Skip to main content
Skip table of contents

DX Upgrade Checker

The DX Upgrade Checker is used to determine if an existing DX cluster (Windows or Linux) can be upgraded to the latest version. This tool is integrated with the DX Installer and runs with the installer. It can also be run as an independent tool prior to or after an upgrade to clean up incompatible indexes.

Starting with LogRhythm 7.18, indexes created in Elasticsearch 5 (LR versions prior to 7.8) are no longer compatible. To verify if your DX cluster has any incompatible indexes, you can run the DX Upgrade Checker prior to performing your LogRhythm software upgrade to 7.18+.

Windows DX Cluster (XM)

The tool can be run from command line from any location on disk. Download the zip and extract the executable and save to a local disk location. Open Powershell or a CMD prompt to execute commands.

Linux DX Cluster

The tool can be installed and run from any node in the DX cluster for pre-upgrade checks. If you need to run post-upgrade clean-up in a multi-node cluster, you will need to install the DX Upgrade Checker on every node. Download the rpm and install:

CODE 
sudo yum localinstall upgradechecker-14.21.0.noarch.rpm

Commands

Help

CODE 
.\UpgradeChecker.exe --help

Pre-Upgrade

To perform a Pre-Upgrade, check if your indexes are compatible to be upgraded to LogRhythm 7.18+. If your cluster is “upgrade ready” at the bottom of the output you should see a result stating that you are okay to proceed:

CODE 
.\UpgradeChecker.exe live-cleanup
2024-08-27 19:53:27 [INFO] - Did not find any es2 or es5 indices
2024-08-27 19:53:27 [INFO] - You are okay to proceed with the upgrade

If your cluster contains ES2 or ES5 indexes which are incompatible with LogRhythm 7.18+, you will see an output which indicates you cannot upgrade. To prep your cluster for the upgrade, you can run live-cleanup with the -d flag, which will remove any incompatible indexes.

Screenshot 2024-08-16 085222.png
CODE 
.\UpgradeChecker.exe live-cleanup -d

Post-Upgrade

If you have upgraded your DX Cluster to LogRhythm 7.18+ and found that Elasticsearch will not start due to the presence of incompatible indexes, you will see an output in the Elasticsearch log similar to the one below, and the service will be continually restarting.

CODE 
The index [[logs-2019-07-11/Dr_e-1QwRoq4pNwpLi3Xng]] was created with version [5.5.0] but the minimum compatible version is [6.0.0]. It should be re-indexed in Elasticsearch 6.x before upgrading to 7.10.2.

To recover your Elasticsearch cluster, you must stop the service and remove the incompatible indexes from the data path. Run the DX Upgrade Checker offline-cleanup destructive -d argument with the Elasticsearch data path specified with the -i argument. The Elasticsearch Data Path directory will vary depending on your specific deployment. See below for default examples for Linux and Windows.

CODE 
./UpgradeChecker offline-cleanup -d -i /usr/local/logrhythm/db/elasticsearch/data
.\UpgradeChecker.exe offline-cleanup -d -i D:\LRIndexer

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close