FortiSOAR Knowledge Base
FortiSOAR: Security Orchestration and Response software provides innovative case management, automation, and orchestration. It pulls together all of an organization's tools, helps unify operations, and reduce alert fatigue, context switching, and the mean time to respond to incidents.
Article Id 307799

This article describes how to resolve the elasticsearch incompatibility issue on the FortiSOAR System and reindex them.


[2023-09-29T00:00:11,228][ERROR][o.e.b.Elasticsearch] [fsr-lab003] fatal exception while booting Elasticsearch

java.lang.IllegalStateException: cannot upgrade node because incompatible indices created with version [6.5.4] exist, while the minimum compatible index version is [7.0.0]. Upgrade your older indices by reindexing them in version [7.17.0] first.

at org.elasticsearch.env.NodeEnvironment.checkForIndexCompatibility( ~[elasticsearch-8.5.2.jar:?]

Scope FortiSOAR v7.x.

Step 1: Stop the elasticsearch service:


# systemctl stop elasticsearch


Step 2: Remove the Elasticsearch node and index data from the system:


# sudo rm -rf /var/lib/elasticsearch/nodes

# sudo rm -rf /var/lib/elasticsearch/indices/*


Step 3: Start the elasticsearch service.


# systemctl start elasticsearch


Step 4: Reindex the indices into Elasticsearch again. It is recommended to issue the below command using off-peak hours.


# sudo -u nginx php /opt/cyops-api/bin/console app:elastic:create


However, it is strongly advised to take a snapshot of the VM before removing the nodes/indices.