Follow

How To "change the default Elasticsearch data store directory"

Question

How do I change the default Elasticsearch data store directory?

Summary

By default, if the Elasticsearch data store directory is not defined, it will write to the default location (/var/lib/elasticsearch). In many instances, it is recommended that the data store directory is defined. This is because the default directory location is generally not sized accordingly to accommodate the Elasticsearch data. The data store directory can be changed at anytime, but it is preferable to defined it immediately after installation.

The steps below outlines the “How To” steps on how to define the Elasticsearch data store directory. The high-level steps are outlined below:

  • Step 1 - Create data store directory and modifying elasticsearch.yml
  • Step 2 - Move Elasticsearch data, and start Elasticsearch

Steps

The steps listed below to create a new data store directory for Elasticsearch is designed for a rolling restart of each Elasticsearch node.

NOTE: Please perform all the steps in sequence on a single Elasticsearch node before moving to the next node 

Step 1 - Create data store directory and modifying elasticsearch.yml

  1. SSH to the SEARCH NODES as the Interset User
  2. Create a new data store directory for Elasticsearch in a desired location, and it is sized appropriately to accommodate the Elasticsearch data. Below is an example command:
    • EXAMPLE: sudo mkdir /data/elasticsearch
  3. Ensure the new directory is set with the appropriate permissions for the Elasticsearch user and group. Below is example command:
    • EXAMPLE: sudo chown elasticsearch:elasticsearch /data/elasticsearch
  4. Type in the following command to disable Elasticsearch shard allocation:
  5. Once shard allocation is disabled, please type in the follow command to stop Elasticsearch:
    • For EL6
      • sudo service elasticsearch stop
    • For EL7
      • sudo systemctl stop elasticsearch
  6. Once Elasticsearch is stopped, type in the following command to edit the elasticsearch.yml:
    • sudo vi /etc/elasticsearch/elasticsearch.yml
  7. In the elasticsearch.yml file, look for the path.data parameter, and uncomment it.
  8. Change the path.data value to the new Elasticsearch data store directory. It should look similar to the following example:
    • EXAMPLE: path.data: /data/elasticsearch.
  9. Once the path.data is set, save and exit the elasticsearch.yml file. 

Step 2 - Move Elasticsearch data and start Elasticsearch

  1. SSH to the SEARCH NODES as the Interset User
  2. Type in the following command to move the existing Elasticsearch data to the new Elasticsearch data store directory:
    • sudo mv /var/lib/elasticsearch/* <new_ES_data_store_path>
  3. Once the Elasticsearch data is copied to the new data store directory, please ensure that the permission is set to elasticsearch for user and group.
  4. Type in the following command to start Elasticsearch:
    • For EL6
      • sudo service elasticsearch start
    • For EL7
      • sudo systemctl start elasticsearch
  5. Once Elasticsearch starts, type in the following command to re-enable shard allocation:
  6. Type in the following command, and ensure that the cluster status is green.
    • curl -X GET http://<SEARCH_NODE_FQDN>:9200/_cluster/health?pretty
  7. If the status is not green, please wait till the cluster is green.

 

Rinse and repeat Step 1 and Step 2 on each Elasticsearch node.

Applies To

  • Elasticsearch 5.2.2
  • Interset 5.4.x, 5.5.x
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments