✨✨ Needs of an easy way to asign second hdd to deploy Elasticsearch DB

[alekdimitrov]

Is there an existing feature request that has already been created?

• I have searched the exiting features requests

Is your feature request related to a problem? Please describe.

Hi SELKS gurus. I have a propusal and question at the same time.

First my question:
I want to deploy Elasticsearch DB on second hdd wich is moined in /mnt/elasticdb as /dev/sdb1. My knowledge about docker is not enough to make this deploy by myself.
This is the step in installer that I can't over it:

By default, elasticsearch database is stored in a docker volume in /var/lib/docker (free space: 62G
With SELKS running, database can take up a lot of disk space
You might want to save them on an other disk/partition

How to pass trought this step to set up all it in right way?
p.p. I searched about /var/lib/docker in docker-compose.yaml but only thing that I found about elastic is this row:
${ELASTIC_DATAPATH:-elastic-data}:/usr/share/elasticsearch/data
I think that will be wrong if I set this /mnt/elasticdb:/usr/share/elasticsearch/data

Describe the solution you would like?

Second propusal:
Will be nice to have opinion to setup this important step trought installer directly without many modificaton from user side in docker files

Alternative Solutions

No response

Additional Context

No response

[pevma]

If this is just a storage size issue - would expanding the volume work ?

[alekdimitrov]

Hi pevma, thanks for fast response. May be it would . So I tried with symlink
systemctl stop docker

mv /var/lib/docker /mnt/docker
ln -s /mnt/docker /var/lib/
systemctl start docker

[pevma]

Not sure i understand - you are saying it worked or it is still not working as expected ?

[alekdimitrov]

Sorry. Everything is OK. I am posting this solution for novice people like me. I am not sure is it OK enought or there is better and clean solution. So I used this post to ask one more question:
Is it this normal behavior or no - "No Data Available" (please view attached pics.)?

[pevma]

What is the time span - it seems there are alerts?

[pevma]

There should be data i mean. Is it the same if you change the timespan / reload?

[alekdimitrov]

Hi. No it is the same if I change the timespan / reload. On Hunting tab it is OK.
There is another bug for me on Elasticsearch tab. The bug is that I need to switch a few times betwen tabs "cluster info" and "indices stats" to view what is the size of elastic data on tab cluster info.

First load - dosent view nothing but I am on tab Cluster info

Switch betwen tab and back on Cluster info (everything is OK)

[pevma]

Could it be browser cache ? If you clear it would there be any effect?

[syst3]

Hi,
I think what you need to do is move/symlink only the volume of the elasticsearch.
Symlinking everything could break SELKS. Also when you execute the easy_setup script you have the option to change the docker volumes location.

root@debian11:/home/snuser/SELKS/docker# docker volume inspect selks_elastic-data
[
    {
        "CreatedAt": "2022-11-03T15:07:38+02:00",
        "Driver": "local",
        "Labels": {
            "com.docker.compose.project": "selks",
            "com.docker.compose.version": "1.29.2",
            "com.docker.compose.volume": "elastic-data"
        },
        "Mountpoint": "/var/lib/docker/volumes/selks_elastic-data/_data",
        "Name": "selks_elastic-data",
        "Options": null,
        "Scope": "local"
    }
]