Tag: ElasticSearch

Your Guide for Patching Elastic Search!

What is Patching?

A patch is a set of updates to a server or its supporting data designed to update, fix and improve, including fixing security vulnerabilities and other bugs. They may be applied to program files on a storage device or in computer memory. Patches may be permanent or temporary. 
In a brief overview, you need to perform the following tasks for patch management: 
 1. Create a patch catalog.
 2. Analyze the target to determine the patches that need to deploy.
 3. Deploy the required patches to targets requiring remediation.
 4. Analyze the targets again to ensure each server has the correct patch.

Continue reading “Your Guide for Patching Elastic Search!”

Elasticsearch Backup and Restore in Production

ES backup and restore using AWS S3

We were fortunate enough to get an opportunity to do an Elasticsearch cluster snapshot and restore on a production highly active cluster. The indices we needed to restore were around 2 – 3 TB in size.

Our task was to take a snapshot from an old cluster (v 6.4.2) which had several huge indices and restore a few of them to a new cluster (v7.9.2). This endeavour was supposed to bring the load down from the old cluster.  

Continue reading “Elasticsearch Backup and Restore in Production”

Elastic SIEM – An Event Tracking Feature

SIEM with ELK – san3ncrypt3d – Making cybersecurity a habit & Privacy a Goal

 

Torture the data, and it will confess to anything.

Ronald Coase

WHAT IS ELASTIC SIEM

Elastic SIEM (Security Information and Event Management) is a new feature provided by Elastic NV. Using Elastic SIEM we can track and maintain important events that concern us.

Events are actions that reflect something that has happened.

Continue reading “Elastic SIEM – An Event Tracking Feature”

Elasticsearch Cluster Monitoring

Elasticsearch is a scalable, full-text search and analytics engine based on Apache Lucene. It is Java-based and allows you to store, search, and analyze big volumes of data quickly in near real-time. It can search and index the document files in diverse formats. Lucene is the underlying technology that Elasticsearch uses for extremely fast data retrieval.

As flexible, scalable, and useful as Elasticsearch is, monitoring your cluster can help you ensure that the cluster is appropriately sized and handles all operations efficiently.

Continue reading “Elasticsearch Cluster Monitoring”

Elasticsearch Garbage Collector Frequent Execution Issue

Have you noticed an unexpected unallocation of Shards happening at a duration of 1 hour resulting in Cluster state switching from Green > Yellow > Red > Yellow > Green?. During this transition, ES becomes unreachable and the API calls start responding with non 200 code.

Image for post

Environment Continue reading “Elasticsearch Garbage Collector Frequent Execution Issue”