Where is elasticsearch configuration file in securityonion2?

[dahalsulav]

I have installed security onion2 in my ubuntu 20. I want to configure elasticsearch snapshot, however I am unable to find the exact elasticsearch.yml location in order to add 'repo' path.
Note: I have already tried configuring elasticsearch.yml (inside /opt/so/conf/elasticsearch) but the changes automatically reset after the elasticsearch gets restarted. Also, I have tried configure defaults.yml inside saltstack, but it failed to restart the elasticsearch soon I make changes.
What could be the possible solution for it?

[alexandruhera]

All of the components run in Docker containers, the above path wouldn't work. I am having the same issue, but I haven't decided to mess with the container files or see if there is a 'proper' way to do it.

[TotieBash]

"but the changes automatically reset after the elasticsearch gets restarted"
If you "vim /opt/so/saltstack/default/salt/elasticsearch/init.sls" you will see that it is guarded by Salt. The file it is referencing is located in /opt/so/saltstack/default/salt/elasticsearch/files/elasticsearch.yaml.jinja

What you do is copy the file from "default" to "local" and edit the local file.
cp /opt/so/saltstack/default/salt/elasticsearch/files/elasticsearch.yaml.jinja /opt/so/saltstack/local/salt/elasticsearch/files/elasticsearch.yaml.jinja

The file is in jinja format and that is where the end of my help. My understanding of jinja file format is zero.

[TotieBash]

I am not comfortable with this answer below but if I was in your situation and I am desperate to try something then the below is what I would try on my lab environment. This "should" make your edit to /opt/so/conf/elasticsearch/elasticsearch.yml to be honored and survive reboot.

cp /opt/so/saltstack/default/salt/elasticsearch/init.sls /opt/so/saltstack/local/salt/elasticsearch/init.sls

vim /opt/so/saltstack/local/salt/elasticsearch/init.sls and comment out lines189-197

Good luck

[TotieBash]

As far as the Elasticsearch snapshot, have you tried it using the official instruction? If not, then I think this is the supported method to do it hence this should be your first option.
https://docs.securityonion.net/en/2.3/backups.html?highlight=elasticsearch#elasticsearch