Add Elasticsearch user settings

Change how Elasticsearch runs by providing your own user settings. User settings are appended to the elasticsearch.yml configuration file for your cluster and provide custom configuration options.


Some settings that could break your cluster if set incorrectly are blacklisted, such as certain zen discovery and security settings. Review the list of settings that are generally safe in cloud environments.

To add user settings:

  1. Log into the Elasticsearch Service Console.
  2. On the Deployments page, select your deployment.

    Narrow your deployments by name, ID, or choose from several other filters. To customize your view, use a combination of filters, or change the format from a grid to a list.

  3. From your deployment menu, go to the Edit page.
  4. At the bottom of the first Elasticsearch node, expand the User settings overrides caret.
  5. Update the user settings.
  6. Click Save changes.

Supported Elasticsearch settings

Elasticsearch Service supports the following Elasticsearch settings:

Enables cross-origin resource sharing (CORS) settings for the HTTP module.
Enables whitelisting of read-only URL repositories.
Whitelists the hosts that can be reindexed from remotely. Expects a YAML array of host:port strings. Consists of a comma-delimited list of host:port entries. Defaults to ["\*.io:*", "\*.com:*"].
Enables regular expressions for the Painless scripting language.

Enables closing indices in Elasticsearch version 2.2 and later. You might enable this setting temporarily in order to change the analyzer configuration for an existing index. We strongly recommend leaving this set to false (the default) otherwise. Closed indices are a data loss risk: If you close an index, it is not included in snapshots and you will not be able to restore the data. Similarly, closed indices are not included when you when you make cluster configuration changes, such as scaling to a different capacity, failover, and many other operations. Lastly, closed indices can lead to inaccurate disk space counts.


Closed indices are a data loss risk. Enable this setting only temporarily.

Circuit breaker settings

The following circuit breaker settings are supported:
Configures the parent circuit breaker settings.
Configures the limit for the fielddata breaker.
Configures a constant that all field data estimations are multiplied with to determine a final estimation.
Configures the limit for the request breaker.
Configures a constant that all request estimations are multiplied by to determine a final estimation.
X-Pack (for version 6.0 and later)

The following X-Pack settings are supported:

Allows enabling/disabling encryption of sensitive watcher configurations. Note that it requires adding xpack.watcher.encryption_key on the keystore.
X-Pack (for version 5.0 and later)

The following X-Pack settings are supported:

Configures Slack notification settings.
Configures HipChat notification settings.
Configures PagerDuty notification settings.
Defines when the watch should start, based on date and time.*
Enables email notification settings to sanitize HTML elements in emails that are sent.
Controls how often data samples are collected.

Specifies the minimum number of seconds that a time bucket in a chart can represent. If you modify the xpack.monitoring.collection.interval, use the same value in this setting.

Defaults to 10 (10 seconds).

Sets the retention duration beyond which the indices created by a monitoring exporter will be automatically deleted.
Controls whether old watcher indices are automatically deleted (requires 5.6.4 or greater).
Watcher and Marvel (for versions before 5.0)

The following Watcher and Marvel settings are supported:

Configures Slack notification settings.
Configures HipChat notification settings.
Configures Configures PagerDuty notification settings.
Controls how often data samples are collected.
Defines when the watch should start, based on date and time.
Disk-based shard allocation settings

The following disk-based allocation settings are supported:

Configures disk-based shard allocation’s low watermark.
Configures disk-based shard allocation’s high watermark.
Configures disk-based shard allocation’s flood_stage (available only on 6.x and higher).

Remember to update user settings for alerts when performing a major version upgrade. For version 5.0 and later, the syntax is different when compared to earlier versions.

If a setting is not on this list, it cannot be set and will be rejected. Additional user settings might added in the future.