Update security index settings | Elasticsearch API documentation

Update security index settings Generally available

PUT /_security/settings

Update the user-configurable settings for the security internal index (.security and associated indices). Only a subset of settings are allowed to be modified. This includes index.auto_expand_replicas and index.number_of_replicas.

NOTE: If index.auto_expand_replicas is set, index.number_of_replicas will be ignored during updates.

If a specific index is not in use on the system and settings are provided for it, the request will be rejected. This API does not yet support configuring the settings for indices before they are in use.

Required authorization

Cluster privileges: manage_security

Query parameters

master_timeout string

The period to wait for a connection to the master node. If no response is received before the timeout expires, the request fails and returns an error.

Values are -1 or 0.

External documentation
timeout string

The period to wait for a response. If no response is received before the timeout expires, the request fails and returns an error.

Values are -1 or 0.

External documentation

application/json

Body Required

security object

Settings for the index used for most security configuration, including native realm users and roles configured with the API.
Hide security attribute Show security attribute object
- index object
  Hide index attributes Show index attributes object
  
  index object
  
  mode string
  
  routing_path string | array[string]
  
  One of:
  string-1 string array-2 array[string]
  
  soft_deletes object
  
  Hide soft_deletes attribute Show soft_deletes attribute object
  
  enabled boolean
  
  Indicates whether soft deletes are enabled on the index.
  
  Default value is true.
  
  sort object
  
  Hide sort attributes Show sort attributes object
  
  order
  
  mode
  
  missing
  
  number_of_shards number | string Generally available
  
  One of:
  number-1 number string-2 string
  
  Default value is 1.
  
  Default value is 1.
  
  number_of_replicas number | string Generally available
  
  One of:
  number-1 number string-2 string
  
  Default value is 0.
  
  Default value is 0.
  
  number_of_routing_shards number
  
  check_on_startup string
  
  Values are true, false, or checksum.
  
  codec string
  
  Default value is LZ4.
  
  routing_partition_size number | string
  
  One of:
  number-1 number string-2 string
  
  load_fixed_bitset_filters_eagerly boolean
  
  Default value is true.
  
  hidden boolean | string
  
  One of:
  boolean-1 boolean string-2 string
  
  Default value is false.
  
  Default value is false.
  
  auto_expand_replicas string | null
  
  One of:
  string-1 string NullValue string | null
  
  Default value is false.
  
  A null value that is to be interpreted as an actual value, unless other uses of null that are equivalent to a missing value. It is used for exemple in settings, where using the NullValue for a setting will reset it to its default value.
  
  merge object
  
  search object
  
  refresh_interval string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  External documentation
  
  max_result_window number
  
  Default value is 10000.0.
  
  max_inner_result_window number
  
  Default value is 100.0.
  
  max_rescore_window number
  
  Default value is 10000.0.
  
  max_docvalue_fields_search number
  
  Default value is 100.0.
  
  max_script_fields number
  
  Default value is 32.0.
  
  max_ngram_diff number
  
  Default value is 1.0.
  
  max_shingle_diff number
  
  Default value is 3.0.
  
  blocks object
  
  max_refresh_listeners number
  
  analyze object
  
  Settings to define analyzers, tokenizers, token filters and character filters. Refer to the linked documentation for step-by-step examples of updating analyzers on existing indices.
  
  External documentation
  
  highlight object
  
  Hide highlight attribute Show highlight attribute object
  
  max_analyzed_offset number
  
  Default value is 1000000.0.
  
  max_terms_count number
  
  Default value is 65536.0.
  
  max_regex_length number
  
  Default value is 1000.0.
  
  routing object
  
  gc_deletes string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  External documentation
  
  default_pipeline string
  
  final_pipeline string
  
  lifecycle object
  
  Hide lifecycle attributes Show lifecycle attributes object
  
  origination_date number
  
  If specified, this is the timestamp used to calculate the index age for its phase transitions. Use this setting if you create a new index that contains old data and want to use the original creation date to calculate the index age. Specified as a Unix epoch value in milliseconds.
  
  Default value is 0.0.
  
  parse_origination_date boolean
  
  Set to true to parse the origination date from the index name. This origination date is used to calculate the index age for its phase transitions. The index name must match the pattern ^{.*-{date_format}-\d+,} where the date_format is yyyy.MM.dd and the trailing digits are optional. An index that was rolled over would normally match the full format, for example logs-2016.10.31-000002). If the index name doesn’t match the pattern, index creation fails.
  
  rollover_alias string
  
  The index alias to update when the index rolls over. Specify when using a policy that contains a rollover action. When the index rolls over, the alias is updated to reflect that the index is no longer the write index. For more information about rolling indices, see Rollover.
  
  Default value is empty.
  
  prefer_ilm
  
  provided_name string
  
  creation_date string
  
  creation_date_string string
  
  uuid string
  
  version object
  
  Hide version attribute Show version attribute object
  
  created_string string
  
  verified_before_close boolean | string
  
  One of:
  boolean-1 boolean string-2 string
  
  format string | number
  
  One of:
  string-1 string number-2 number
  
  max_slices_per_scroll number
  
  translog object
  
  query_string object
  
  priority number | string
  
  One of:
  number-1 number string-2 string
  
  top_metrics_max_size number
  
  analysis object
  
  Hide analysis attributes Show analysis attributes object
  
  analyzer object
  
  char_filter object
  
  filter object
  
  normalizer object
  
  tokenizer object
  
  settings object
  
  time_series object
  
  queries object
  
  similarity object
  
  Configure custom similarity settings to customize how search results are scored.
  
  mapping object
  
  Enable or disable dynamic mapping for an index.
  
  Hide mapping attributes Show mapping attributes object
  
  coerce boolean
  
  ignore_malformed
  
  indexing.slowlog object
  
  Hide indexing.slowlog attributes Show indexing.slowlog attributes object
  
  level string
  
  source number
  
  reformat boolean
  
  indexing_pressure object
  
  Configure indexing back pressure limits.
  
  store object
  
  The store module allows you to control how index data is stored and accessed on disk.
  
  Hide store attribute Show store attribute object
  
  allow_mmap boolean
  
  You can restrict the use of the mmapfs and the related hybridfs store type via the setting node.store.allow_mmap. This is a boolean setting indicating whether or not memory-mapping is allowed. The default is to allow it. This setting is useful, for example, if you are in an environment where you can not control the ability to create a lot of memory maps so you need disable the ability to use memory-mapping.
security-profile object

Settings for the index used to store profile information.
Hide security-profile attribute Show security-profile attribute object
- index object
  Hide index attributes Show index attributes object
  
  index object
  
  mode string
  
  routing_path string | array[string]
  
  One of:
  string-1 string array-2 array[string]
  
  soft_deletes object
  
  Hide soft_deletes attribute Show soft_deletes attribute object
  
  enabled boolean
  
  Indicates whether soft deletes are enabled on the index.
  
  Default value is true.
  
  sort object
  
  Hide sort attributes Show sort attributes object
  
  order
  
  mode
  
  missing
  
  number_of_shards number | string Generally available
  
  One of:
  number-1 number string-2 string
  
  Default value is 1.
  
  Default value is 1.
  
  number_of_replicas number | string Generally available
  
  One of:
  number-1 number string-2 string
  
  Default value is 0.
  
  Default value is 0.
  
  number_of_routing_shards number
  
  check_on_startup string
  
  Values are true, false, or checksum.
  
  codec string
  
  Default value is LZ4.
  
  routing_partition_size number | string
  
  One of:
  number-1 number string-2 string
  
  load_fixed_bitset_filters_eagerly boolean
  
  Default value is true.
  
  hidden boolean | string
  
  One of:
  boolean-1 boolean string-2 string
  
  Default value is false.
  
  Default value is false.
  
  auto_expand_replicas string | null
  
  One of:
  string-1 string NullValue string | null
  
  Default value is false.
  
  A null value that is to be interpreted as an actual value, unless other uses of null that are equivalent to a missing value. It is used for exemple in settings, where using the NullValue for a setting will reset it to its default value.
  
  merge object
  
  search object
  
  refresh_interval string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  External documentation
  
  max_result_window number
  
  Default value is 10000.0.
  
  max_inner_result_window number
  
  Default value is 100.0.
  
  max_rescore_window number
  
  Default value is 10000.0.
  
  max_docvalue_fields_search number
  
  Default value is 100.0.
  
  max_script_fields number
  
  Default value is 32.0.
  
  max_ngram_diff number
  
  Default value is 1.0.
  
  max_shingle_diff number
  
  Default value is 3.0.
  
  blocks object
  
  max_refresh_listeners number
  
  analyze object
  
  Settings to define analyzers, tokenizers, token filters and character filters. Refer to the linked documentation for step-by-step examples of updating analyzers on existing indices.
  
  External documentation
  
  highlight object
  
  Hide highlight attribute Show highlight attribute object
  
  max_analyzed_offset number
  
  Default value is 1000000.0.
  
  max_terms_count number
  
  Default value is 65536.0.
  
  max_regex_length number
  
  Default value is 1000.0.
  
  routing object
  
  gc_deletes string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  External documentation
  
  default_pipeline string
  
  final_pipeline string
  
  lifecycle object
  
  Hide lifecycle attributes Show lifecycle attributes object
  
  origination_date number
  
  If specified, this is the timestamp used to calculate the index age for its phase transitions. Use this setting if you create a new index that contains old data and want to use the original creation date to calculate the index age. Specified as a Unix epoch value in milliseconds.
  
  Default value is 0.0.
  
  parse_origination_date boolean
  
  Set to true to parse the origination date from the index name. This origination date is used to calculate the index age for its phase transitions. The index name must match the pattern ^{.*-{date_format}-\d+,} where the date_format is yyyy.MM.dd and the trailing digits are optional. An index that was rolled over would normally match the full format, for example logs-2016.10.31-000002). If the index name doesn’t match the pattern, index creation fails.
  
  rollover_alias string
  
  The index alias to update when the index rolls over. Specify when using a policy that contains a rollover action. When the index rolls over, the alias is updated to reflect that the index is no longer the write index. For more information about rolling indices, see Rollover.
  
  Default value is empty.
  
  prefer_ilm
  
  provided_name string
  
  creation_date string
  
  creation_date_string string
  
  uuid string
  
  version object
  
  Hide version attribute Show version attribute object
  
  created_string string
  
  verified_before_close boolean | string
  
  One of:
  boolean-1 boolean string-2 string
  
  format string | number
  
  One of:
  string-1 string number-2 number
  
  max_slices_per_scroll number
  
  translog object
  
  query_string object
  
  priority number | string
  
  One of:
  number-1 number string-2 string
  
  top_metrics_max_size number
  
  analysis object
  
  Hide analysis attributes Show analysis attributes object
  
  analyzer object
  
  char_filter object
  
  filter object
  
  normalizer object
  
  tokenizer object
  
  settings object
  
  time_series object
  
  queries object
  
  similarity object
  
  Configure custom similarity settings to customize how search results are scored.
  
  mapping object
  
  Enable or disable dynamic mapping for an index.
  
  Hide mapping attributes Show mapping attributes object
  
  coerce boolean
  
  ignore_malformed
  
  indexing.slowlog object
  
  Hide indexing.slowlog attributes Show indexing.slowlog attributes object
  
  level string
  
  source number
  
  reformat boolean
  
  indexing_pressure object
  
  Configure indexing back pressure limits.
  
  store object
  
  The store module allows you to control how index data is stored and accessed on disk.
  
  Hide store attribute Show store attribute object
  
  allow_mmap boolean
  
  You can restrict the use of the mmapfs and the related hybridfs store type via the setting node.store.allow_mmap. This is a boolean setting indicating whether or not memory-mapping is allowed. The default is to allow it. This setting is useful, for example, if you are in an environment where you can not control the ability to create a lot of memory maps so you need disable the ability to use memory-mapping.
security-tokens object

Settings for the index used to store tokens.
Hide security-tokens attribute Show security-tokens attribute object
- index object
  Hide index attributes Show index attributes object
  
  index object
  
  mode string
  
  routing_path string | array[string]
  
  One of:
  string-1 string array-2 array[string]
  
  soft_deletes object
  
  Hide soft_deletes attribute Show soft_deletes attribute object
  
  enabled boolean
  
  Indicates whether soft deletes are enabled on the index.
  
  Default value is true.
  
  sort object
  
  Hide sort attributes Show sort attributes object
  
  order
  
  mode
  
  missing
  
  number_of_shards number | string Generally available
  
  One of:
  number-1 number string-2 string
  
  Default value is 1.
  
  Default value is 1.
  
  number_of_replicas number | string Generally available
  
  One of:
  number-1 number string-2 string
  
  Default value is 0.
  
  Default value is 0.
  
  number_of_routing_shards number
  
  check_on_startup string
  
  Values are true, false, or checksum.
  
  codec string
  
  Default value is LZ4.
  
  routing_partition_size number | string
  
  One of:
  number-1 number string-2 string
  
  load_fixed_bitset_filters_eagerly boolean
  
  Default value is true.
  
  hidden boolean | string
  
  One of:
  boolean-1 boolean string-2 string
  
  Default value is false.
  
  Default value is false.
  
  auto_expand_replicas string | null
  
  One of:
  string-1 string NullValue string | null
  
  Default value is false.
  
  A null value that is to be interpreted as an actual value, unless other uses of null that are equivalent to a missing value. It is used for exemple in settings, where using the NullValue for a setting will reset it to its default value.
  
  merge object
  
  search object
  
  refresh_interval string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  External documentation
  
  max_result_window number
  
  Default value is 10000.0.
  
  max_inner_result_window number
  
  Default value is 100.0.
  
  max_rescore_window number
  
  Default value is 10000.0.
  
  max_docvalue_fields_search number
  
  Default value is 100.0.
  
  max_script_fields number
  
  Default value is 32.0.
  
  max_ngram_diff number
  
  Default value is 1.0.
  
  max_shingle_diff number
  
  Default value is 3.0.
  
  blocks object
  
  max_refresh_listeners number
  
  analyze object
  
  Settings to define analyzers, tokenizers, token filters and character filters. Refer to the linked documentation for step-by-step examples of updating analyzers on existing indices.
  
  External documentation
  
  highlight object
  
  Hide highlight attribute Show highlight attribute object
  
  max_analyzed_offset number
  
  Default value is 1000000.0.
  
  max_terms_count number
  
  Default value is 65536.0.
  
  max_regex_length number
  
  Default value is 1000.0.
  
  routing object
  
  gc_deletes string
  
  A duration. Units can be nanos, micros, ms (milliseconds), s (seconds), m (minutes), h (hours) and d (days). Also accepts "0" without a unit and "-1" to indicate an unspecified value.
  
  External documentation
  
  default_pipeline string
  
  final_pipeline string
  
  lifecycle object
  
  Hide lifecycle attributes Show lifecycle attributes object
  
  origination_date number
  
  If specified, this is the timestamp used to calculate the index age for its phase transitions. Use this setting if you create a new index that contains old data and want to use the original creation date to calculate the index age. Specified as a Unix epoch value in milliseconds.
  
  Default value is 0.0.
  
  parse_origination_date boolean
  
  Set to true to parse the origination date from the index name. This origination date is used to calculate the index age for its phase transitions. The index name must match the pattern ^{.*-{date_format}-\d+,} where the date_format is yyyy.MM.dd and the trailing digits are optional. An index that was rolled over would normally match the full format, for example logs-2016.10.31-000002). If the index name doesn’t match the pattern, index creation fails.
  
  rollover_alias string
  
  The index alias to update when the index rolls over. Specify when using a policy that contains a rollover action. When the index rolls over, the alias is updated to reflect that the index is no longer the write index. For more information about rolling indices, see Rollover.
  
  Default value is empty.
  
  prefer_ilm
  
  provided_name string
  
  creation_date string
  
  creation_date_string string
  
  uuid string
  
  version object
  
  Hide version attribute Show version attribute object
  
  created_string string
  
  verified_before_close boolean | string
  
  One of:
  boolean-1 boolean string-2 string
  
  format string | number
  
  One of:
  string-1 string number-2 number
  
  max_slices_per_scroll number
  
  translog object
  
  query_string object
  
  priority number | string
  
  One of:
  number-1 number string-2 string
  
  top_metrics_max_size number
  
  analysis object
  
  Hide analysis attributes Show analysis attributes object
  
  analyzer object
  
  char_filter object
  
  filter object
  
  normalizer object
  
  tokenizer object
  
  settings object
  
  time_series object
  
  queries object
  
  similarity object
  
  Configure custom similarity settings to customize how search results are scored.
  
  mapping object
  
  Enable or disable dynamic mapping for an index.
  
  Hide mapping attributes Show mapping attributes object
  
  coerce boolean
  
  ignore_malformed
  
  indexing.slowlog object
  
  Hide indexing.slowlog attributes Show indexing.slowlog attributes object
  
  level string
  
  source number
  
  reformat boolean
  
  indexing_pressure object
  
  Configure indexing back pressure limits.
  
  store object
  
  The store module allows you to control how index data is stored and accessed on disk.
  
  Hide store attribute Show store attribute object
  
  allow_mmap boolean
  
  You can restrict the use of the mmapfs and the related hybridfs store type via the setting node.store.allow_mmap. This is a boolean setting indicating whether or not memory-mapping is allowed. The default is to allow it. This setting is useful, for example, if you are in an environment where you can not control the ability to create a lot of memory maps so you need disable the ability to use memory-mapping.

Responses

200 application/json
Hide response attribute Show response attribute object
- acknowledged boolean Required

PUT /_security/settings

curl \
 --request PUT 'http://api.example.com/_security/settings' \
 --header "Content-Type: application/json" \
 --data '"{\n    \"security\": {\n        \"index.auto_expand_replicas\": \"0-all\"\n    },\n    \"security-tokens\": {\n        \"index.auto_expand_replicas\": \"0-all\"\n    },\n    \"security-profile\": {\n        \"index.auto_expand_replicas\": \"0-all\"\n    }\n}"'

Request example

Run `PUT /_security/settings` to modify the security settings.

{
    "security": {
        "index.auto_expand_replicas": "0-all"
    },
    "security-tokens": {
        "index.auto_expand_replicas": "0-all"
    },
    "security-profile": {
        "index.auto_expand_replicas": "0-all"
    }
}

Update security index settings Generally available

Required authorization

Query parameters

Body Required

routing_path string | array[string]

number_of_shards number | string Generally available

number_of_replicas number | string Generally available

routing_partition_size number | string

hidden boolean | string

auto_expand_replicas string | null

verified_before_close boolean | string

format string | number

priority number | string

routing_path string | array[string]

number_of_shards number | string Generally available

number_of_replicas number | string Generally available

routing_partition_size number | string

hidden boolean | string

auto_expand_replicas string | null

verified_before_close boolean | string

format string | number

priority number | string

routing_path string | array[string]

number_of_shards number | string Generally available

number_of_replicas number | string Generally available

routing_partition_size number | string

hidden boolean | string

auto_expand_replicas string | null

verified_before_close boolean | string

format string | number

priority number | string

Responses