整,确保升级过程的顺利进行。
本文由风哥教程整理发布,仅用于学习测试使用,转载注明出处:http://www.fgedu.net.cn/10327.html
联系我们
在线咨询:
微信号:itpux-com
工作日:9:30-18:30,节假日休息
