Migrating ClickHouse Events from FortiSIEM 6.5.x to 6.6.0 or Later
FortiSIEM 6.5.x ran ClickHouse on a single node and used the Merge Tree engine. FortiSIEM 6.6.0 onwards runs ClickHouse on a cluster using Replicated Merge Tree engine. You need to follow these special steps to move the old events previously stored in Merge Tree to Replicated Merge Tree.
|
From FortiSIEM 6.5.x, you MUST first upgrade to FortiSIEM 6.6.x PRIOR to upgrading to FortiSIEM 7.x or later. If you directly upgrade from 6.5.x to 7.0.0 or later, upgrade will fail. |
To upgrade your FortiSIEM 6.5.x to 6.6.x, take the following steps
-
Navigate to ADMIN >Settings > Database > ClickHouse Config.
-
Click Test, then click Deploy to enable the ClickHouse Keeper service which is new in 6.6.x.
-
Migrate the event data in 6.5.x to 6.6.x by running the script
/opt/phoenix/phscripts/clickhouse/clickhouse-migrate-650.sh. -
Verify that all events have been moved to the new table through GUI Search.
-
When the data migration is deemed successful, run the following command on every node where the
clickhouse-migrate-650.shscript was run successfully to drop the old event table.clickhouse-client -q "DROP TABLE fsiem.events_non_replicated"
Now you can upgrade to FortiSIEM 7.x or later, if needed.