Where does Elastic search stores the data in windows machine

Thiyagarajan · September 28, 2017, 5:53am

Hi,

We have downloaded ELK and unzipped them under c:\Softwares in windows machine. We have started the Elasticsearch, Kibana and Logstash with respective .bat files in bin directory.

Filebeat is installed in our SIT server and it is posting the logs to logstash as expected. Last week our dev machine harddisk became full (This is where we have installed ELK). We got this issue after 3 weeks from when we installed ELK on this machine.

So I was trying to clear the logs of Elasticsearch so that we can free up some space. But I could not find any specific storage location of Elasticsearch.

After searching the installed folders I have noticed c:\Softwares\elasticsearch-5.5.0\data folder. But I am not sure if this is where ELK stores the data. I have been reading other posted queries in this site but could not find the answer.

Our queries are,

Where is Elasticsearch data stored in windows machine for our case
How to delete the data after certain days. We would like to retain only two weeks data during SIT phase. Once we move on to production, we may retain 2 months logs.

Any help would appreciated.

warkolm · September 28, 2017, 5:55am

FYI we’ve renamed ELK to the Elastic Stack, otherwise Beats feels left out

https://www.elastic.co/guide/en/elasticsearch/reference/current/zip-windows.html#windows-layout should answer your first question.
Elasticsearch Curator will answer your second one

Thiyagarajan · September 28, 2017, 6:33am

Hi Mark,

Thanks a lot for your quick reply. Will use the name Elastic Stack here on.

So our storage location must be c:\Softwares\elasticsearch-5.5.0\data? Please correct me if I am wrong.

I am very new to Elastic Stack. So I will spend some time on Curator for data management and come back if I have any queries.

warkolm · September 28, 2017, 6:42am

It will be that path because that is the default, yes.
You can change it though, that page explains how a little higher up.

Thiyagarajan · September 28, 2017, 11:41am

Hi Mark,

Now I have downloaded curator and unzipped.

c:\Softwares\elasticsearch-curator-5.2.0-amd64\curator-5.2.0-amd64>curator.exe

When I try to start the curator with above command to verify the installation I am getting below error

The program can't start because VCRUNTIME140.dll is missing from your computer.

I am from Java background. So I do not have knowledge on Python. Please let me know If I am missing something here.

Thanks in advance

warkolm · September 28, 2017, 9:00pm

Let me cc @theuntergeek here as this is outside my experience with Curator

Thiyagarajan · October 3, 2017, 12:49pm

Hi Aaron,

Have you got a chance to look into this issue?

theuntergeek · October 3, 2017, 1:44pm

VCRUNTIME140.dll is not something that ships with Curator, even for Windows. I have never heard of its absence before. What version of Windows are you running on?

I found this article that describes some of the conditions where this can occur, and how to fix it.

Thiyagarajan · October 5, 2017, 5:37am

Hi Aaron,

We are using Windows 7 Professional 64bit OS.

We are going to do Elastic Stack setup in another machine along with curator to check if there is any machine specific issues.

We will update you after doing the setup.

Thanks for spending your valuable time to share us the article.

system · November 2, 2017, 5:38am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.