Location path on HDD based on index


is it somehow possible to define the location on the hard drive based on the used index?

I am working as an incident responder and security analyst. Frequently we have incidents with a low amount of data which must be securely deleted after the incident is solved.

My idea was/is to mount one encrypted file as a file system for each incident and use this mountpoint as the storage location in es. The encryption key is going to be stored on a usb stick for example.

As soon as the incident ends we would securely delete the encryption key by destroying it. Without the key it is not possible to access the indices...

Thank you

You need to run multiple instances to put indices on different data paths like this. One per path. Otherwise ES just assume it can put whatever, where ever you define path.data.

So the only solution is one instance per incident :frowning:
then we will need an orchestrator/management component to initiate the instances within the cluster/on the hosts.

Does anyone have a suggestion for this? Might docker be one? I have read some postings about it (e.g. https://forums.docker.com/t/easy-elasticsearch-cluster-with-docker-1-12-swarm/19648/2) and it seems to be not "perfect".

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.