I just setup Graylog + Elasticsearch for my first time. I'm trying to change the default location that ingested logs are saved. Currently, the default filepath is the OS drive, which will fill up in no time.
Looking at the documentation, I see that there are two filepaths to change in the config file, one for data and one for logs. However, I'm confused by the two. Are logs (/var/logs/elasticsearch) Elasticsearch's own logs, or ingested logs? Or are ingested logs considered data?
In addition to changing the filepath in the .yml file, is there anything else I need to do to make this all work? Anything in Graylog, etc?
Thanks for your time.