Re: Metron Alert UI and zero-down time Elasticsearch re-index

It would be great if we can have some help on this issue. Cheers, Ali On Sat, Jan 6, 2018 at 12:33 PM, Ali Nazemian wrote: > Hi James, > > Due to changes in the field format, I want to create a new index with the > new format. Create an alias to refer to both new and old

Re: Metron Alert UI and zero-down time Elasticsearch re-index

Hi James, Due to changes in the field format, I want to create a new index with the new format. Create an alias to refer to both new and old index. Then, copy all the documents from the old index to the new index and use the alias to search through Metron Alert UI and Kibana to avoid any

Re: Metron Alert UI and zero-down time Elasticsearch re-index

Hi Ali, I am not sure I understand what you are trying to do. Are you trying to change the name on the old index, add it to the alias, and then re-index and give the new index the name of the old index? 01.01.2018, 22:30, "Ali Nazemian" : > Hi All, > > We are using an

Metron Alert UI and zero-down time Elasticsearch re-index

Hi All, We are using an older version of Metron Alert-UI (Received in Oct 2017) which sends search queries to ES directly without using Metron Rest API. We wanted to run a zero-downtime ES reindex process by using ES aliasing. However, I am not sure how it will impact the search part of Alert-UI