Elasticsearch Diskspace
Elasticsearch 2.x installed on Centos 7.3
By default Centos 7 will allocate the majority of disk space to /home. Unfortunately, this is not where Elasticsearch is storing data by default.
Run df -h to take a look at your partitioning.
If in Graylog you receive a journaling error this could be the reason.
This is because it can no longer get data into the Elasticseach cluster.
Your temp directory will fill up with Graylog trying to preserve data as /tmpfs is where Graylog stores journals.
To prevent this from happening you will need to change the Path in the elasticsearch.yml
Elasticsearch path.data is where the majority of your storage needs to be allocated.
By default, this is located in
/var/lib/elasticsearch
Below is an example of what I have on my Elasticsearch cluster nodes.
If you have already filled up your disk space you have some cleanup to do. as your
To fix this move your Elasticsearch data by doing this.
- sudo service elasticsearch stop
- mkdir /home/elasticsearch/data
- cp /var/lib/elasticsearch / /home/elasticsearch/data
- sudo service elasticsearch start
I chose to move my logs as well but that is just preference since they don't take up much space.
If errors continue you will need to stop the cluster again and delete the indices and shards to get things running again. You will lose data if you need to delete obviously.