Add Elasticsearch user settings
editAdd Elasticsearch user settings
editChange how Elasticsearch runs by providing your own user settings. User settings are appended to the elasticsearch.yml
configuration file for your cluster and provide custom configuration options. Elastic Cloud Enterprise supports many of the user settings for the version of Elasticsearch that your cluster is running.
Some settings that could break your cluster if set incorrectly are blocked, such as certain zen discovery and security settings. For examples of a few of the settings that are generally safe in cloud environments, check Additional Examples of Supported User Settings and Editing Your User Settings that can be enabled on our Elastic Cloud hosted offering.
To add user settings:
- Log into the Cloud UI.
-
On the Deployments page, select your deployment.
Narrow the list by name, ID, or choose from several other filters. To further define the list, use a combination of filters.
- From your deployment menu, go to the Edit page.
- In the Elasticsearch section, select Edit elasticsearch.yml. For deployments with existing user settings, you may have to expand the User setting overrides caret for each node type instead.
- Update the user settings.
-
Select Save changes.
If you encounter the Edit elasticsearch.yml carets, be sure to make your changes on all Elasticsearch node types.
Example: Enable email notifications from Gmail
editThe following examples configure email notifications to Gmail for a user that you specify. Which example you use depends on the version of Elasticsearch that your cluster is running.
+
CAUTION: Before you add the xpack.notification.email*
setting in Elasticsearch user settings, make sure you add the account SMTP password to the keystore as a secret value.
For version 6.3 and later: Check Configuring email actions.
For version 5.0 to 6.2: Check Configuring email actions.
xpack.notification.email.account: gmail_account: profile: gmail smtp: auth: true starttls.enable: true host: smtp.gmail.com port: 587 user: <username> password: <password>
For versions before 5.0: Use Watcher to configure an email watch action. To learn more, check Configuring Email Actions.
watcher.actions.email.service.account: work: profile: gmail email_defaults: from: <email> smtp: auth: true starttls.enable: true host: smtp.gmail.com port: 587 user: <username> password: <password>
Additional examples of supported user settings
editThese example user settings cover only a subset of all user settings that you can include in the elasticsearch.yml
configuration file. To learn more about available settings, check Configuring Elasticsearch.
Examples of Elasticsearch user settings that you can specify:
-
cluster.indices.close.enable
-
Enables closing indices in Elasticsearch version 2.2 and later. Defaults to
true
for versions 7.2.0 and later, and tofalse
for previous versions. In versions 7.1 and below, closed indices represent a data loss risk: if you close an index, it is not included in snapshots and you will not be able to restore the data. Similarly, closed indices are not included when you make cluster configuration changes, such as scaling to a different capacity, failover, and many other operations. Lastly, closed indices can lead to inaccurate disk space counts.For versions 7.1 and below, closed indices represent a data loss risk. Enable this setting only temporarily for these versions.
-
reindex.remote.whitelist
-
Explicitly allows the hosts that can be reindexed from remotely. Consists of a comma-delimited list of
host:port
entries. Defaults to["\*.io:*", "\*.com:*"]
. -
script.painless.regex.enabled
- Enables regular expressions for the Painless scripting language.
- X-Pack alerting features (formerly Watcher)
-
Enables watches, including integration with Slack, HipChat, and PagerDuty. For example:
For version 6.3 and later:
-
xpack.notification.slack
- Configures Slack notification settings. -
xpack.notification.hipchat
- Configures HipChat notification settings.Deprecated in all versions.
Hipchat has ceased operation.
-
xpack.notification.pagerduty
- Configures PagerDuty notification settings.
For version 5.0 to 6.2:
-
xpack.notification.slack
- Configures Slack notification settings. -
xpack.notification.hipchat
- Configures HipChat notification settings. -
xpack.notification.pagerduty
- Configures PagerDuty notification settings.
For versions before 5.0:
-
watcher.actions.slack.service
- Configures Slack notification settings. -
watcher.actions.hipchat.service
- Configures HipChat notification settings.Deprecated in all versions.
Hipchat has ceased operation.
-
watcher.actions.pagerduty.service
- Configures Configures PagerDuty notification settings.
-
Remember to check your user settings when performing a major version upgrade. For version 5.0 and later, the syntax for alerts is different when compared to earlier versions, for example.
- Disk-based shard allocation settings
-
The following disk-based allocation settings are supported:
-
cluster.routing.allocation.disk.watermark.low
- Configures disk-based shard allocation’s low watermark.
-
cluster.routing.allocation.disk.watermark.high
- Configures disk-based shard allocation’s high watermark.
-
cluster.routing.allocation.disk.watermark.flood_stage
- Configures disk-based shard allocation’s flood_stage (available only on 6.x and higher).
-
- Monitoring settings
-
Examples of Elasticsearch monitoring settings:
For versions 5.0 and later:
-
xpack.monitoring.collection.interval
- Controls how often data samples are collected.
-
xpack.monitoring.collection.min_interval_seconds
-
Specifies the minimum number of seconds that a time bucket in a chart can represent. If you modify the
xpack.monitoring.collection.interval
, use the same value in this setting.Defaults to
10
(10 seconds). -
xpack.monitoring.history.duration
- Sets the retention duration beyond which the indices created by a monitoring exporter will be automatically deleted.
-
- Audit settings
- Examples of Elasticsearch audit settings:
-
xpack.security.audit.enabled
- Enables auditing on Elasticsearch cluster nodes. Defaults to false.
-
xpack.security.audit.logfile.events.include
- Specifies which events to include in the auditing output.
-
xpack.security.audit.logfile.events.exclude
- Specifies which events to exclude from the output. No events are excluded by default.
-
xpack.security.audit.logfile.events.emit_request_body
- Specifies whether to include the request body from REST requests on certain event types, for example authentication_failed. Defaults to false.
-
xpack.security.audit.logfile.emit_node_name
- For versions above 6.5.0: Specifies whether to include the node name as a field in each audit event. Defaults to true.
-
xpack.security.audit.logfile.prefix.emit_node_name
- For versions below 6.5.0: Specifies whether to include the node name as a field in each audit event. Defaults to true.
-
xpack.security.audit.logfile.emit_node_host_address
- For versions above 6.5.0: Specifies whether to include the node’s IP address as a field in each audit event. Defaults to false.
-
xpack.security.audit.logfile.prefix.emit_node_host_address
- For versions below 6.5.0: Specifies whether to include the node’s IP address as a field in each audit event. Defaults to false.
-
xpack.security.audit.logfile.emit_node_host_name
- For versions above 6.5.0: Specifies whether to include the node’s host name as a field in each audit event. Defaults to false.
-
xpack.security.audit.logfile.prefix.emit_node_host_name
- For versions below 6.5.0: Specifies whether to include the node’s host name as a field in each audit event. Defaults to false.
-
xpack.security.audit.logfile.emit_node_id
- For versions above 6.5.0: Specifies whether to include the node ID as a field in each audit event. Defaults to true.
-
xpack.security.audit.logfile.events.ignore_filters.<policy_name>.users
- A list of user names or wildcards. The specified policy will not print audit events for users matching these values.
-
xpack.security.audit.logfile.events.ignore_filters.<policy_name>.realms
- A list of authentication realm names or wildcards. The specified policy will not print audit events for users in these realms.
-
xpack.security.audit.logfile.events.ignore_filters.<policy_name>.roles
- A list of role names or wildcards. The specified policy will not print audit events for users that have these roles.
-
xpack.security.audit.logfile.events.ignore_filters.<policy_name>.indices
- A list of index names or wildcards. The specified policy will not print audit events when all the indices in the event match these values.
To enable and change audit settings, you must first enable deployment logging.