Migration from elastic 6.x to 7.x problems

[fcaffieri]

Hi, Performing a migration from elastic 6.0 to 6.8 and then to 7.10. I found several problems in the documentation. At first, I installed version 3.8 of wazuh and 6.0 of elastic and then proceeded to migrate to the current versions of both. Step to detail, URL of documentation used in each step, and the problems found.

Installation wazuh 3.8 into RPM distribution:

Guide: https://documentation.wazuh.com/3.8/installation-guide/installing-wazuh-server/wazuh_server_rpm.html

The only problem I found was in the "Installing Filebeat" section number 3, the url is incorrect: https://raw.githubusercontent.com/wazuh/wazuh/3.8/extensions/filebeat/filebeat.yml

Installation elastic stack into RPM distribution:

Guide: https://documentation.wazuh.com/3.8/installation-guide/installing-elastic-stack/elastic_server_rpm.html

I had some problems: Section "Elasticsearch", point number 3, the url is incorrect: https://raw.githubusercontent.com/wazuh/wazuh/3.8/extensions/elasticsearch/wazuh-elastic6-template-alerts.json

"Logstash" section, point number 2, the url is incorrect: https://raw.githubusercontent.com/wazuh/wazuh/3.8/extensions/logstash/01-wazuh-local.con

Upgrade:

Upgrade Wazuh to 3.12.3

The first thing I did was migrate wazuh to 3.12.3. Guide: https://documentation.wazuh.com/3.12/upgrade-guide/upgrading/latest_wazuh3_minor.html#upgrading-latest-minor

This was OK.

Upgrade elastic from 6.0 to 6.8

Guide: https://documentation.wazuh.com/current/upgrade-guide/legacy/upgrading-elastic-stack/from-6.x-to-6.8.html

"Upgrading Elasticsearch" section:

In point number 10, the url is incorrect: https://raw.githubusercontent.com/wazuh/wazuh/v4.3.6/extensions/elasticsearch/6.x/wazuh-template.json

"Upgrading Logstash" section:

In point number 2, the url is incorrect: https://raw.githubusercontent.com/wazuh/wazuh/v4.3.6/extensions/logstash/6.x/01-wazuh-local.conf

"Upgrading Filebeat" section (in my case, even though I did not have a distributed installation, I installed Filebeat from the beginning, even though it was not used since it had logstash):

In point number 2, wrong url: https://raw.githubusercontent.com/wazuh/wazuh/v4.3.6/extensions/filebeat/6.x/filebeat.yml

"Upgrading Kibana" section:

In point number 3, wrong url: https://packages.wazuh.com/wazuhapp/wazuhapp-4.3.6_6.8.8.zip

Upgrade elastic from 6.8 to 7.10:

Guide: https://documentation.wazuh.com/current/upgrade-guide/legacy/upgrading-elastic-stack/from-6.8-to-7.x.html

"Upgrading Kibana" section

In point number 4, wrong url: https://packages.wazuh.com/wazuhapp/wazuhapp-4.3.6_7.10.2.zip

Finally migrate wazuh from 3.12.3 to 4.3.6. The wazuh migrations did not have any kind of problem, they were almost transparent.