Monday, November 30, 2020

Elastic Stack 7.9.3 now available for Security Onion 16.04!

First, please note that Security Onion 16.04 reaches EOL in less than 5 months. Instead of applying this update, most Security Onion 16.04 users should upgrade directly to Security Onion 2:

If you do decide to proceed with this update for Security Onion 16.04, please be reminded of the recent Docker Hub rate limit changes:

The following updates are now available for Security Onion 16.04!

  • Elastic 7.9.3 Docker images
  • securityonion-capme - 20121213-0ubuntu0securityonion80
  • securityonion-elastic - 20190510-1ubuntu1securityonion124
  • securityonion-setup - 20120912-0ubuntu0securityonion329
  • securityonion-sostat - 20120722-0ubuntu0securityonion146
  • securityonion-web-page - 20141015-0ubuntu0securityonion109

These updates should resolve the following issues:

Elastic 7.9.3 #1782

so-elastic-features - improve soup call #1789

securityonion-elastic: Migrate indices.* settings for elasticsearch.yml #1786

securityonion-elastic: update links to documentation #1801

securityonion-sostat: update links to documentation #1794

securityonion-web-page: update links to documentation #1799

Setup: do not write interfaces if we lack valid contents #1784

securityonion-setup: update links to documentation #1800

Known Issues

If you get errors in logstash.log like:

 "reason"=>"Failed to parse mapping [doc]: mapper [destination_geo.latitude] cannot be changed from type [long] to [half_float]", "caused_by"=>{"type"=>"illegal_argument_exception", "reason"=>"mapper [destination_geo.latitude] cannot be changed from type [long] to [half_float]"}}}}}

then you may have an old Logstash template and may need to do the following on any node that is running Logstash:

          sudo so-logstash-stop   

curl -XDELETE localhost:9200/_template/logstash 

curl -XDELETE localhost:9200/_template/logstash-*

sudo so-logstash-start

For more information, please see: 

If that doesn't resolve the issue, you may have custom templates in /etc/logstash/custom/ that need to be updated. You’ll need to copy from source and modify as needed.


  • Thanks to the Elastic team for Elastic 7.9.3!
  • Thanks to Pete Nelson for submitting fixes for both so-elastic-features and sosetup-network!
  • Thanks to Chris Morgret for testing and QA!


Please see the following page for full update instructions:


Need support?  Please see:


No comments:

Search This Blog

Featured Post

Sneak Peek: New Detections Feature coming in Security Onion 2.4.70!

Our latest video is a sneak peek at a NEW feature coming to our FREE and OPEN Security Onion platform in the upcoming 2.4.70 release! This n...

Popular Posts

Blog Archive