Error in changing the log directory for Elasticsearch

Question

I am changing the path of -

path.data: /var/log/elasticsearch to path.data: /data/elasticsearchdata/log/elasticsearch/

in elasticsearch.yml

file after creating the folder and moving the files/folders from ../elasticsearch to /data/elasticsearchdata/log/

but after doing the changes in - elasticsearch.yml I have run the command as - sudo systemctl restart elasticsearch

But getting this error -

● elasticsearch.service - Elasticsearch
 Loaded: loaded (/lib/systemd/system/elasticsearch.service; enabled; vendor preset: enabled)
 Active: failed (Result: exit-code) since Wed 2021-12-15 14:53:14 UTC; 7s ago
   Docs: https://www.elastic.co
Process: 1678664 ExecStart=/usr/share/elasticsearch/bin/systemd-entrypoint -p ${PID_DIR}/elasticsearch.pid --quiet (code=exited, status=1/FAILURE)
Main PID: 1678664 (code=exited, status=1/FAILURE)
Dec 15 14:53:14 ip-10-10-6-161 systemd-entrypoint[1678664]:      path.logs: /data/elasticsearchda ...

Can anyone let me know what I am missing ?

`path.data` is not the log directory, is the data directory where elasticsearch stores all the index data, you should avoid making changes to this directory. did you stopped the service before moving that directory? what else do you have in the logs? look also at the system log in `/var/log/messages` or `/var/log/syslog`. — leandrojmp, Dec 15 '21 at 16:52

score 0 · Answer 1 · answered Dec 16 '21 at 19:24

0

ONLY WAY to move your data is

setup repository (snapshot/restore)
create snapshot of all indices
shut down ELK cluster and edit path.data in elasticsearch.yml
start ELK cluster
restore snapshot
data should appear in the new location

answered Dec 16 '21 at 19:24

Tomasz Dzierżanowski

74
6

Error in changing the log directory for Elasticsearch

1 Answers1