The Search AI Company

Build tailored experiences with Elastic.

Elastic Search AI Platform overview

Scale your business with Elastic Partners

Partner overview

ELK Stack

Search and analytics, data ingestion, and visualization – all at your fingertips.

ELK Stack overview

By developers, for developers

Elastic Cloud

Unlock the power of real-time insights with Elastic on your preferred cloud provider.

Elastic Cloud overview

Generative AI

Prototype and integrate with LLMs faster using search AI.

Generative AI overview

Search

Discover a world of AI possibilities — built with the power of search.

Search Labs

Search overview

Security

Protect, investigate, and respond to cyber threats with AI-driven security analytics.

Security Labs

Security overview

Observability

Unify app and infrastructure visibility to proactively resolve issues.

Observability Labs

Observability overview

By solution

See how customers search, solve, and succeed — all on one Search AI Platform.

All customer stories

Industries

Exceed customer expectations and go to market faster.

Industries overview

Customer spotlight

Cisco saves 5,000 support engineer hours per month

Sitecore automates 96 percent of security workflows with Elastic

Comcast transforms customer experiences with Elastic Observability

Research

Stay at the forefront of innovation with technical tips from the experts.

Build

Code with other developers to create a better Elastic, together.

Learn

Unleash the possibilities of your data and grow your skill set.

Connect

Keep informed about the latest tech and news from Elastic.

Have questions?

New

The executive guide to generative AI

About us Partners Support|Login

Upgrade

This section gives general recommendations for upgrading Beats shippers:

Upgrade between minor versions
Upgrade from 8.x to 9.x
Troubleshoot Beats upgrade issues

Upgrade between minor versions

As a general rule, you can upgrade between minor versions (for example, 9.x to 9.y, where x < y) by simply installing the new release and restarting the Beat process. Beats typically maintain backwards compatibility for configuration settings and exported fields. Please review the review the release notes for potential exceptions.

Upgrading between non-consecutive major versions (e.g. 7.x to 9.x) is not supported.

Upgrade from 8.x to 9.x

Before upgrading your Beats, review the release notes and be aware of any documented breaking changes.

If you’re upgrading other products in the stack, also read the Elastic Stack upgrade steps.

We recommend that you fully upgrade Elasticsearch and Kibana to version 9.0 before upgrading Beats. The Beats version must be lower than or equal to the Elasticsearch version. Beats cannot send data to older versions of Elasticsearch.

If you use the Uptime app in Kibana, make sure you add heartbeat-9* and synthetics-* to Uptime indices on the Settings page. The first index is used by newer versions of a Beat, while the latter is used by Fleet.

Important

Please read through all upgrade steps before proceeding. These steps are required before running the software for the first time.

Upgrade Beats binaries to 9.0

Before upgrading:

Stop the existing Beats process by using the appropriate command for your system.
Back up the data and config directories by copying them to another location.

Tip

The location of these directories depends on the installation method. To see the current paths, start the Beat from a terminal, and the data and config paths are printed at startup.

To upgrade using a Debian or RPM package:

Use rpm or dpkg to install the new package. All files are installed in the appropriate location for the operating system and Beats config files are not overwritten.

To upgrade using a zip or compressed tarball:

Extract the zip or tarball to a new directory. This is critical if you are not using external config and data directories.
Set the following options in the Beats configuration file:
- Set path.config to point to your external config directory. If you are not using an external config directory, copy your old configuration over to the new installation.
- Set path.data to point to your external data directory. If you are not using an external data directory, copy your old data directory over to the new installation.
- Set path.logs to point to the location where you want to store your logs. If you do not specify this setting, logs are stored in the directory you extracted the archive to.

Complete the upgrade tasks described in the following sections before restarting the Beats process.

Load 9.0 dashboards

We recommend that you load the 9.x Kibana dashboards after upgrading Kibana and Beats. That way, you can take advantage of improvements added in 9.0. To load the dashboards, run:

DEB

beatname setup --dashboards

RPM

beatname setup --dashboards

MacOS

./beatname setup --dashboards

Linux

./beatname setup --dashboards

Docker

docker run --rm --net="host" docker.elastic.co/beats/beatname:9.0.0 setup --dashboards

Windows

Open a PowerShell prompt as an Administrator (right-click the PowerShell icon and select Run As Administrator).

From the PowerShell prompt, change to the directory where you installed a Beat, and run:

PS > .\beatname.exe setup --dashboards

Migrate custom dashboards and visualizations

All Elastic Beats send events with ECS-compliant field names. If you have any custom Kibana dashboards or visualizations that use old fields, adjust them now to use ECS field names.

To learn more about ECS, refer to the ECS overview.

Start your upgraded Beats

After you’ve completed the migration, start the upgraded Beat. Use the command that works with your system.

Check the console and logs for errors.

In Kibana, go to Discover and verify that events are streaming into Elasticsearch.

Troubleshoot Beats upgrade issues

This section describes common problems you might encounter when upgrading to Beats 9.x.

Beats is unable to send update or deletion requests to a data stream

Data streams are designed for use cases where existing data is rarely, if ever, updated. You cannot send update or deletion requests for existing documents directly to a data stream.

If needed, you can update or delete documents by submitting requests directly to the document’s backing index. To learn how, refer to the docs about using a data stream.

Timestamp field is missing

Beats requires a timestamp field to send data to data streams. If the timestamp field added by Beats is inadvertently removed by a processor, Beats will be unable to index the event. To fix the problem, modify your processor configuration to avoid removing the timestamp field.