Siren Platform User Guide

Setting up Siren Investigate

This section includes information on how to set up Siren Investigate and get it running, including:

  • Downloading

  • Installing

  • Starting

  • Configuring

  • Upgrading


The instructions in this section are relevant for production deployments only.

Supported platforms

Packages of Siren Investigate are provided for and tested with Linux and Windows. Because Siren Investigate runs on Node.js, the required Node.js binaries for these platforms are included. Running Siren Investigate against a separately maintained version of Node.js is not supported.

Version compatibility

Siren 10.3 introduced a new capability that allows users to upgrade to a newer Investigate version without having to upgrade their Elasticsearch and Federate backend. Upgrading the backend is a complex procedure as the Elasticsearch version has to be upgraded with every major/minor Federate release. By removing the dependence on a specific backend, users can benefit from new advanced features by upgrading to the latest Investigate version, without the complexity of a simultaneous Federate/Elasticsearch upgrade.

Each Investigate version now supports several Elasticsearch/Federate versions in the following way:

  • Minimum supported Elasticsearch/Federate version - runs the set of Siren features compatible with the Elasticsearch version used. This includes all the features available in Siren 10.1, and all the features in 10.2 except Data Reflection, Neo4j Support, Ingestion, and Export/Scroll API.

  • Feature complete Elasticsearch/Federate version - runs all current Siren features

  • Target Elasticsearch/Federate version - runs all current Siren features and, being the most up-to-date version, is recommended in most cases

Siren 10.3 compatibility

Compatibility Level

Federate Version


5.6.10 - 10.1.1

Feature Complete

6.8.0 - 10.3.0


6.8.0 - 10.3.0


If the Elasticsearch/Federate backend is more recent than the Investigate version, it has to be within a minor release from Investigate Target version so as not to break APIs.

When Investigate starts up, it checks the version of Federate it is working with and compares with a compatibility matrix. It detects the features that cannot be supported and switches them off in the user interface. This is logged in the Investigate server, and the user can see which features are unsupported by checking the About section (click Management to see this section).



Minimum Federate Version

Datasource Reflection

Import and mapping of data to Elasticsearch from registered datasources


Neo4j Compatibility

Ability to register a Neo4j datasource, which can be used in Data Reflection


Remote ES Connector

Ability to register a remote Elasticsearch cluster as a datasource and create virtual indices on it


Earlier version compatibility

Table 1. Version compatibility matrix

Siren Investigate

Siren Federate



Siren Federate 6.8.0-10.2.4


Siren Federate 6.5.4-10.2.4



Siren Federate 6.8.0-10.2.3


Siren Federate 6.5.4-10.2.3



Siren Federate 6.5.4-10.2.2



Siren Federate 6.5.4-10.2.1



Siren Federate 6.5.4-10.2.0



Siren Federate 6.3.2-10.1.3-1


Siren Federate 5.6.16-10.1.3-1



Siren Federate 6.3.2-10.1.2


Siren Federate 5.6.14-10.1.2



Siren Federate 6.3.2-10.1.1


Siren Federate 5.6.10-10.1.1


Running different major version releases of Siren Investigate and Elasticsearch, for example Siren Investigate 10.x and Elasticsearch 2.x, is not supported, nor is running a minor version of Siren Investigate that is newer than the version of Elasticsearch, for example Siren Investigate 10.0.x and Elasticsearch 5.0.x.

Running a minor version of Elasticsearch that is higher than supported version will generally work to facilitate an upgrade process where Elasticsearch is upgraded first, for example Siren Investigate 10.0.x and Elasticsearch 5.7.x. In this configuration, a warning will be logged on Siren Investigate server startup, so it is only meant to be temporary until Siren Investigate is upgraded to the same version as Elasticsearch.

Running different patch version releases of Siren Investigate and Elasticsearch, for example Siren Investigate 10.0.0-1 and Elasticsearch 5.6, is generally supported, though we encourage users to run the supported versions of Siren Investigate and Elasticsearch down to the patch version.