I am new to elasticsearch and figuring out how to setup ELK stack for logging syslog.
I successfully installed all ELK stacks and it works fine. However, after I installed ELK stack, when I reboot,
var/log/elasticsearchis somehow deleted so elasticsearch fails to start.Why
var/log/elasticsearchis deleted after rebooting system? How should I configure not to delete on rebooting?Thanks in advance.
Answer
So, the problem was due to /etc/fstab.
In /etc/fstab, /var/log was set as tmpf. Thats why /var/log/elasticsearch/ was being deleted after reboot of system.
So in /etc/fstab, it added one more line of tmpfs /var/log/elasticsearch tmpfs defaults,noatime 0 0, which enables /var/log/elasticsearch not to be deleted after reboot.
Attribution
Source : Link , Question Author : D.R , Answer Author : D.R
