Troubleshooting Tip: How to resolve the elasticsearch incompatible indices issue and reindex them

sramanujam · ‎04-02-2024

Description

This article describes how to resolve the elasticsearch incompatibility issue on the FortiSOAR System and reindex them.

[2023-09-29T00:00:11,228][ERROR][o.e.b.Elasticsearch] [fsr-lab003] fatal exception while booting Elasticsearch

java.lang.IllegalStateException: cannot upgrade node because incompatible indices created with version [6.5.4] exist, while the minimum compatible index version is [7.0.0]. Upgrade your older indices by reindexing them in version [7.17.0] first.

at org.elasticsearch.env.NodeEnvironment.checkForIndexCompatibility(NodeEnvironment.java:529) ~[elasticsearch-8.5.2.jar:?]

Scope

FortiSOAR v7.x.

Solution

Step 1: Stop the elasticsearch service:

# systemctl stop elasticsearch

Step 2: Remove the Elasticsearch node and index data from the system:

# sudo rm -rf /var/lib/elasticsearch/nodes

# sudo rm -rf /var/lib/elasticsearch/indices/*

Step 3: Start the elasticsearch service.

# systemctl start elasticsearch

Step 4: Reindex the indices into Elasticsearch again. It is recommended to issue the below command using off-peak hours.

# sudo -u nginx php /opt/cyops-api/bin/console app:elastic:create

However, it is strongly advised to take a snapshot of the VM before removing the nodes/indices.