Hi Jan and @macko003,
It is not set in my config, but appears to default to /var/lib/elasticsearch
So my idea would be as follows:-
- Create single ext4 file system on 2nd drive
- Shutdown elasticsearch and graylog services
- mount 2nd drive at say /opt/siem-data
- copy data in /var/lib/elasticsearch to /opt/siem-data
- change elasticsearch config to point to new location
- restart elasticsearch and graylog services.
I will try this and report back
Kind Regards
Jake