Because of the running versions of my Elastic and Opensearch instances, I am unable to simply move the DB files from once app to the other.
The solution I've found for this is LogStash.
To migrate a post-fork version of Elasticsearch (7.11+) to OpenSearch, you can use Logstash. You’ll need to employ the Elasticsearch input plugin within Logstash to extract data from the Elasticsearch cluster, and the Logstash Output OpenSearch plugin to write the data to the OpenSearch 2.x cluster. We suggest using Logstash version 7.13.4 or earlier, as newer versions may encounter compatibility issues when establishing a connection with OpenSearch due to changes introduced by Elasticsearch subsequent to the fork. We strongly recommend that users test this solution with their own data to ensure effectiveness.
- OpenSearch Website
Install LogStash on the machine that's running Elasticsearch:
Download LogStash v7.13.4 from the Elasticsearch site
wget https://artifacts.elastic.co/downloads/logstash/logstash-7.13.4-amd64.debInstall
dpkg -i logstash-7.13.4-amd64.debCreate a new config
bash -c "cat > /etc/logstash/conf.d/logstash.conf" <<'EOF'
input {
elasticsearch {
hosts => "localhost:9200"
index => "*"
size => 1000
scroll => "1m"
ssl => false
codec => "json"
docinfo => true
}
}
output {
opensearch {
hosts => ["http://<opensearch-node>:9200"]
index => "%{[@metadata][_index]}"
user => "graylog"
password => "****************"
}
}
EOFInstall logstash-input-elasticsearch - this will catch incoming events
sudo /usr/share/logstash/bin/logstash-plugin install logstash-input-elasticsearchInstall logstash-output-opensearch - this will send events to your OpenSearch node(s).
sudo /usr/share/logstash/bin/logstash-plugin install logstash-output-opensearchYou can test functionality by manually running LogStash
sudo /usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/logstash.confOnce you've confirmed event ingestion to OpenSearch (check via the API or using OpenSearch Dashboard), enable the systemd service to start sending new, incoming events and dumping existing, stored data to OpenSearch.
systemctl enable --now logstash.service
systemctl status logstash.service