path.data and path.logsedit
Elasticsearch writes the data you index to indices and data streams to a data
directory. Elasticsearch writes its own application logs, which contain information about
cluster health and operations, to a logs directory.
For macOS .tar.gz, Linux .tar.gz, and
Windows .zip installations, data and logs are
subdirectories of $ES_HOME by default. However, files in $ES_HOME risk
deletion during an upgrade.
In production, we strongly recommend you set the path.data and path.logs in
elasticsearch.yml to locations outside of $ES_HOME.
Docker, Debian, RPM, macOS Homebrew,
and Windows .msi installations write data and log to locations
outside of $ES_HOME by default.
Supported path.data and path.logs values vary by platform:
Linux and macOS installations support Unix-style paths:
path: data: /var/data/elasticsearch logs: /var/log/elasticsearch
Windows installations support DOS paths with escaped backslashes:
path: data: "C:\\Elastic\\Elasticsearch\\data" logs: "C:\\Elastic\\Elasticsearch\\logs"
If needed, you can specify multiple paths in path.data. Elasticsearch stores the node’s
data across all provided paths but keeps each shard’s data on the same path.
Elasticsearch does not balance shards across a node’s data paths. High disk usage in a single path can trigger a high disk usage watermark for the entire node. If triggered, Elasticsearch will not add shards to the node, even if the node’s other paths have available disk space. If you need additional disk space, we recommend you add a new node rather than additional data paths.
Linux and macOS installations support multiple Unix-style paths in path.data:
path:
data:
- /mnt/elasticsearch_1
- /mnt/elasticsearch_2
- /mnt/elasticsearch_3
Windows installations support multiple DOS paths in path.data:
path:
data:
- "C:\\Elastic\\Elasticsearch_1"
- "E:\\Elastic\\Elasticsearch_1"
- "F:\\Elastic\\Elasticsearch_3"