Menu
So I have this Elasticsearch installation, in insert data with logstash, visualize them with kibana.
Everything in the conf file is commented, so it's using the default folders which are relative to the elastic search folder.
1/ I store data with logstash
2/ I look at them with kibana
3/ I close the instance of elastic seach, kibana and logstash
4/ I DELETE their folders
5/ I re-extract everything and reconfigure them
6/ I go into kibana and the data are still there
How is this possible?
This command will however delete the data : curl -XDELETE 'http://127.0.0.1:9200/_all'
Thanks.
ps : forgot to say that I'm on windows
240
According to the documentation the data is stored in a folder called "data" in the elastic search root directory.
Elasticsearch stores data as JSON documents. Each document correlates a set of keys (names of fields or properties) with their corresponding values (strings, numbers, Booleans, dates, arrays of values, geolocations, or other types of data).
Elasticsearch indexes are just files and they effectively cached in RAM by system.
The Elasticsearch process is very memory intensive. Elasticsearch uses a JVM (Java Virtual Machine), and close to 50% of the memory available on a node should be allocated to JVM. The JVM machine uses memory because the Lucene process needs to know where to look for index values on disk.
Information out: search and analyze » Elasticsearch is a distributed document store. Instead of storing information as rows of columnar data, Elasticsearch stores complex data structures that have been serialized as JSON documents.
Storing JSON data in Elasticsearch By default, Elasticsearch keeps a copy of all the JSON documents you offer it for indexing in a field called _source. You get a copy of this stored data on each query that matches the document. So yes: you are able to store your data in Elasticsearch and retrieve it too.
Look to configuration elasticsearch.yml and search for path When you set replica to 1 it means that it will be stored as copy but not on the same instance. One instance is storing shards (Part of data), but replicas must go to other instance (Its because if your main server crashed you have one more copy of your data).
When a document is stored, it is indexed and fully searchable in near real-time --within 1 second. Elasticsearch uses a data structure called an inverted index that supports very fast full-text searches. An inverted index lists every unique word that appears in any document and identifies all of the documents each word occurs in.
If you've installed ES on Linux, the default data folder is in /var/lib/elasticsearch (CentOS) or /var/lib/elasticsearch/data (Ubuntu)
If you're on Windows or if you've simply extracted ES from the ZIP/TGZ file, then you should have a data sub-folder in the extraction folder.
119
Have a look into the Nodes Stats and try
http://127.0.0.1:9200/_nodes/stats/fs?pretty
On Windows 10 with ElasticSearch 7 it shows:
"path" : "C:\\ProgramData\\Elastic\\Elasticsearch\\data\\nodes\\0"
According to the documentation the data is stored in a folder called "data" in the elastic search root directory.
6
If you run the Windows MSI installer (at least for 5.5.x), the default location for data files is:
C:\ProgramData\Elastic\Elasticsearch\data
The config and logs directories are siblings of data.
5
Elastic search is storing data under the folder 'Data' as mentioned above answers. Is there any other elastic search instance available on your local network? If yes, please check the cluster name. If you use same cluster name in the same network it will share data.
Refer this link for more info.
2
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
