Add Elasticsearch user settings

Change how Elasticsearch runs by providing your own user settings. User settings are appended to the elasticsearch.yml configuration file for your cluster and provide custom configuration options.

Some settings that could break your cluster if set incorrectly are blacklisted, such as certain zen discovery and security settings. Review the list of settings that are generally safe in cloud environments.

To add user settings:

  1. Log into the Elasticsearch Service Console.
  2. On the Deployments page, select your deployment.

    Narrow your deployments by name, ID, or choose from several other filters. To customize your view, use a combination of filters, or change the format from a grid to a list.

  3. From your deployment menu, go to the Edit page.
  4. At the bottom of the first Elasticsearch node, expand the User settings overrides caret.
  5. Update the user settings.
  6. Click Save changes.

Supported Elasticsearch settings

Elasticsearch Service supports the following Elasticsearch settings:

http.cors.*
Enables cross-origin resource sharing (CORS) settings for the HTTP module.
modules-http.html
Support for compression when possible (with Accept-Encoding). Defaults to true.
repositories.url.allowed_urls
Enables whitelisting of read-only URL repositories.
reindex.remote.whitelist
Whitelists the hosts that can be reindexed from remotely. Expects a YAML array of host:port strings. Consists of a comma-delimited list of host:port entries. Defaults to ["\*.io:*", "\*.com:*"].
script.painless.regex.enabled
Enables regular expressions for the Painless scripting language.
index.number_of_shards
The number of primary shards that an index should have.
action.auto_create_index
Automatically create index if it doesn’t already exist.
action.destructive_requires_name
When set to true, users must specify the index name to delete an index. It’s not possible to delete _all or use wildcards.
cluster.indices.close.enable

Enables closing indices in Elasticsearch version 2.2 and later. You might enable this setting temporarily in order to change the analyzer configuration for an existing index. We strongly recommend leaving this set to false (the default) otherwise. Closed indices are a data loss risk: closed indices are not included when you when you make cluster configuration changes, such as scaling to a different capacity, failover, and many other operations. Lastly, closed indices can lead to inaccurate disk space counts.

Closed indices are a data loss risk. Enable this setting only temporarily.

Circuit breaker settings
The following circuit breaker settings are supported:
indices.breaker.total.limit
Configures the parent circuit breaker settings.
indices.breaker.fielddata.limit
Configures the limit for the fielddata breaker.
indices.breaker.fielddata.overhead
Configures a constant that all field data estimations are multiplied with to determine a final estimation.
indices.breaker.request.limit
Configures the limit for the request breaker.
indices.breaker.request.overhead
Configures a constant that all request estimations are multiplied by to determine a final estimation.
X-Pack (for version 6.0 and later)
The following X-Pack settings are supported:
xpack.watcher.encrypt_sensitive_data
Allows enabling/disabling encryption of sensitive watcher configurations. Note that it requires adding xpack.watcher.encryption_key on the keystore.
SAML
All SAML settings are whitelisted for the reserved cloud-saml realm name.
xpack.security.authc.realms.saml.cloud-saml.*
To learn more on how to enable SAML and related user settings, see secure your clusters with SAML.
OpenID Connect
All OpenID Connect settings are whitelisted for the reserved cloud-oidc realm name.
xpack.security.authc.realms.oidc.cloud-oidc.*
To learn more on how to enable OpenID Connect and related user settings, see secure your clusters with OpenID Connect.
X-Pack (for version 5.0 and later)

The following X-Pack settings are supported:

xpack.notification.slack
Configures Slack notification settings (up to 6.2 | 6.3 and later). Note that you need to add secure_url as a secret value to the keystore.
xpack.notification.hipchat
Configures HipChat notification settings.
xpack.notification.pagerduty
Configures PagerDuty notification settings.
xpack.watcher.trigger.schedule.engine
Defines when the watch should start, based on date and time.
xpack.notification.email.html.sanitization.*
Enables email notification settings to sanitize HTML elements in emails that are sent.
xpack.monitoring.collection.interval
Controls how often data samples are collected.
xpack.monitoring.collection.min_interval_seconds

Specifies the minimum number of seconds that a time bucket in a chart can represent. If you modify the xpack.monitoring.collection.interval, use the same value in this setting.

Defaults to 10 (10 seconds).

xpack.monitoring.history.duration
Sets the retention duration beyond which the indices created by a monitoring exporter will be automatically deleted.
xpack.watcher.history.cleaner_service.enabled
Controls whether old watcher indices are automatically deleted (requires 5.6.4 or greater).
Scripting 5.x

The following settings are supported in Elasticsearch 5.x clusters:

  • script.inline
  • script.stored
  • script.file
  • script.allowed_types
  • script.allowed_contexts

To learn more, see Allowed script types setting and Allowed script contexts setting.

Scripting 6.x

The following settings are supported in Elasticsearch 6.x clusters:

  • script.allowed_types
  • script.allowed_contexts

In Elasticsearch 6.0 you can encrypt sensitive data in watcher using

  • xpack.watcher.encrypt_sensitive_data

To learn more, see Allowed script types setting and Allowed script contexts setting.

Watcher and Marvel (for versions before 5.0)

The following Watcher and Marvel settings are supported:

watcher.actions.slack.service
Configures Slack notification settings.
watcher.actions.hipchat.service
Configures HipChat notification settings.
watcher.actions.pagerduty.service
Configures Configures PagerDuty notification settings.
marvel.agent.interval
Controls how often data samples are collected.
watcher.trigger.schedule.engine
Defines when the watch should start, based on date and time.
Disk-based shard allocation settings

The following disk-based allocation settings are supported:

cluster.routing.allocation.disk.threshold_enabled
Enable or disable disk allocation decider and defaults to true.
cluster.routing.allocation.disk.watermark.low
Configures disk-based shard allocation’s low watermark.
cluster.routing.allocation.disk.watermark.high
Configures disk-based shard allocation’s high watermark.
cluster.routing.allocation.disk.watermark.flood_stage
Configures disk-based shard allocation’s flood_stage (available only on 6.x and higher).

Remember to update user settings for alerts when performing a major version upgrade. For version 5.0 and later, the syntax is different when compared to earlier versions.

If a setting is not on this list, it cannot be set and will be rejected. Additional user settings might added in the future.