Upgrading X-Packedit

You must upgrade all of the Elastic Stack products you are using when upgrading to a new major version.

If you use X-Pack security and are upgrading directly to 6.0.1 from 5.5 or earlier, you must upgrade the .security index after you restart Elasticsearch. Native realm users will not be able to authenticate until the index is upgraded. For instructions, see Upgrading internal indices. You also need to upgrade the .security index if you restore a pre-5.6 snapshot to a fresh 6.0 install.

To upgrade X-Pack:

  1. Stop any machine learning jobs that are running before starting the upgrade process. See Stopping Machine Learning.
  2. Stop Elasticsearch.
  3. Uninstall X-Pack from Elasticsearch:

    bin/elasticsearch-plugin remove x-pack
  4. If you have not already done so, upgrade Elasticsearch.
  5. Install the new version of X-Pack into Elasticsearch.
  6. Restart Elasticsearch.

    If you’re upgrading a production cluster, perform a rolling upgrade to ensure recovery is as quick as possible. Rolling upgrades are supported when upgrading to a new minor version. A full cluster restart is required when upgrading to a new major version.

  7. If you encrypt sensitive data in Watcher, there is a breaking change related to the system_key file. You must use the secure settings keystore and add the contents of the system_key on each node in the cluster. See Encrypting Sensitive Data in Watcher.
  8. Uninstall X-Pack from Kibana:

    bin/kibana-plugin remove x-pack
  9. If you have not already done so, upgrade Kibana.
  10. Install the new version of X-Pack into Kibana.
  11. Restart Kibana.
  12. Uninstall X-Pack from Logstash:

    bin/logstash-plugin remove x-pack
  13. If you have not already done so, upgrade Logstash.
  14. Install the new version of X-Pack into Logstash.
  15. Restart Logstash.