使用logstash迁移elasticsearch

环境：

原elasticsearch版本:6.5.0

目的elasticsearch 版本:7.4.0

1.下载logstash

我这里下载的是6.8.5版本

https://artifacts.elastic.co/downloads/logstash/logstash-6.8.5.tar.gz

2.上次服务器进行解压

在root账号下处理

tar -xvf logstash-6.8.5.tar.gz

3.迁移单个index

添加配置文件,文件内容如下:

[root@localhost config]# more sync_single_index.conf
input {
    elasticsearch {
        hosts => ["http://192.168.1.136:19200"]
        index => "index_test"
        size => 1000
        scroll => "1m"
        docinfo => true
    }
}
# 该部分被注释，表示filter是可选的
filter {
  mutate {
    remove_field => ["@timestamp", "@version"]  #过滤掉logstash 自己加上的字段
  }
}

output {
    elasticsearch {
        hosts => ["http://192.168.1.118:9200"]
        user => "elastic"
        password => "elastic"
        index => "index_test"
    }
}

执行如下脚本进行迁移

/opt/logstash-6.8.5/bin/logstash -f /opt/logstash-6.8.5/config/sync_single_index.conf

4.迁移所有的index

配置文件内容如下:

[root@localhost config]# more sync_all_index.conf
input {
    elasticsearch {
        hosts => ["http://192.168.1.136:19200"]
        index => "*"
        size => 1000
        scroll => "1m"
        codec => "json"
        docinfo => true
    }
}
# 该部分被注释，表示filter是可选的
filter {
  mutate {
    remove_field => ["@timestamp", "@version"]  #过滤掉logstash 自己加上的字段
  }
}

output {
    elasticsearch {
        hosts => ["http://192.168.1.118:9200"]
        user => "elastic"
        password => "elastic"
        index => "%{[@metadata][_index]}"
    }
}

执行如下脚本迁移

/opt/logstash-6.8.5/bin/logstash -f /opt/logstash-6.8.5/config/sync_all_index.conf