How to move/ divert Elasticsearch data storage (saved Orchestrator logs) to a different drive/ path?

By default, Elasticsearch saves the data in “C:\programdata\Elastic\data”. This will cause problem in long run as C drive might get filled up faster than usual due to increase in stored data, or C drive might have a lower total disk space to begin with, causing Elasticsearch service to go down.

As a best practice, it is recommended to keep the data in D drive (any other available drive will do fine as long as there is enough free space, D drive is used as an example in this article). Below guide is a step by step instruction on how to move the data into D drive

1. Stop Elasticsearch service
2. Create a new folder in D drive. Eg. D:\Elasticsearch\
3. Copy the logs including the "data" folder from older location (C:\programdata\elastic\Elasticsearch by default)
4. Paste this folder inside the new folder created in D drive
5. Once the data is copied, configurations should be changed in Elasticsearch.yml (C:\programdata\elastic\Elasticsearch\config by default) to put newer logs in D drive
6. Open Elasticsearch.yml file and navigate to a property "path.data". This should be changed to new location
7. In this example, the property will be changed to path.data: D:\ElasticSearch\data
8. Start the Elasticsearch service
9. The logs are now migrated to new location and all new logs will be directly sent to D drive

1. Appropriate data backup will have to be taken before the migration.
2. It is also best practice to validate the total space consumed by the data folder before moving it to the new drive, so as to avoid out of space issues, in scenarios where the existing used space (by the data folder) is higher than the total free space available in the new drive.