TheHive-Project / TheHive

TheHive: a Scalable, Open Source and Free Security Incident Response Platform
https://thehive-project.org
GNU Affero General Public License v3.0
3.42k stars 623 forks source link

How to change index from Lucene to Elasticsearch #2230

Open fonk0rn opened 3 years ago

fonk0rn commented 3 years ago

Request Type

Question

Work Environment

Question Answer
OS version (server) Ubuntu
OS version (client) Ubuntu
Virtualized Env. True
Dedicated RAM 48 GB
vCPU 24
TheHive version / git hash 4.1.11-1
Package Type Docker
Database Cassandra
Index type Lucene
Attachments storage Local

Question

We have TheHive with the index at Lucene, but want to upgrade to cluster, so we need index at Elasticsearch. Is there such a possibility and any manual for this?

Thanks in advance.

mashaikx13 commented 2 years ago

Hi @fonk0rn if you find the solution please let me know as well. Thanks

fonk0rn commented 2 years ago

Anybody, can help with this? A month with no answer. -((

dnbdrive commented 2 years ago

We also need to migrate data, but we still haven’t found a solution ((

heywiorld commented 2 years ago

We also need to migrate data, but we still haven’t found a solution ((

dnbdrive commented 1 year ago

Use directive db.janusgraph.forceDropAndRebuildIndex: true variable more info about it: https://docs.strangebee.com/thehive/setup/operations/backup-restore/#basic-configuation

Once Cassandra database is restored, update the configuration of TheHive to rebuild the index. These lines should be added to the configuration file only for the first start of TheHive application, and removed later on.

this works in thehive4 too