ELK Stack – Upgrade from 2.x to 5.x

Elasticsearch Snapshot and Restore



Elasticsearch Migration Helper Plugin

cd /usr/share/elasticsearch/

./bin/plugin install https://github.com/elastic/elasticsearch-migration/releases/download/v2.0.4/elasticsearch-migration-2.0.4.zip

you may get updated command from here -> Elasticsearch Migration Plugin Install

You may download plugin from here -> Elasticsearch Migration Plugin

After plugin install, access plugin using URL


netstat -na | egrep ‘9200|9300’

vi /etc/elasticsearch/elasticsearch.yml

network.host: localhost      to       network.host: “0”


If we have error for file descriptors.

Elasticsearch uses a lot of file descriptors or file handles. Running out of file descriptors can be disastrous and will most probably lead to data loss. Make sure to increase the limit on the number of open files descriptors for the user running Elasticsearch to 65,536 or higher.

Set ulimit -n 65536 as root before starting Elasticsearch, or set nofile to 65536 in /etc/security/limits.conf.

you may check current settings using command  ->    ulimit -a

To set it permanently, set this value in /etc/security/limits.conf file for user with which elasticsearch is running, its in most of cases elasticsearch

for more details check this link – Elasticsearch – Configuring System Settings

curl -X GET “localhost:9200/_nodes/stats/process?filter_path=**.max_file_descriptors”

cat /proc/sys/fs/file-max

vi /usr/lib/systemd/system/elasticsearch.service

/etc/init.d/elasticsearch restart

systemctl daemon-reload

/etc/init.d/elasticsearch restart

warning: /etc/elasticsearch/elasticsearch.yml created as /etc/elasticsearch/elasticsearch.yml.rpmnew
warning: /etc/sysconfig/elasticsearch created as /etc/sysconfig/elasticsearch.rpmnew
warning: /usr/lib/systemd/system/elasticsearch.service created as /usr/lib/systemd/system/elasticsearch.service.rpmnew

cd /usr/share/elasticsearch/

./bin/elasticsearch-plugin list

./bin/elasticsearch-plugin remove elasticsearch-migration


tail -f /path_to_logs/logs/elasticsearch.log


Kibana Upgrade


yum update kibana


if you get some error like “Login is currently disabled because the license could not be determined. Please check that Elasticsearch has the X-Pack plugin installed and is reachable, then refresh this page.”

update x-pack license using following command.

curl -XPUT 'http://<host>:<port>/_xpack/license' -H "Content-Type: application/json" -d @license.json
curl -XPUT 'localhost:9200/_xpack/security/user/elastic/_password' -H "Content-Type: application/json" -d '{
  "password" : "elasticpassword"

Ref: Elastic ,

Related Posts