How to store the input logs in another path

flo · June 4, 2018, 2:29pm

Hello,

I don’t know how to store the input logs in another directory. Is it possible to do this ? May i miss it in the documentation ?

PS : I installed graylog manually

In any case thanks you by advance for your answer and time.

jochen · June 4, 2018, 2:37pm

All log messages are indexed into Elasticsearch.

You’ll have to change the data path of your Elasticsearch nodes.
https://www.elastic.co/guide/en/elasticsearch/reference/5.6/important-settings.html#path-settings

flo · June 7, 2018, 11:53am

thanks you Jochen.

I changed the path.data directory like this in /etc/elasticsearch/elasticsearch.yml :

# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
#path.data: /var/elasticsearch/data
#path:
data: "/var/elasticsearch/data"
#logs: "/var/elasticsearch/logs"

#
# Path to log files:
#
#path.logs: /var/elasticsearch/logs

But i have and error :

service elasticsearch status

  Active: failed (Result: exit-code) since jeu. 2018-06-07 10:16:21 CEST; 28min ago
     Docs: http://www.elastic.co
  Process: 6608 ExecStart=/usr/share/elasticsearch/bin/elasticsearch -p ${PID_DIR}/elasticsearch.pid --quiet -Edefault.path.logs=${LOG_DIR} -Edefault.path.data=${DATA_DIR} -Edefault.path.conf=${CONF_DIR} (code=exited, status=1/FAILURE)
  Process: 6607 ExecStartPre=/usr/share/elasticsearch/bin/elasticsearch-systemd-pre-exec (code=exited, status=0/SUCCESS)
 Main PID: 6608 (code=exited, status=1/FAILURE)

In the log /var/log/elasticsearch/elasticsearch-2018-06-06.log i got this

[WARN ][o.e.b.ElasticsearchUncaughtExceptionHandler] [] uncaught exception in thread [main]
org.elasticsearch.bootstrap.StartupException: java.lang.IllegalStateException: Unable to access 'path.data' (/var/elasticsearch/data)

I also found in this forum an solution but i don’t know how to proceed :

jochen · June 7, 2018, 12:05pm

That configuration file is incorrect. Either use path.data or the split up hierarchical version, but only data won’t work.

The data path has to be writable for the system user running Elasticsearch.

You can check the file system permissions with the following command:

# namei -l /var/elasticsearch/data

flo · June 7, 2018, 12:23pm

Hello again,

I’m sorry i don’t understand your precedent post. Can you post an valid configuration of the /etc/elasticsearch/elasticsearch.yml ? Please

jochen · June 7, 2018, 12:39pm

See Configuring Elasticsearch | Elasticsearch Reference [5.6] | Elastic

flo · June 7, 2018, 1:56pm

Re,

i did this and it seems to work :

In the config file /etc/init.d/elasticsearch/elasticsearch.yml i modified like this :

DATA_DIR="/var/elasticsearch/data" 
LOG_DIR="/var/elasticsearch/logs"

In the config file /etc/elasticsearch i modified like this :

 # ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by com$
#
path.data: ${DATA_DIR}

path.logs: ${LOG_DIR}

system · June 21, 2018, 1:56pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Changing the Graylog data locations Graylog Central (peer support)	2	846	September 30, 2021
Save Data LOG external storage Graylog Central (peer support)	2	827	April 5, 2022
Graylog set up and working, but trying to move data directory Graylog Central (peer support) elastic	11	2140	May 26, 2022
Elasticsearch input Graylog Central (peer support)	12	2904	December 29, 2018
Change the Path.DATA and path.logs of elastic Search Graylog Central (peer support)	7	3757	November 22, 2019

How to store the input logs in another path

Related Topics