Skip to main content

Updating ELK Stack for LME


Updating ELK Stack for LME

If you find you need to update the ELK (Elastic, Logstash, Kibana)  Stack for LME you have come to the right place.

At time of writing had just update to 8.15.0 due to Critical Vulnerability with Kibana..  Important point to note, for this all to hang together all 3 components of the ELK stack need to be on the same version

Step 1 identifyIdentify currentCurrent versionVersion You Are Running

sudo docker ps

image.png

 

Step 1A Download the New Docker Images

TBH not sure if this step is required, but this is what I did and it worked, so thought I'd document it

you need to download the 3 images

before you arestart runningview the images currently on the system with command

sudo docker image ls

image.png

sudo docker pull docker.elastic.co/elasticsearch/elasticsearch:8.15.0 

image.png

 

sudo docker pull docker.elastic.co/kibana/kibana:8.15.0  

image.png

sudo docker pull docker.elastic.co/logstash/logstash:8.15.0

image.png

Now if you enter the command sudo docker image ls you should see the new images you have acquired listed

 

Step 2 Edit the Docker composeCompose file and Pull the images

Images

Edit the docker compose file, in the case of LME, it can be found at  /opt/lme/Chapter 3 Files/docker-compose-stack-live.yml

Copy of this file is attached to this articklearticle and can be accessed here docker-compose-stack.yml

You need to edit the 3 lines that specify the new image you want to use (in this example these are the images before I changed them to be 8.15.0)

image.png

image.png

image.png

the image name needs to be the same name as the image you have downloaded in previous step

once updated and saved run the following command

 sudo docker compose -f /opt/lme/Chapter\ 3\ Files/docker-compose-stack-live.yml pull

image.png

Step 3 Update the dockerDocker serviceService with the imageNew Images

sudo docker service ls - will display the services and importantly names & versions running in docker

image.png

sudo docker service update --image docker.elastic.co/elasticsearch/elasticsearch:8.15.0 lme_elasticsearch

where docker.elastic.co/elasticsearch/elasticsearch:8.15.0 is the new image and lme_elasticsearch is the service name 

you need to do this for all 3 services 

  • lme_elasticsearch 
    • sudo docker service update --image docker.elastic.co/elasticsearch/elasticsearch:8.15.0 lme_elasticsearch
  • lme_kibana
    • sudo docker service update --image docker.elastic.co/kibana/kibana:8.15.0 lme_kibana
  • lme_logstash
    • sudo docker service update --image docker.elastic.co/logstash/logstash:8.15.0 lme_logstash

Now check its all updated and on the correct version with sudo docker ps

You can also navigate to the web portal pbr-lme-kl1 and log on , click on pizza icon top right and down the bottom you should see the version listed

 

image.png

 

Back to top