After migrating to Elasticsearch, you can verify that your data was migrated in the
elastic-migration-results file located in the migration directory.
If you identify that there are items that were not migrated, you can migrate those objects using the migration tool.
You must run the migration tool from the same directory where you originally ran the migration. The migration tool reads from the
elastic-migration-resultsfile located in the migration directory to determine which data must still be migrated.
Always migrate older data before newer data. Migrating partitions out of order can cause duplicate incident ids.
By default, the migration tool skips over objects larger than 100 megabytes. After the migration process runs, you can view the skipped large objects and determine whether to migrate them. For more information, see Validate the Migration to Elasticsearch.
Stop the Cortex XSOAR server.
sudo systemctl stop demisto
sudo service demisto stop
./elasticMigratorcommand with either demisto or sudo permissions.
The migration tool identifies that a migration already executed for your environment.
When prompted to view the results of the previous execution, enter
In the figure above, for example, we can see that the audits object was not migrated.
./elasticMigratorcommand and use the
objects-to-migrateflag to migrate any items that were not migrated.
Start the Cortex XSOAR service.
sudo systemctl start demisto
sudo service demisto start