Change the Path.DATA and path.logs of elastic Search

Hi,

I would like to ask an assistance on how to properly change the store data of Elastic Search and logs. I attached luns on UBUNTU
path.data: /media/timawa/GrayLogsLUNS/var/lib/elasticsearch
path.logs: /media/timawa/GrayLogsLUNS/var/log/elasticsearch

Folder Permission:
drwxr-xr-x 5 timawa timawa 4096 Nov 8 00:29 GrayLogsLUNS
drwxr-xr-x 4 timawa timawa 4096 Nov 8 00:29 var
drwxr-xr-x 3 timawa timawa 4096 Nov 8 00:29 lib
drwxr-xr-x 3 timawa timawa 4096 Nov 8 00:29 log
ls -la /media/timawa/GrayLogsLUNS/var/lib/elasticsearch
total 8
drwxr-xr-x 2 timawa timawa 4096 Nov 8 00:29 .
drwxr-xr-x 3 timawa timawa 4096 Nov 8 00:29 …

I encountered this issue
Could not load Information

When I set the setting of elasticsearch to default it works.

He @orbieabanilla

the Graylog error message is not really helpful to debug your Elasticsearch at all.

I guess it is not running because the user is not elasticsearch what is by default the user elasticsearch runs … check the Elasticsearch logfile, or the system messages (/var/log/messages AFAIK) when elasticsearch is not running (ps -auxf |grep elasticsearch should reveal that)

I’m new to Linux, may you please help me to fix this kind of issue?

Proper steps will be:

  1. Stop graylog service using command: sudo systemctl stop graylog.service
  2. Stop elasticsearch.service using command: sudo systemctl stop elasticsearch.service
  3. Make a backup of your data !!! For example simple copy to another destination with enoght space using command: cp -av /var/lib/elasticsearch /media/backupdisk
  4. Create new directories for elastic in new disk using this commands (you probably did it, if yes, skip this step):
    sudo mkdir -p /media/timawa/GrayLogsLUNS/var/lib/elasticsearch
    sudo mkdir -p /media/timawa/GrayLogsLUNS/var/log/elasticsearch
  5. Setup permissions for these directories using commands:
    sudo chown -R elasticsearch:elasticsearch /media/timawa/GrayLogsLUNS/var/lib/elasticsearch
    sudo chown -R elasticsearch:elasticsearch /media/timawa/GrayLogsLUNS/var/log/elasticsearch
  6. Move elasticsaerch db and logs to new directory (you probably did it, if yes, skip this step):
    sudo mv -v /var/lib/elasticsearch/ /media/timawa/GrayLogsLUNS/var/lib/elasticsearch*
    sudo mv -v /var/log/elasticsearch/ /media/timawa/GrayLogsLUNS/var/log/elasticsearch*
  7. Start elasticsearch.service using command: sudo systemctl start elasticsearch.service
  8. Wait few moments to elasticsearch and then start graylog using: sudo systemctl start graylog.service

Done. And learn Linux, it is more important than you probably think.

You must assure elasticsearch has permissions on this folder.
If it’s running not under timawa user then r-x means it can’t write into it
Usually it’s running under elasticsearch, so maybe you just can change ownership?

chown elasticsearch:elasticsearch  /media/timawa/GrayLogsLUNS/var/lib/elasticsearch
chown elasticsearch:elasticsearch  /media/timawa/GrayLogsLUNS/var/log/elasticsearch

Thanks, I will try this.

Thanks. I will try this.