Where eleasticsearch is store the data

antonopo · June 22, 2018, 6:25am

Hi
Where eleasticsearch is store the data??

Christian_Dahlqvist · June 22, 2018, 6:31am

Each node stores it in the path(s) specified through the path.data setting in the elasticsearch.yml file. The default location depends on the operating system and how you installed Elasticsearch.

antonopo · June 22, 2018, 6:49am

i see on my elasticsearch.yml --> path.data: /var/lib/elasticsearch

[root@atdevxhv03 elasticsearch]# ls
elasticsearch java_pid10887.hprof java_pid1235.hprof java_pid14871.hprof java_pid9070.hprof java_pid993.hprof nodes

i see this structure

[root@atdevxhv03 indices]# ls
1z1lyK32RV-Jp8kklkpUjg A54xsLVDRwCAQF8v76OJRg KuL__xJOR12Hb36B6E_Fuw NXkYdUJJRwC1c3nd8m5ljQ _q60dpyHS5mUvlu6Gxwk4w rykKc0rVSaaSJRzfa-k40w XewkX5E6QKCJRm0UHHMxxg ZLp8E5aBT1GIOW4REI8rKQ
1ZS3zxCPRg2AVRtUPLXSgg bct20jbGTTCwDJ2SK6tv_Q kYm6Tz6ZRde8S_u9B9q3OQ OduaKFIuQ_6jK2VBDCihzA QdtShFGsQ1i823-RT3H0Jg -Tg08EFyRJeMjXYnovxB6A XvedsiJARmyTvGtGMImnUQ zMkwFcwDRhy1gzQuixhQDA
24XCvfm0TIasQiw5C0uL-Q IDx6DHShSaeJcVePu8UQbg MkxEuMvkRFqjHQVmwJw6KA puhINUGwQx6tctY2WkALVA qtO5PE_OTIWN20Z6IT1B1g _TQnvOpnR0Sq_aCrWLGdkA ye-mQ7blRWCtcfguWLnzzQ
7xBuTcTgQySPR2wIPtAiUA jQWu_bv2TdGY8ZsPpWTssw ntPZQMPuRt6wTYMVFqAnhA pZ5j6QD6QcmSQHjcwfHUiQ rHtkw24-Tpe-0SSqkb-WCQ wkMW4PbST6muOER3VNg0yQ ytcOOL2mT8arC6YA123GDQ
[root@atdevxhv03 indices]# pwd
/var/lib/elasticsearch/nodes/0/indices

The data can only read from Kibana?

Christian_Dahlqvist · June 22, 2018, 7:08am

No, you can access it directly through the Elasticsearch APIs as well, and there are language clients for most popular programming languages that make this easier.

What is it you are looking to do?

antonopo · June 22, 2018, 7:40am

How i can access it through ElasticSearch APIs or from language clients?

I have configured my ELK server on a Centos 7 server and i have 5-6 clients with centos that i am sending their logs to ELK Server using the filebeats deamon which is installed in each centos client.
If i understand well the Logstash service that is running on the ELK server parses these logs from the clients and then it send them on the elasticsearch service who store them somewhere.

From my Kibana interface i am able to see them using indexes patterns . In my case the index pattern is filebeat*

For example from my json files that i get i see this "_index": "filebeat-2018.06.22"

So all the logs today are stored on "_index": "filebeat-2018.06.22" ?

Where i can see the logs that i got yestarday? for example the "_index": "filebeat-2018.06.21". Where all these indexes are stored?

Christian_Dahlqvist · June 22, 2018, 7:48am

Create a filebeat-* index pattern in Kibana. I would also recommend going through the getting started guide if you have not already. This webinar might also be useful.

antonopo · June 22, 2018, 12:12pm

ok thanks a lot!!

system · July 20, 2018, 12:12pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.