How to move elasticsearch data directory?

If you are more cautious about moving your critical data, cp with preserving all attributes (owner, group, timestamp, etc.) can help.

cp -r --preserve=all /var/lib/elasticsearch/ /foo/bar/

Open elasticsearch.yml and set path.data to new location

path.data: /foo/bar/elasticsearch/

Restart elasticsearch server. now you can safely remove source data.

rm -rf /var/lib/elasticsearch/

I want to add an annoying problem that I encountered when I was doing @Val's helpful guidance. After I did:

> mv /var/lib/elasticsearch /foo/bar

I set the

path.data: /foo/bar

But Elasticsearch did not run correctly. For example xpack security (formarly shield) authantication password turned back to its default "changeme". And also when I want to list indices, nothing shown up. Then I set the

path.data: /foo/bar/elasticsearch/

The last slash at the end of the "elasticsearch" is important I think. May be I am confusing but it solved my problem.

Adding on to Val's fine answer...

Maybe starting with ES 5.6 (? didn't research how far back this is true) I moved my data directory to a new location and couldn't get ES to startup. The index_name.log file showed that ES was looking for the default data directory (/var/lib/elasticsearch), which it couldn't find because I moved it, so startup died. I made a copy of the now moved directory back to /var/lib/elasticsearch and attempted startup again which failed again. Log showed that ES did indeed find the default data directory location but also found that there was content so startup was failed. Final step was to empty /var/lib/elasticsearch and startup succeeded.

In summary for ES 5.6 on RHEL (at least): 1. The default /var/lib/elasticsearch directory must exist 2. The default /var/lib/elasticsearch directory must be empty

A. You need to move the elasticsearch folder, i.e. that's the folder which bears the same name as your cluster.name configured in the elasticsearch.yml file.

B. You need to modify the path.data setting in the elasticsearch.yml file to the new folder you've moved the data to.

So, say you are currently using /var/lib/elasticsearch and you want to move the data folder to /foo/bar, here is what you need to do:

> mv /var/lib/elasticsearch /foo/bar

Then in elasticsearch.yml modify path.data to:

path.data: /foo/bar

You'll end up with your data being stored in /foo/bar/elasticsearch instead of /var/lib/elasticsearch. Make sure that the elasticsearch process can access your new folder.