Good luck with the fires and I'll check back to see how it went. On Thursday, June 2, 2016 at 6:03:34 AM UTC-7, Robert Hough wrote: > > Well, "out of the box", no that didn't work. I've got faith that it can > be done using this approach, but we'll also need to utilize Elastic's > "de_dot" filter plugin. I'm hoping to make some progress with that today, > and I'll provide an update by the end of the day. I've got about 10 fires > to put out first... :( > > Here's the link to the de_dot documentation: > > https://www.elastic.co/guide/en/logstash/current/plugins-filters-de_dot.html > > > In a nutshell: > > 1) Logstash pulls in old index data from old ES cluster > 2) Logstash sends that through filter > 1a) Match any dots in fields (user.id) > 2a) Add new field as replacement for old field (user.id == user_id) > 3a) Populate user_id with value from user.id > 4a) remove old field (user.id) > 3) Logstash pushes new index data to new ES cluster > > I'm sure I've left out something crucial here. Seems to be par for the > course, but I'm hopeful. :) > > > > > On Wednesday, June 1, 2016 at 3:06:34 PM UTC-4, Jimmy Chen wrote: >> >> Did this work for you? I am going to be looking into upgrading our >> existing cluster to 2.x too. >> >> On Tuesday, May 31, 2016 at 5:08:05 PM UTC-7, Robert Hough wrote: >>> >>> Came across this: >>> https://gist.github.com/markwalkom/8a7201e3f6ea4354ae06 >>> <https://www.google.com/url?q=https%3A%2F%2Fgist.github.com%2Fmarkwalkom%2F8a7201e3f6ea4354ae06&sa=D&sntz=1&usg=AFQjCNE1J3mT8QvKd3suG3jqyBKPZYCGng> >>> >>> third time's the charm? :) >>> >>> >>> On Friday, May 27, 2016 at 4:43:18 PM UTC-4, Robert Hough wrote: >>>> >>>> Recently built a Graylog 2.x cluster, and that seems to be working >>>> fine. I had some questions though, but right now the biggest nagging >>>> question has been... >>>> >>>> How do we migrate our existing indexes over to the new system? The >>>> whole dots in field names issue seems to be what is preventing us from >>>> pulling this off. How do we correct these, and then import them into the >>>> our new system? >>>> >>>
-- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/b679c252-8fb9-489e-ab0a-f4f51bb302fb%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
