* Adding ESS icons to supported ES settings. * Adding new file for supported ESS settings. * Adding supported ESS settings for HTTP and disk-based shard allocation. * Adding more supported settings for ESS. * Adding descriptions for each Cloud section, plus additional settings. * Adding new warehouse file for Cloud, plus additional settings. * Adding node settings for Cloud. * Adding audit settings for Cloud. * Resolving merge conflict. * Adding SAML settings (part 1). * Adding SAML realm encryption and signing settings. * Adding SAML SSL settings. * Adding Kerberos realm settings. * Adding OpenID Connect Realm settings. * Adding OpenID Connect SSL settings. * Resolving leftover Git merge markers. * Removing Cloud settings page and link to it. * Add link to mapping source * Update docs/reference/docs/reindex.asciidoc * Incorporate edit of HTTP settings * Remove "cloud" from tag and ID * Remove "cloud" from tag and update description * Remove "cloud" from tag and ID * Change "whitelists" to "specifies" * Remove "cloud" from end tag * Removing cloud from IDs and tags. * Changing link reference to fix build issue. * Adding index management page for missing settings. * Removing warehouse file for Cloud and moving settings elsewhere. * Clarifying true/false usage of http.detailed_errors.enabled. * Changing underscore to dash in link to fix ci build.
This commit is contained in:
parent
9d1bf383d0
commit
20d04081ec
|
@ -180,7 +180,7 @@ automatic creation of indices that match specified patterns, or set it to
|
|||
comma-separated list of patterns you want to allow, or prefix each pattern with
|
||||
`+` or `-` to indicate whether it should be allowed or blocked. When a list is
|
||||
specified, the default behaviour is to disallow.
|
||||
+
|
||||
|
||||
IMPORTANT: The `action.auto_create_index` setting only affects the automatic
|
||||
creation of indices. It does not affect the creation of data streams.
|
||||
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
Copies documents from a _source_ to a _destination_.
|
||||
|
||||
The source and destination can be any pre-existing index, index alias, or
|
||||
<<data-streams,data stream>>. However, the source and destination must be
|
||||
<<data-streams,data stream>>. However, the source and destination must be
|
||||
different. For example, you cannot reindex a data stream into itself.
|
||||
|
||||
[IMPORTANT]
|
||||
|
@ -16,7 +16,8 @@ Reindex requires <<mapping-source-field,`_source`>> to be enabled for
|
|||
all documents in the source.
|
||||
|
||||
The destination must exist and should be configured as wanted before calling `_reindex`.
|
||||
Reindex does not copy the settings from the source or its associated template.
|
||||
Reindex does not copy the settings from the source or its associated template.
|
||||
|
||||
Mappings, shard counts, replicas, and so on must be configured ahead of time.
|
||||
=================================================
|
||||
|
||||
|
@ -70,8 +71,11 @@ POST _reindex
|
|||
[[docs-reindex-api-desc]]
|
||||
==== {api-description-title}
|
||||
|
||||
Extracts the <<mapping-source-field,document source>> from the reindex request's source and indexes the documents into the destination.
|
||||
You can copy all documents to the destination, or reindex a subset of the documents.
|
||||
// tag::docs-reindex-api-desc-tag[]
|
||||
Extracts the <<mapping-source-field,document source>> from the source index and indexes the documents into the destination index.
|
||||
You can copy all documents to the destination index, or reindex a subset of the documents.
|
||||
// end::docs-reindex-api-desc-tag[]
|
||||
|
||||
|
||||
Just like <<docs-update-by-query,`_update_by_query`>>, `_reindex` gets a
|
||||
snapshot of the source but its destination must be **different** so
|
||||
|
@ -95,8 +99,8 @@ any reindex request to a destination data stream must have an `op_type`
|
|||
of`create`. A reindex can only add new documents to a destination data stream.
|
||||
It cannot update existing documents in a destination data stream.
|
||||
|
||||
By default, version conflicts abort the `_reindex` process.
|
||||
To continue reindexing if there are conflicts, set the `"conflicts"` request body parameter to `proceed`.
|
||||
By default, version conflicts abort the `_reindex` process.
|
||||
To continue reindexing if there are conflicts, set the `"conflicts"` request body parameter to `proceed`.
|
||||
In this case, the response includes a count of the version conflicts that were encountered.
|
||||
Note that the handling of other error types is unaffected by the `"conflicts"` parameter.
|
||||
|
||||
|
@ -105,9 +109,9 @@ Note that the handling of other error types is unaffected by the `"conflicts"` p
|
|||
|
||||
If the request contains `wait_for_completion=false`, {es}
|
||||
performs some preflight checks, launches the request, and returns a
|
||||
<<tasks,`task`>> you can use to cancel or get the status of the task.
|
||||
{es} creates a record of this task as a document at `.tasks/task/${taskId}`.
|
||||
When you are done with a task, you should delete the task document so
|
||||
<<tasks,`task`>> you can use to cancel or get the status of the task.
|
||||
{es} creates a record of this task as a document at `.tasks/task/${taskId}`.
|
||||
When you are done with a task, you should delete the task document so
|
||||
{es} can reclaim the space.
|
||||
|
||||
[[docs-reindex-from-multiple-sources]]
|
||||
|
@ -141,7 +145,7 @@ done
|
|||
|
||||
Set `requests_per_second` to any positive decimal number (`1.4`, `6`,
|
||||
`1000`, etc.) to throttle the rate at which `_reindex` issues batches of index
|
||||
operations. Requests are throttled by padding each batch with a wait time.
|
||||
operations. Requests are throttled by padding each batch with a wait time.
|
||||
To disable throttling, set `requests_per_second` to `-1`.
|
||||
|
||||
The throttling is done by waiting between batches so that the `scroll` that `_reindex`
|
||||
|
@ -156,7 +160,7 @@ target_time = 1000 / 500 per second = 2 seconds
|
|||
wait_time = target_time - write_time = 2 seconds - .5 seconds = 1.5 seconds
|
||||
--------------------------------------------------
|
||||
|
||||
Since the batch is issued as a single `_bulk` request, large batch sizes
|
||||
Since the batch is issued as a single `_bulk` request, large batch sizes
|
||||
cause Elasticsearch to create many requests and then wait for a while before
|
||||
starting the next set. This is "bursty" instead of "smooth".
|
||||
|
||||
|
@ -447,13 +451,13 @@ include::{es-repo-dir}/rest-api/common-parms.asciidoc[tag=max_docs]
|
|||
==== {api-request-body-title}
|
||||
|
||||
`conflicts`::
|
||||
(Optional, enum) Set to `proceed` to continue reindexing even if there are conflicts.
|
||||
(Optional, enum) Set to `proceed` to continue reindexing even if there are conflicts.
|
||||
Defaults to `abort`.
|
||||
|
||||
`source`::
|
||||
`index`:::
|
||||
(Required, string) The name of the data stream, index, or index alias you are copying _from_.
|
||||
Also accepts a comma-separated list to reindex from multiple sources.
|
||||
(Required, string) The name of the data stream, index, or index alias you are copying _from_.
|
||||
Also accepts a comma-separated list to reindex from multiple sources.
|
||||
|
||||
`max_docs`:::
|
||||
(Optional, integer) The maximum number of documents to reindex.
|
||||
|
@ -468,22 +472,22 @@ Required when indexing from remote.
|
|||
`username`::::
|
||||
(Optional, string) The username to use for authentication with the remote host.
|
||||
`password`::::
|
||||
(Optional, string) The password to use for authentication with the remote host.
|
||||
`socket_timeout`::::
|
||||
(Optional, string) The password to use for authentication with the remote host.
|
||||
`socket_timeout`::::
|
||||
(Optional, <<time-units, time units>>) The remote socket read timeout. Defaults to 30 seconds.
|
||||
`connect_timeout`::::
|
||||
`connect_timeout`::::
|
||||
(Optional, <<time-units, time units>>) The remote connection timeout. Defaults to 30 seconds.
|
||||
|
||||
`size`:::
|
||||
{Optional, integer) The number of documents to index per batch.
|
||||
Use when indexing from remote to ensure that the batches fit within the on-heap buffer,
|
||||
which defaults to a maximum size of 100 MB.
|
||||
{Optional, integer) The number of documents to index per batch.
|
||||
Use when indexing from remote to ensure that the batches fit within the on-heap buffer,
|
||||
which defaults to a maximum size of 100 MB.
|
||||
|
||||
`slice`:::
|
||||
`id`::::
|
||||
(Optional, integer) Slice ID for <<docs-reindex-manual-slice, manual slicing>>.
|
||||
(Optional, integer) Slice ID for <<docs-reindex-manual-slice, manual slicing>>.
|
||||
`max`::::
|
||||
(Optional, integer) Total number of slices.
|
||||
(Optional, integer) Total number of slices.
|
||||
|
||||
`sort`:::
|
||||
+
|
||||
|
@ -495,21 +499,21 @@ deprecated::[7.6, Sort in reindex is deprecated. Sorting in reindex was never gu
|
|||
--
|
||||
|
||||
`_source`:::
|
||||
(Optional, string) If `true` reindexes all source fields.
|
||||
Set to a list to reindex select fields.
|
||||
Defaults to `true`.
|
||||
(Optional, string) If `true` reindexes all source fields.
|
||||
Set to a list to reindex select fields.
|
||||
Defaults to `true`.
|
||||
|
||||
`dest`::
|
||||
`index`:::
|
||||
(Required, string) The name of the data stream, index, or index alias you are copying _to_.
|
||||
|
||||
`version_type`:::
|
||||
(Optional, enum) The versioning to use for the indexing operation.
|
||||
Valid values: `internal`, `external`, `external_gt`, `external_gte`.
|
||||
(Optional, enum) The versioning to use for the indexing operation.
|
||||
Valid values: `internal`, `external`, `external_gt`, `external_gte`.
|
||||
See <<index-version-types>> for more information.
|
||||
|
||||
`op_type`:::
|
||||
(Optional, enum) Set to create to only index documents that do not already exist (put if absent).
|
||||
`op_type`:::
|
||||
(Optional, enum) Set to create to only index documents that do not already exist (put if absent).
|
||||
Valid values: `index`, `create`. Defaults to `index`.
|
||||
+
|
||||
IMPORTANT: To reindex to a data stream destination, this argument must be
|
||||
|
@ -530,11 +534,10 @@ the special value `_doc`. See <<removal-of-types>> for further details.
|
|||
====
|
||||
|
||||
`script`::
|
||||
`source`:::
|
||||
(Optional, string) The script to run to update the document source or metadata when reindexing.
|
||||
|
||||
`source`:::
|
||||
(Optional, string) The script to run to update the document source or metadata when reindexing.
|
||||
`lang`:::
|
||||
(Optional, enum) The script language: `painless`, `expression`, `mustache`, `java`.
|
||||
(Optional, enum) The script language: `painless`, `expression`, `mustache`, `java`.
|
||||
For more information, see <<modules-scripting>>.
|
||||
|
||||
|
||||
|
@ -638,7 +641,7 @@ POST _reindex
|
|||
[[docs-reindex-select-max-docs]]
|
||||
===== Reindex select documents with `max_docs`
|
||||
|
||||
You can limit the number of processed documents by setting `max_docs`.
|
||||
You can limit the number of processed documents by setting `max_docs`.
|
||||
For example, this request copies a single document from `twitter` to
|
||||
`new_twitter`:
|
||||
|
||||
|
@ -660,7 +663,7 @@ POST _reindex
|
|||
[[docs-reindex-multiple-sources]]
|
||||
===== Reindex from multiple sources
|
||||
|
||||
The `index` attribute in `source` can be a list, allowing you to copy from lots
|
||||
The `index` attribute in `source` can be a list, allowing you to copy from lots
|
||||
of sources in one request. This will copy documents from the
|
||||
`twitter` and `blog` indices:
|
||||
|
||||
|
@ -1047,7 +1050,7 @@ It is not possible to configure SSL in the body of the `_reindex` request.
|
|||
The following settings are supported:
|
||||
|
||||
`reindex.ssl.certificate_authorities`::
|
||||
List of paths to PEM encoded certificate files that should be trusted.
|
||||
List of paths to PEM encoded certificate files that should be trusted.
|
||||
You cannot specify both `reindex.ssl.certificate_authorities` and
|
||||
`reindex.ssl.truststore.path`.
|
||||
|
||||
|
@ -1072,7 +1075,7 @@ or "pkcs12", this setting defaults to `PKCS12`. Otherwise, it defaults to `jks`.
|
|||
|
||||
`reindex.ssl.verification_mode`::
|
||||
Indicates the type of verification to protect against man in the middle attacks
|
||||
and certificate forgery.
|
||||
and certificate forgery.
|
||||
One of `full` (verify the hostname and the certificate path), `certificate`
|
||||
(verify the certificate path, but not the hostname) or `none` (perform no
|
||||
verification - this is strongly discouraged in production environments).
|
||||
|
@ -1092,12 +1095,12 @@ You cannot specify both `reindex.ssl.key` and `reindex.ssl.keystore.path`.
|
|||
`reindex.ssl.key_passphrase`::
|
||||
Specifies the passphrase to decrypt the PEM encoded private key
|
||||
(`reindex.ssl.key`) if it is encrypted.
|
||||
Cannot be used with `reindex.ssl.secure_key_passphrase`.
|
||||
Cannot be used with `reindex.ssl.secure_key_passphrase`.
|
||||
|
||||
`reindex.ssl.secure_key_passphrase` (<<secure-settings,Secure>>)::
|
||||
Specifies the passphrase to decrypt the PEM encoded private key
|
||||
(`reindex.ssl.key`) if it is encrypted.
|
||||
Cannot be used with `reindex.ssl.key_passphrase`.
|
||||
Cannot be used with `reindex.ssl.key_passphrase`.
|
||||
|
||||
`reindex.ssl.keystore.path`::
|
||||
Specifies the path to the keystore that contains a private key and certificate
|
||||
|
@ -1107,11 +1110,11 @@ You cannot specify both `reindex.ssl.key` and `reindex.ssl.keystore.path`.
|
|||
|
||||
`reindex.ssl.keystore.type`::
|
||||
The type of the keystore (`reindex.ssl.keystore.path`). Must be either `jks` or `PKCS12`.
|
||||
If the keystore path ends in ".p12", ".pfx" or "pkcs12", this setting defaults
|
||||
If the keystore path ends in ".p12", ".pfx" or "pkcs12", this setting defaults
|
||||
to `PKCS12`. Otherwise, it defaults to `jks`.
|
||||
|
||||
`reindex.ssl.keystore.password`::
|
||||
The password to the keystore (`reindex.ssl.keystore.path`). This setting cannot be used
|
||||
The password to the keystore (`reindex.ssl.keystore.path`). This setting cannot be used
|
||||
with `reindex.ssl.keystore.secure_password`.
|
||||
|
||||
`reindex.ssl.keystore.secure_password` (<<secure-settings,Secure>>)::
|
||||
|
@ -1120,10 +1123,10 @@ This setting cannot be used with `reindex.ssl.keystore.password`.
|
|||
|
||||
`reindex.ssl.keystore.key_password`::
|
||||
The password for the key in the keystore (`reindex.ssl.keystore.path`).
|
||||
Defaults to the keystore password. This setting cannot be used with
|
||||
Defaults to the keystore password. This setting cannot be used with
|
||||
`reindex.ssl.keystore.secure_key_password`.
|
||||
|
||||
`reindex.ssl.keystore.secure_key_password` (<<secure-settings,Secure>>)::
|
||||
The password for the key in the keystore (`reindex.ssl.keystore.path`).
|
||||
Defaults to the keystore password. This setting cannot be used with
|
||||
Defaults to the keystore password. This setting cannot be used with
|
||||
`reindex.ssl.keystore.key_password`.
|
||||
|
|
|
@ -12,6 +12,8 @@ an index.
|
|||
[[index-modules-settings]]
|
||||
== Index Settings
|
||||
|
||||
[[index-modules-settings-description]]
|
||||
// tag::index-modules-settings-description-tag[]
|
||||
Index level settings can be set per-index. Settings may be:
|
||||
|
||||
_static_::
|
||||
|
@ -23,6 +25,7 @@ _dynamic_::
|
|||
|
||||
They can be changed on a live index using the
|
||||
<<indices-update-settings,update-index-settings>> API.
|
||||
// end::index-modules-settings-description-tag[]
|
||||
|
||||
WARNING: Changing static or dynamic index settings on a closed index could
|
||||
result in incorrect settings that are impossible to rectify without deleting
|
||||
|
@ -34,15 +37,14 @@ and recreating the index.
|
|||
Below is a list of all _static_ index settings that are not associated with any
|
||||
specific index module:
|
||||
|
||||
`index.number_of_shards`::
|
||||
[[index-number-of-shards]]
|
||||
// tag::index-number-of-shards-tag[]
|
||||
`index.number_of_shards` {ess-icon}::
|
||||
The number of primary shards that an index should have. Defaults to `1`. This setting can only be set at index creation time. It cannot be changed on a closed index.
|
||||
+
|
||||
NOTE: The number of shards are limited to `1024` per index. This limitation is a safety limit to prevent accidental creation of indices that can destabilize a cluster due to resource allocation. The limit can be modified by specifying `export ES_JAVA_OPTS="-Des.index.max_number_of_shards=128"` system property on every node that is part of the cluster.
|
||||
|
||||
The number of primary shards that an index should have. Defaults to 1.
|
||||
This setting can only be set at index creation time. It cannot be
|
||||
changed on a closed index. Note: the number of shards are limited to `1024` per
|
||||
index. This limitation is a safety limit to prevent accidental creation of indices
|
||||
that can destabilize a cluster due to resource allocation. The limit can be modified
|
||||
by specifying `export ES_JAVA_OPTS="-Des.index.max_number_of_shards=128"` system property on every node that is
|
||||
part of the cluster.
|
||||
// end::index-number-of-shards-tag[]
|
||||
|
||||
`index.shard.check_on_startup`::
|
||||
|
||||
|
|
|
@ -22,6 +22,16 @@ index:
|
|||
Set to `true` to make the index and index metadata read only, `false` to
|
||||
allow writes and metadata changes.
|
||||
|
||||
`index.blocks.read_only_allow_delete`::
|
||||
|
||||
Similar to `index.blocks.read_only`, but also allows deleting the index to
|
||||
make more resources available. The <<disk-based-shard-allocation,disk-based shard
|
||||
allocator>> may add and remove this block automatically.
|
||||
+
|
||||
Deleting documents from an index to release resources - rather than deleting the index itself - can increase the index size over time. When `index.blocks.read_only_allow_delete` is set to `true`, deleting documents is not permitted. However, deleting the index itself releases the read-only index block and makes resources available almost immediately.
|
||||
+
|
||||
IMPORTANT: {es} adds and removes the read-only index block automatically when the disk utilization falls below the high watermark, controlled by <<cluster-routing-flood-stage,cluster.routing.allocation.disk.watermark.flood_stage>>.
|
||||
|
||||
`index.blocks.read`::
|
||||
|
||||
Set to `true` to disable read operations against the index.
|
||||
|
@ -51,7 +61,7 @@ disk space. When you delete an index the data is removed from disk almost
|
|||
immediately, freeing the space it consumes.
|
||||
|
||||
IMPORTANT: {es} adds the read-only-allow-delete index block automatically when
|
||||
disk utilisation exceeds the <<cluster-routing-flood_stage,flood-stage
|
||||
disk utilisation exceeds the <<cluster-routing-flood-stage,flood-stage
|
||||
watermark>> and removes it again when disk utilisation is below the
|
||||
<<cluster-routing-watermark-high,high watermark>>. You should not apply this
|
||||
block yourself.
|
||||
|
@ -148,4 +158,3 @@ The API returns following response:
|
|||
} ]
|
||||
}
|
||||
--------------------------------------------------
|
||||
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
[[disk-based-shard-allocation]]
|
||||
==== Disk-based shard allocation settings
|
||||
|
||||
[[disk-based-shard-allocation-description]]
|
||||
// tag::disk-based-shard-allocation-description-tag[]
|
||||
{es} considers the available disk space on a node before deciding
|
||||
whether to allocate new shards to that node or to actively relocate shards away
|
||||
from that node.
|
||||
|
@ -13,43 +14,42 @@ file or updated dynamically on a live cluster with the
|
|||
|
||||
Defaults to `true`. Set to `false` to disable the disk allocation decider.
|
||||
|
||||
[[cluster-routing-watermark-low]]
|
||||
`cluster.routing.allocation.disk.watermark.low`::
|
||||
[[cluster-routing-disk-threshold]]
|
||||
// tag::cluster-routing-disk-threshold-tag[]
|
||||
`cluster.routing.allocation.disk.threshold_enabled` {ess-icon}::
|
||||
+
|
||||
Defaults to `true`. Set to `false` to disable the disk allocation decider.
|
||||
// end::cluster-routing-disk-threshold-tag[]
|
||||
|
||||
Controls the low watermark for disk usage. It defaults to `85%`, meaning
|
||||
that {es} will not allocate shards to nodes that have more than
|
||||
85% disk used. It can also be set to an absolute byte value (like `500mb`)
|
||||
to prevent {es} from allocating shards if less than the specified
|
||||
amount of space is available. This setting has no effect on the primary
|
||||
shards of newly-created indices but will prevent their replicas from being allocated.
|
||||
[[cluster-routing-watermark-low]]
|
||||
// tag::cluster-routing-watermark-low-tag[]
|
||||
`cluster.routing.allocation.disk.watermark.low` {ess-icon}::
|
||||
+
|
||||
Controls the low watermark for disk usage. It defaults to `85%`, meaning that {es} will not allocate shards to nodes that have more than 85% disk used. It can also be set to an absolute byte value (like `500mb`) to prevent {es} from allocating shards if less than the specified amount of space is available. This setting has no effect on the primary shards of newly-created indices but will prevent their replicas from being allocated.
|
||||
// end::cluster-routing-watermark-low-tag[]
|
||||
|
||||
[[cluster-routing-watermark-high]]
|
||||
`cluster.routing.allocation.disk.watermark.high`::
|
||||
// tag::cluster-routing-watermark-high-tag[]
|
||||
`cluster.routing.allocation.disk.watermark.high` {ess-icon}::
|
||||
+
|
||||
Controls the high watermark. It defaults to `90%`, meaning that {es} will attempt to relocate shards away from a node whose disk usage is above 90%. It can also be set to an absolute byte value (similarly to the low watermark) to relocate shards away from a node if it has less than the specified amount of free space. This setting affects the allocation of all shards, whether previously allocated or not.
|
||||
// end::cluster-routing-watermark-high-tag[]
|
||||
|
||||
Controls the high watermark. It defaults to `90%`, meaning that
|
||||
{es} will attempt to relocate shards away from a node whose disk
|
||||
usage is above 90%. It can also be set to an absolute byte value (similarly
|
||||
to the low watermark) to relocate shards away from a node if it has less
|
||||
than the specified amount of free space. This setting affects the
|
||||
allocation of all shards, whether previously allocated or not.
|
||||
`cluster.routing.allocation.disk.watermark.enable_for_single_data_node`::
|
||||
For a single data node, the default is to disregard disk watermarks when
|
||||
making an allocation decision. This is deprecated behavior and will be
|
||||
changed in 8.0. This setting can be set to `true` to enable the
|
||||
disk watermarks for a single data node cluster (will become default in 8.0).
|
||||
|
||||
[[cluster-routing-flood_stage]]
|
||||
`cluster.routing.allocation.disk.watermark.flood_stage`::
|
||||
[[cluster-routing-flood-stage]]
|
||||
// tag::cluster-routing-flood-stage-tag[]
|
||||
`cluster.routing.allocation.disk.watermark.flood_stage` {ess-icon}::
|
||||
+
|
||||
--
|
||||
Controls the flood stage watermark, which defaults to 95%. {es} enforces a read-only index block
|
||||
(`index.blocks.read_only_allow_delete`) on every index that has one or more
|
||||
shards allocated on the node, and that has at least one disk exceeding the flood
|
||||
stage. This setting is a last resort to prevent nodes from running out of disk space.
|
||||
The index block is automatically released when the disk utilization falls below
|
||||
the high watermark.
|
||||
Controls the flood stage watermark, which defaults to 95%. {es} enforces a read-only index block (`index.blocks.read_only_allow_delete`) on every index that has one or more shards allocated on the node, and that has at least one disk exceeding the flood stage. This setting is a last resort to prevent nodes from running out of disk space. The index block is automatically released when the disk utilization falls below the high watermark.
|
||||
|
||||
NOTE: You cannot mix the usage of percentage values and byte values within
|
||||
these settings. Either all values are set to percentage values, or all are set to byte
|
||||
values. This enforcement is so that {es} can validate that the settings are internally
|
||||
consistent, ensuring that the low disk threshold is less than the high disk
|
||||
threshold, and the high disk threshold is less than the flood stage
|
||||
threshold.
|
||||
these settings. Either all values are set to percentage values, or all are set to byte values. This enforcement is so that {es} can validate that the settings are internally consistent, ensuring that the low disk threshold is less than the high disk threshold, and the high disk threshold is less than the flood stage threshold.
|
||||
|
||||
An example of resetting the read-only index block on the `twitter` index:
|
||||
|
||||
|
@ -62,6 +62,7 @@ PUT /twitter/_settings
|
|||
--------------------------------------------------
|
||||
// TEST[setup:twitter]
|
||||
--
|
||||
// end::cluster-routing-flood-stage-tag[]
|
||||
|
||||
`cluster.info.update.interval`::
|
||||
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
[[modules-http]]
|
||||
=== HTTP
|
||||
|
||||
[[modules-http-description]]
|
||||
// tag::modules-http-description-tag[]
|
||||
The HTTP layer exposes {es}'s REST APIs over HTTP.
|
||||
|
||||
The HTTP mechanism is completely asynchronous in nature, meaning that
|
||||
|
@ -13,105 +14,118 @@ http://en.wikipedia.org/wiki/Keepalive#HTTP_Keepalive[HTTP keep alive]
|
|||
when connecting for better performance and try to get your favorite
|
||||
client not to do
|
||||
http://en.wikipedia.org/wiki/Chunked_transfer_encoding[HTTP chunking].
|
||||
// end::modules-http-description-tag[]
|
||||
|
||||
[http-settings]
|
||||
==== HTTP settings
|
||||
|
||||
The settings in the table below can be configured for HTTP. Note that none of
|
||||
them are dynamically updatable so for them to take effect they should be set in
|
||||
the Elasticsearch <<settings, configuration file>>.
|
||||
The following settings can be configured for HTTP. These settings also use the common <<modules-network,network settings>>.
|
||||
|
||||
[cols="<,<",options="header",]
|
||||
|=======================================================================
|
||||
|Setting |Description
|
||||
|`http.port` |A bind port range. Defaults to `9200-9300`.
|
||||
NOTE: HTTP settings cannot be updated dynamically. You must configure these settings in the {es} <<settings, configuration file>>
|
||||
and restart {es} for changes to take effect.
|
||||
|
||||
|`http.publish_port` |The port that HTTP clients should use when
|
||||
`http.port`::
|
||||
A bind port range. Defaults to `9200-9300`.
|
||||
|
||||
`http.publish_port`::
|
||||
The port that HTTP clients should use when
|
||||
communicating with this node. Useful when a cluster node is behind a
|
||||
proxy or firewall and the `http.port` is not directly addressable
|
||||
from the outside. Defaults to the actual port assigned via `http.port`.
|
||||
|
||||
|`http.bind_host` |The host address to bind the HTTP service to. Defaults to `http.host` (if set) or `network.bind_host`.
|
||||
`http.bind_host`::
|
||||
The host address to bind the HTTP service to. Defaults to `http.host` (if set) or `network.bind_host`.
|
||||
|
||||
|`http.publish_host` |The host address to publish for HTTP clients to connect to. Defaults to `http.host` (if set) or `network.publish_host`.
|
||||
`http.publish_host`::
|
||||
The host address to publish for HTTP clients to connect to. Defaults to `http.host` (if set) or `network.publish_host`.
|
||||
|
||||
|`http.host` |Used to set the `http.bind_host` and the `http.publish_host`.
|
||||
`http.host`::
|
||||
Used to set the `http.bind_host` and the `http.publish_host`.
|
||||
|
||||
|`http.max_content_length` |The max content of an HTTP request. Defaults to
|
||||
`100mb`.
|
||||
`http.max_content_length`::
|
||||
The max content of an HTTP request. Defaults to `100MB`.
|
||||
|
||||
|`http.max_initial_line_length` |The max length of an HTTP URL. Defaults
|
||||
to `4kb`
|
||||
`http.max_initial_line_length`::
|
||||
The max length of an HTTP URL. Defaults to `4KB`.
|
||||
|
||||
|`http.max_header_size` | The max size of allowed headers. Defaults to `8kB`
|
||||
|
||||
|
||||
|`http.compression` |Support for compression when possible (with
|
||||
Accept-Encoding). If HTTPS is enabled, defaults to `false`. Otherwise, defaults
|
||||
to `true`.
|
||||
`http.max_header_size`::
|
||||
The max size of allowed headers. Defaults to `8KB`.
|
||||
|
||||
[[http-compression]]
|
||||
// tag::http-compression-tag[]
|
||||
`http.compression` {ess-icon}::
|
||||
Support for compression when possible (with Accept-Encoding). If HTTPS is enabled, defaults to `false`. Otherwise, defaults to `true`.
|
||||
+
|
||||
Disabling compression for HTTPS mitigates potential security risks, such as a
|
||||
https://en.wikipedia.org/wiki/BREACH[BREACH attack]. To compress HTTPS traffic,
|
||||
you must explicitly set `http.compression` to `true`.
|
||||
// end::http-compression-tag[]
|
||||
|
||||
|`http.compression_level` |Defines the compression level to use for HTTP responses. Valid values are in the range of 1 (minimum compression)
|
||||
and 9 (maximum compression). Defaults to `3`.
|
||||
`http.compression_level`::
|
||||
Defines the compression level to use for HTTP responses. Valid values are in the range of 1 (minimum compression) and 9 (maximum compression). Defaults to `3`.
|
||||
|
||||
|`http.cors.enabled` |Enable or disable cross-origin resource sharing,
|
||||
i.e. whether a browser on another origin can execute requests against
|
||||
Elasticsearch. Set to `true` to enable Elasticsearch to process pre-flight
|
||||
[[http-cors-enabled]]
|
||||
// tag::http-cors-enabled-tag[]
|
||||
`http.cors.enabled` {ess-icon}::
|
||||
Enable or disable cross-origin resource sharing, which determines whether a browser on another origin can execute requests against {es}. Set to `true` to enable {es} to process pre-flight
|
||||
https://en.wikipedia.org/wiki/Cross-origin_resource_sharing[CORS] requests.
|
||||
Elasticsearch will respond to those requests with the `Access-Control-Allow-Origin` header
|
||||
if the `Origin` sent in the request is permitted by the `http.cors.allow-origin`
|
||||
list. Set to `false` (the default) to make Elasticsearch ignore the `Origin`
|
||||
request header, effectively disabling CORS requests because Elasticsearch will
|
||||
never respond with the `Access-Control-Allow-Origin` response header. Note that
|
||||
if the client does not send a pre-flight request with an `Origin` header or it
|
||||
does not check the response headers from the server to validate the
|
||||
{es} will respond to those requests with the `Access-Control-Allow-Origin` header if the `Origin` sent in the request is permitted by the `http.cors.allow-origin` list. Set to `false` (the default) to make {es} ignore the `Origin` request header, effectively disabling CORS requests because {es} will never respond with the `Access-Control-Allow-Origin` response header.
|
||||
+
|
||||
NOTE: If the client does not send a pre-flight request with an `Origin` header or it does not check the response headers from the server to validate the
|
||||
`Access-Control-Allow-Origin` response header, then cross-origin security is
|
||||
compromised. If CORS is not enabled on Elasticsearch, the only way for the client
|
||||
to know is to send a pre-flight request and realize the required response headers
|
||||
are missing.
|
||||
compromised. If CORS is not enabled on {es}, the only way for the client to know is to send a pre-flight request and realize the required response headers are missing.
|
||||
|
||||
|`http.cors.allow-origin` |Which origins to allow. Defaults to no origins
|
||||
allowed. If you prepend and append a `/` to the value, this will
|
||||
be treated as a regular expression, allowing you to support HTTP and HTTPs.
|
||||
for example using `/https?:\/\/localhost(:[0-9]+)?/` would return the
|
||||
request header appropriately in both cases. `*` is a valid value but is
|
||||
considered a *security risk* as your Elasticsearch instance is open to cross origin
|
||||
requests from *anywhere*.
|
||||
// end::http-cors-enabled-tag[]
|
||||
|
||||
|`http.cors.max-age` |Browsers send a "preflight" OPTIONS-request to
|
||||
determine CORS settings. `max-age` defines how long the result should
|
||||
be cached for. Defaults to `1728000` (20 days)
|
||||
[[http-cors-allow-origin]]
|
||||
// tag::http-cors-allow-origin-tag[]
|
||||
`http.cors.allow-origin` {ess-icon}::
|
||||
Which origins to allow. If you prepend and append a forward slash (`/`) to the value, this will be treated as a regular expression, allowing you to support HTTP and HTTPs. For example, using `/https?:\/\/localhost(:[0-9]+)?/` would return the request header appropriately in both cases. Defaults to no origins allowed.
|
||||
+
|
||||
IMPORTANT: A wildcard (`*`) is a valid value but is considered a security risk, as your {es} instance is open to cross origin requests from *anywhere*.
|
||||
|
||||
|`http.cors.allow-methods` |Which methods to allow. Defaults to
|
||||
`OPTIONS, HEAD, GET, POST, PUT, DELETE`.
|
||||
// end::http-cors-allow-origin-tag[]
|
||||
|
||||
|`http.cors.allow-headers` |Which headers to allow. Defaults to
|
||||
`X-Requested-With, Content-Type, Content-Length`.
|
||||
[[http-cors-max-age]]
|
||||
// tag::http-cors-max-age-tag[]
|
||||
`http.cors.max-age` {ess-icon}::
|
||||
Browsers send a "preflight" OPTIONS-request to determine CORS settings. `max-age` defines how long the result should be cached for. Defaults to `1728000` (20 days).
|
||||
// end::http-cors-max-age-tag[]
|
||||
|
||||
|`http.cors.allow-credentials` | Whether the `Access-Control-Allow-Credentials`
|
||||
header should be returned. Note: This header is only returned, when the setting is
|
||||
set to `true`. Defaults to `false`
|
||||
[[http-cors-allow-methods]]
|
||||
// tag::http-cors-allow-methods-tag[]
|
||||
`http.cors.allow-methods` {ess-icon}::
|
||||
Which methods to allow. Defaults to `OPTIONS, HEAD, GET, POST, PUT, DELETE`.
|
||||
// end::http-cors-allow-methods-tag[]
|
||||
|
||||
|`http.detailed_errors.enabled` |Enables or disables the output of detailed error messages
|
||||
and stack traces in response output. Note: When set to `false` and the `error_trace` request
|
||||
parameter is specified, an error will be returned; when `error_trace` is not specified, a
|
||||
simple message will be returned. Defaults to `true`
|
||||
[[http-cors-allow-headers]]
|
||||
// tag::http-cors-allow-headers-tag[]
|
||||
`http.cors.allow-headers` {ess-icon}::
|
||||
Which headers to allow. Defaults to `X-Requested-With, Content-Type, Content-Length`.
|
||||
// end::http-cors-allow-headers-tag[]
|
||||
|
||||
|`http.pipelining.max_events` |The maximum number of events to be queued up in memory before an HTTP connection is closed, defaults to `10000`.
|
||||
[[http-cors-allow-credentials]]
|
||||
// tag::http-cors-allow-credentials-tag[]
|
||||
`http.cors.allow-credentials` {ess-icon}::
|
||||
Whether the `Access-Control-Allow-Credentials` header should be returned. Defaults to `false`.
|
||||
+
|
||||
NOTE: This header is only returned when the setting is set to `true`.
|
||||
|
||||
|`http.max_warning_header_count` |The maximum number of warning headers in
|
||||
client HTTP responses, defaults to unbounded.
|
||||
// end::http-cors-allow-credentials-tag[]
|
||||
|
||||
|`http.max_warning_header_size` |The maximum total size of warning headers in
|
||||
client HTTP responses, defaults to unbounded.
|
||||
`http.detailed_errors.enabled`::
|
||||
If `true`, enables the output of detailed error messages and stack traces in the response output. Defaults to `true`.
|
||||
+
|
||||
If `false`, use the `error_trace` parameter to <<common-options-error-options,enable stack traces>> and return detailed error messages. Otherwise, only a simple message will be returned.
|
||||
|
||||
|=======================================================================
|
||||
`http.pipelining.max_events`::
|
||||
The maximum number of events to be queued up in memory before an HTTP connection is closed, defaults to `10000`.
|
||||
|
||||
It also uses the common
|
||||
<<modules-network,network settings>>.
|
||||
`http.max_warning_header_count`::
|
||||
The maximum number of warning headers in client HTTP responses. Defaults to `unbounded`.
|
||||
|
||||
`http.max_warning_header_size`::
|
||||
The maximum total size of warning headers in client HTTP responses. Defaults to `unbounded`.
|
||||
|
||||
[http-rest-request-tracer]
|
||||
==== REST request tracer
|
||||
|
@ -141,4 +155,4 @@ PUT _cluster/settings
|
|||
"http.tracer.exclude" : ""
|
||||
}
|
||||
}
|
||||
--------------------------------------------------
|
||||
--------------------------------------------------
|
||||
|
|
|
@ -1,13 +1,12 @@
|
|||
[[circuit-breaker]]
|
||||
=== Circuit breaker settings
|
||||
|
||||
Elasticsearch contains multiple circuit breakers used to prevent operations from
|
||||
causing an OutOfMemoryError. Each breaker specifies a limit for how much memory
|
||||
it can use. Additionally, there is a parent-level breaker that specifies the
|
||||
total amount of memory that can be used across all breakers.
|
||||
[[circuit-breaker-description]]
|
||||
// tag::circuit-breaker-description-tag[]
|
||||
{es} contains multiple circuit breakers used to prevent operations from causing an OutOfMemoryError. Each breaker specifies a limit for how much memory it can use. Additionally, there is a parent-level breaker that specifies the total amount of memory that can be used across all breakers.
|
||||
|
||||
Except where noted otherwise, these settings can be dynamically updated on a
|
||||
live cluster with the <<cluster-update-settings,cluster-update-settings>> API.
|
||||
// end::circuit-breaker-description-tag[]
|
||||
|
||||
[[parent-circuit-breaker]]
|
||||
[float]
|
||||
|
@ -21,11 +20,14 @@ The parent-level breaker can be configured with the following settings:
|
|||
memory usage into account (`true`) or only consider the amount that is
|
||||
reserved by child circuit breakers (`false`). Defaults to `true`.
|
||||
|
||||
`indices.breaker.total.limit`::
|
||||
[[indices-breaker-total-limit]]
|
||||
// tag::indices-breaker-total-limit-tag[]
|
||||
`indices.breaker.total.limit` {ess-icon}::
|
||||
|
||||
Starting limit for overall parent breaker, defaults to 70% of JVM heap if
|
||||
Starting limit for overall parent breaker. Defaults to 70% of JVM heap if
|
||||
`indices.breaker.total.use_real_memory` is `false`. If `indices.breaker.total.use_real_memory`
|
||||
is `true`, defaults to 95% of the JVM heap.
|
||||
// end::indices-breaker-total-limit-tag[]
|
||||
|
||||
[[fielddata-circuit-breaker]]
|
||||
[float]
|
||||
|
@ -36,14 +38,20 @@ field data loading by raising an exception. By default the limit is configured
|
|||
to 40% of the maximum JVM heap. It can be configured with the following
|
||||
parameters:
|
||||
|
||||
`indices.breaker.fielddata.limit`::
|
||||
[[fielddata-circuit-breaker-limit]]
|
||||
// tag::fielddata-circuit-breaker-limit-tag[]
|
||||
`indices.breaker.fielddata.limit` {ess-icon}::
|
||||
|
||||
Limit for fielddata breaker, defaults to 40% of JVM heap
|
||||
Limit for fielddata breaker. Defaults to 40% of JVM heap.
|
||||
// end::fielddata-circuit-breaker-limit-tag[]
|
||||
|
||||
`indices.breaker.fielddata.overhead`::
|
||||
[[fielddata-circuit-breaker-overhead]]
|
||||
// tag::fielddata-circuit-breaker-overhead-tag[]
|
||||
`indices.breaker.fielddata.overhead` {ess-icon}::
|
||||
|
||||
A constant that all field data estimations are multiplied with to determine a
|
||||
final estimation. Defaults to 1.03
|
||||
final estimation. Defaults to `1.03`.
|
||||
// end::fielddata-circuit-breaker-overhead-tag[]
|
||||
|
||||
[[request-circuit-breaker]]
|
||||
[float]
|
||||
|
@ -53,14 +61,20 @@ The request circuit breaker allows Elasticsearch to prevent per-request data
|
|||
structures (for example, memory used for calculating aggregations during a
|
||||
request) from exceeding a certain amount of memory.
|
||||
|
||||
`indices.breaker.request.limit`::
|
||||
[[request-breaker-limit]]
|
||||
// tag::request-breaker-limit-tag[]
|
||||
`indices.breaker.request.limit` {ess-icon}::
|
||||
|
||||
Limit for request breaker, defaults to 60% of JVM heap
|
||||
Limit for request breaker, defaults to 60% of JVM heap.
|
||||
// end::request-breaker-limit-tag[]
|
||||
|
||||
`indices.breaker.request.overhead`::
|
||||
[[request-breaker-overhead]]
|
||||
// tag::request-breaker-overhead-tag[]
|
||||
`indices.breaker.request.overhead` {ess-icon}::
|
||||
|
||||
A constant that all request estimations are multiplied with to determine a
|
||||
final estimation. Defaults to 1
|
||||
final estimation. Defaults to `1`.
|
||||
// end::request-breaker-overhead-tag[]
|
||||
|
||||
[[in-flight-circuit-breaker]]
|
||||
[float]
|
||||
|
|
|
@ -0,0 +1,29 @@
|
|||
[[index-management-settings]]
|
||||
=== Index management settings
|
||||
|
||||
You can configure these index settings in the `elasticsearch.yml` file.
|
||||
|
||||
[[auto-create-index]]
|
||||
// tag::auto-create-index-tag[]
|
||||
`action.auto_create_index` {ess-icon}::
|
||||
<<index-creation,Automatically create an index>> if it doesn't already exist and apply any configured index templates. Default: `true`.
|
||||
// end::auto-create-index-tag[]
|
||||
|
||||
[[action-destructive-requires-name]]
|
||||
// tag::action-destructive-requires-name-tag[]
|
||||
`action.destructive_requires_name` {ess-icon}::
|
||||
When set to `true`, you must specify the index name to <<indices-delete-index,delete an index>>. It is not possible to delete all indices with `_all` or use wildcards.
|
||||
// end::action-destructive-requires-name-tag[]
|
||||
|
||||
[[cluster-indices-close-enable]]
|
||||
// tag::cluster-indices-close-enable-tag[]
|
||||
`cluster.indices.close.enable` {ess-icon}::
|
||||
Enables <<indices-open-close,opening of closed indices>> in {es}. You might enable this setting temporarily to change the analyzer configuration for an existing index. We strongly recommend leaving this set to `false` (the default) otherwise.
|
||||
+
|
||||
IMPORTANT: Closed indices are a data loss risk because they are not included when you make cluster configuration changes, such as scaling to a different capacity, failover, and many other operations. Additionally, closed indices can lead to inaccurate disk space counts.
|
||||
|
||||
[[reindex-remote-whitelist]]
|
||||
// tag::reindex-remote-whitelist[]
|
||||
`reindex.remote.whitelist` {ess-icon}::
|
||||
Specifies the hosts that can be <<reindex-from-remote,reindexed from remotely>>. Expects a YAML array of `host:port` strings. Consists of a comma-delimited list of `host:port` entries. Defaults to `["\*.io:*", "\*.com:*"]`.
|
||||
// end::reindex-remote-whitelist[]
|
|
@ -9,13 +9,14 @@ Every node in the cluster can handle <<modules-http,HTTP>> and
|
|||
<<modules-transport,Transport>> traffic by default. The transport layer is used
|
||||
exclusively for communication between nodes; the HTTP layer is used by REST
|
||||
clients.
|
||||
|
||||
[[modules-node-description]]
|
||||
// tag::modules-node-description-tag[]
|
||||
All nodes know about all the other nodes in the cluster and can forward client
|
||||
requests to the appropriate node.
|
||||
|
||||
By default, a node is all of the following types: master-eligible, data, ingest,
|
||||
and (if available) machine learning and transform.
|
||||
|
||||
// end::modules-node-description-tag[]
|
||||
TIP: As the cluster grows and in particular if you have large {ml} jobs or
|
||||
{ctransforms}, consider separating dedicated master-eligible nodes from
|
||||
dedicated data nodes, {ml} nodes, and {transform} nodes.
|
||||
|
@ -30,7 +31,7 @@ A node that has the `master` role (default), which makes it eligible to be
|
|||
A node that has the `data` role (default). Data nodes hold data and perform data
|
||||
related operations such as CRUD, search, and aggregations.
|
||||
|
||||
<<ingest,Ingest node>>::
|
||||
<<node-ingest-node,Ingest node>>::
|
||||
|
||||
A node that has the `ingest` role (default). Ingest nodes are able to apply an
|
||||
<<pipeline,ingest pipeline>> to a document in order to transform and enrich the
|
||||
|
@ -199,6 +200,12 @@ To create a dedicated ingest node, set:
|
|||
node.roles: [ ingest ]
|
||||
-------------------
|
||||
|
||||
[[node-ingest-node-setting]]
|
||||
// tag::node-ingest-tag[]
|
||||
`node.ingest` {ess-icon}::
|
||||
Determines whether a node is an ingest node. <<ingest,Ingest nodes>> can apply an ingest pipeline to transform and enrich a document before indexing. Default: `true`.
|
||||
// end::node-ingest-tag[]
|
||||
|
||||
[[coordinating-only-node]]
|
||||
==== Coordinating only node
|
||||
|
||||
|
|
|
@ -4,17 +4,21 @@
|
|||
++++
|
||||
<titleabbrev>Auditing settings</titleabbrev>
|
||||
++++
|
||||
|
||||
[[auditing-settings-description]]
|
||||
// tag::auditing-settings-description-tag[]
|
||||
You configure security auditing settings in the `elasticsearch.yml` configuration file
|
||||
on each node in the cluster. For more information, see <<enable-audit-logging>>.
|
||||
// end::auditing-settings-description-tag[]
|
||||
|
||||
[[general-audit-settings]]
|
||||
==== General Auditing Settings
|
||||
|
||||
`xpack.security.audit.enabled`::
|
||||
[[xpack-security-audit-enabled]]
|
||||
// tag::xpack-security-audit-enabled-tag[]
|
||||
`xpack.security.audit.enabled` {ess-icon}::
|
||||
Set to `true` to enable auditing on the node. The default value is `false`.
|
||||
This puts the auditing events in a dedicated file named `<clustername>_audit.json`
|
||||
on each node.
|
||||
on each node.
|
||||
// end::xpack-security-audit-enabled-tag[]
|
||||
|
||||
[[event-audit-settings]]
|
||||
==== Audited Event Settings
|
||||
|
@ -22,16 +26,24 @@ on each node.
|
|||
The events and some other information about what gets logged can be controlled
|
||||
by using the following settings:
|
||||
|
||||
`xpack.security.audit.logfile.events.include`::
|
||||
[[xpack-sa-lf-events-include]]
|
||||
// tag::xpack-sa-lf-events-include-tag[]
|
||||
`xpack.security.audit.logfile.events.include` {ess-icon}::
|
||||
Specifies which events to include in the auditing output. The default value is:
|
||||
`access_denied, access_granted, anonymous_access_denied, authentication_failed,
|
||||
connection_denied, tampered_request, run_as_denied, run_as_granted`.
|
||||
// end::xpack-sa-lf-events-include-tag[]
|
||||
|
||||
`xpack.security.audit.logfile.events.exclude`::
|
||||
[[xpack-sa-lf-events-exclude]]
|
||||
// tag::xpack-sa-lf-events-exclude-tag[]
|
||||
`xpack.security.audit.logfile.events.exclude` {ess-icon}::
|
||||
Excludes the specified events from the output. By default, no events are
|
||||
excluded.
|
||||
// end::xpack-sa-lf-events-exclude-tag[]
|
||||
|
||||
`xpack.security.audit.logfile.events.emit_request_body`::
|
||||
[[xpack-sa-lf-events-emit-request]]
|
||||
// tag::xpack-sa-lf-events-emit-request-tag[]
|
||||
`xpack.security.audit.logfile.events.emit_request_body` {ess-icon}::
|
||||
Specifies whether to include the request body from REST requests on certain
|
||||
event types such as `authentication_failed`. The default value is `false`.
|
||||
+
|
||||
|
@ -40,22 +52,35 @@ IMPORTANT: No filtering is performed when auditing, so sensitive data may be
|
|||
audited in plain text when including the request body in audit events.
|
||||
--
|
||||
|
||||
// end::xpack-sa-lf-events-emit-request-tag[]
|
||||
|
||||
[[node-audit-settings]]
|
||||
==== Local Node Info Settings
|
||||
|
||||
`xpack.security.audit.logfile.emit_node_name`::
|
||||
[[xpack-sa-lf-emit-node-name]]
|
||||
// tag::xpack-sa-lf-emit-node-name-tag[]
|
||||
`xpack.security.audit.logfile.emit_node_name` {ess-icon}::
|
||||
Specifies whether to include the <<node.name,node name>> as a field in
|
||||
each audit event. The default value is `false`.
|
||||
// end::xpack-sa-lf-emit-node-name-tag[]
|
||||
|
||||
`xpack.security.audit.logfile.emit_node_host_address`::
|
||||
[[xpack-sa-lf-emit-node-host-address]]
|
||||
// tag::xpack-sa-lf-emit-node-host-address-tag[]
|
||||
`xpack.security.audit.logfile.emit_node_host_address` {ess-icon}::
|
||||
Specifies whether to include the node's IP address as a field in each audit event.
|
||||
The default value is `false`.
|
||||
// end::xpack-sa-lf-emit-node-host-address-tag[]
|
||||
|
||||
`xpack.security.audit.logfile.emit_node_host_name`::
|
||||
[[xpack-sa-lf-emit-node-host-name]]
|
||||
// tag::xpack-sa-lf-emit-node-host-name-tag[]
|
||||
`xpack.security.audit.logfile.emit_node_host_name` {ess-icon}::
|
||||
Specifies whether to include the node's host name as a field in each audit event.
|
||||
The default value is `false`.
|
||||
// end::xpack-sa-lf-emit-node-host-name-tag[]
|
||||
|
||||
`xpack.security.audit.logfile.emit_node_id`::
|
||||
[[xpack-sa-lf-emit-node-id]]
|
||||
// tag::xpack-sa-lf-emit-node-id-tag[]
|
||||
`xpack.security.audit.logfile.emit_node_id` {ess-icon}::
|
||||
Specifies whether to include the node id as a field in each audit event.
|
||||
This is available for the new format only. That is to say, this information
|
||||
does not exist in the `<clustername>_access.log` file.
|
||||
|
@ -63,6 +88,7 @@ Unlike <<node.name,node name>>, whose value might change if the administrator
|
|||
changes the setting in the config file, the node id will persist across cluster
|
||||
restarts and the administrator cannot change it.
|
||||
The default value is `true`.
|
||||
// end::xpack-sa-lf-emit-node-id-tag[]
|
||||
|
||||
[[audit-event-ignore-policies]]
|
||||
==== Audit Logfile Event Ignore Policies
|
||||
|
@ -70,25 +96,37 @@ The default value is `true`.
|
|||
These settings affect the <<audit-log-ignore-policy,ignore policies>>
|
||||
that enable fine-grained control over which audit events are printed to the log file.
|
||||
All of the settings with the same policy name combine to form a single policy.
|
||||
If an event matches all of the conditions for a specific policy, it is ignored
|
||||
If an event matches all of the conditions for a specific policy, it is ignored
|
||||
and not printed.
|
||||
|
||||
`xpack.security.audit.logfile.events.ignore_filters.<policy_name>.users`::
|
||||
[[xpack-sa-lf-events-ignore-users]]
|
||||
// tag::xpack-sa-lf-events-ignore-users-tag[]
|
||||
`xpack.security.audit.logfile.events.ignore_filters.<policy_name>.users` {ess-icon}::
|
||||
A list of user names or wildcards. The specified policy will
|
||||
not print audit events for users matching these values.
|
||||
// end::xpack-sa-lf-events-ignore-users-tag[]
|
||||
|
||||
`xpack.security.audit.logfile.events.ignore_filters.<policy_name>.realms`::
|
||||
[[xpack-sa-lf-events-ignore-realms]]
|
||||
// tag::xpack-sa-lf-events-ignore-realms-tag[]
|
||||
`xpack.security.audit.logfile.events.ignore_filters.<policy_name>.realms` {ess-icon}::
|
||||
A list of authentication realm names or wildcards. The specified policy will
|
||||
not print audit events for users in these realms.
|
||||
// end::xpack-sa-lf-events-ignore-realms-tag[]
|
||||
|
||||
`xpack.security.audit.logfile.events.ignore_filters.<policy_name>.roles`::
|
||||
[[xpack-sa-lf-events-ignore-roles]]
|
||||
// tag::xpack-sa-lf-events-ignore-roles-tag[]
|
||||
`xpack.security.audit.logfile.events.ignore_filters.<policy_name>.roles` {ess-icon}::
|
||||
A list of role names or wildcards. The specified policy will
|
||||
not print audit events for users that have these roles. If the user has several
|
||||
roles, some of which are *not* covered by the policy, the policy will
|
||||
*not* cover this event.
|
||||
// end::xpack-sa-lf-events-ignore-roles-tag[]
|
||||
|
||||
`xpack.security.audit.logfile.events.ignore_filters.<policy_name>.indices`::
|
||||
[[xpack-sa-lf-events-ignore-indices]]
|
||||
// tag::xpack-sa-lf-events-ignore-indices-tag[]
|
||||
`xpack.security.audit.logfile.events.ignore_filters.<policy_name>.indices` {ess-icon}::
|
||||
A list of index names or wildcards. The specified policy will
|
||||
not print audit events when all the indices in the event match
|
||||
these values. If the event concerns several indices, some of which are
|
||||
*not* covered by the policy, the policy will *not* cover this event.
|
||||
// end::xpack-sa-lf-events-ignore-indices-tag[]
|
||||
|
|
|
@ -1,27 +1,44 @@
|
|||
tag::ssl-certificate[]
|
||||
Specifies the path for the PEM encoded certificate (or certificate chain) that is
|
||||
associated with the key.
|
||||
//TBD: This setting can be used only if `ssl.key` is set.
|
||||
+
|
||||
This setting can be used only if `ssl.key` is set.
|
||||
end::ssl-certificate[]
|
||||
|
||||
tag::ssl-certificate-authorities[]
|
||||
List of paths to PEM encoded certificate files that should be trusted.
|
||||
//TBD: You cannot use this setting and `ssl.truststore.path` at the same time.
|
||||
+
|
||||
This setting and `ssl.truststore.path` cannot be used at the same time.
|
||||
end::ssl-certificate-authorities[]
|
||||
|
||||
tag::ssl-cipher-suites-values[]
|
||||
include::{es-repo-dir}/settings/common-defs.asciidoc[tag=ssl-cipher-suites-values-java11]
|
||||
Supported cipher suites vary depending on which version of Java you use. For
|
||||
example, for version 12 the default value is `TLS_AES_256_GCM_SHA384`,
|
||||
`TLS_AES_128_GCM_SHA256`, `TLS_CHACHA20_POLY1305_SHA256`,
|
||||
`TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384`, `TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256`,
|
||||
`TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384`, `TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256`,
|
||||
`TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256`, `TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256`,
|
||||
`TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384`, `TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256`,
|
||||
`TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384`, `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256`,
|
||||
`TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA`, `TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA`,
|
||||
`TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA`, `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA`,
|
||||
`TLS_RSA_WITH_AES_256_GCM_SHA384`, `TLS_RSA_WITH_AES_128_GCM_SHA256`,
|
||||
`TLS_RSA_WITH_AES_256_CBC_SHA256`, `TLS_RSA_WITH_AES_128_CBC_SHA256`,
|
||||
`TLS_RSA_WITH_AES_256_CBC_SHA`, `TLS_RSA_WITH_AES_128_CBC_SHA`.
|
||||
+
|
||||
For more information, see Oracle's
|
||||
https://docs.oracle.com/en/java/javase/11/security/oracle-providers.html#GUID-7093246A-31A3-4304-AC5F-5FB6400405E2[Java Cryptography Architecture documentation].
|
||||
end::ssl-cipher-suites-values[]
|
||||
|
||||
tag::ssl-cipher-suites-values-java11[]
|
||||
Supported cipher suites vary depending on which version of Java you use. For
|
||||
example, for version 11 the default value is `TLS_AES_256_GCM_SHA384`,
|
||||
`TLS_AES_128_GCM_SHA256`, `TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384`,
|
||||
`TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256`, `TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384`,
|
||||
`TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256`, `TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384`,
|
||||
`TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256`, `TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384`,
|
||||
`TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256`, `TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA`,
|
||||
`TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA`, `TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA`,
|
||||
example, for version 11 the default value is `TLS_AES_256_GCM_SHA384`,
|
||||
`TLS_AES_128_GCM_SHA256`, `TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384`,
|
||||
`TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256`, `TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384`,
|
||||
`TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256`, `TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384`,
|
||||
`TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256`, `TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384`,
|
||||
`TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256`, `TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA`,
|
||||
`TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA`, `TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA`,
|
||||
`TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA`, `TLS_RSA_WITH_AES_256_GCM_SHA384`,
|
||||
`TLS_RSA_WITH_AES_128_GCM_SHA256`, `TLS_RSA_WITH_AES_256_CBC_SHA256`,
|
||||
`TLS_RSA_WITH_AES_128_CBC_SHA256`, `TLS_RSA_WITH_AES_256_CBC_SHA`,
|
||||
|
@ -44,17 +61,22 @@ end::ssl-cipher-suites-values-java11[]
|
|||
|
||||
tag::ssl-key-pem[]
|
||||
Path to a PEM encoded file containing the private key.
|
||||
//TBD: You cannot use this setting and `ssl.keystore.path` at the same time.
|
||||
+
|
||||
If HTTP client authentication is required, it uses this file. You cannot use
|
||||
this setting and `ssl.keystore.path` at the same time.
|
||||
end::ssl-key-pem[]
|
||||
|
||||
tag::ssl-key-passphrase[]
|
||||
The passphrase that is used to decrypt the private key. Since the key might not
|
||||
be encrypted, this value is optional.
|
||||
//TBD: You cannot use this setting and `ssl.secure_key_passphrase` at the same time.
|
||||
+
|
||||
You cannot use this setting and `ssl.secure_key_passphrase` at the same time.
|
||||
end::ssl-key-passphrase[]
|
||||
|
||||
tag::ssl-keystore-key-password[]
|
||||
The password for the key in the keystore. The default is the keystore password.
|
||||
+
|
||||
You cannot use this setting and `ssl.keystore.secure_password` at the same time.
|
||||
//TBD: You cannot use this setting and `ssl.keystore.secure_key_password` at the same time.
|
||||
end::ssl-keystore-key-password[]
|
||||
|
||||
|
@ -65,6 +87,9 @@ end::ssl-keystore-password[]
|
|||
|
||||
tag::ssl-keystore-path[]
|
||||
The path for the keystore file that contains a private key and certificate.
|
||||
+
|
||||
It must be either a Java keystore (jks) or a PKCS#12 file. You cannot use this
|
||||
setting and `ssl.key` at the same time.
|
||||
//TBD: It must be either a Java keystore (jks) or a PKCS#12 file.
|
||||
//TBD: You cannot use this setting and `ssl.key` at the same time.
|
||||
end::ssl-keystore-path[]
|
||||
|
@ -81,13 +106,13 @@ end::ssl-keystore-secure-password[]
|
|||
|
||||
tag::ssl-keystore-type-pkcs12[]
|
||||
The format of the keystore file. It must be either `jks` or `PKCS12`. If the
|
||||
keystore path ends in ".p12", ".pfx", or ".pkcs12", this setting defaults
|
||||
keystore path ends in ".p12", ".pfx", or ".pkcs12", this setting defaults
|
||||
to `PKCS12`. Otherwise, it defaults to `jks`.
|
||||
end::ssl-keystore-type-pkcs12[]
|
||||
|
||||
tag::ssl-secure-key-passphrase[]
|
||||
The passphrase that is used to decrypt the private key. Since the key might not
|
||||
be encrypted, this value is optional.
|
||||
be encrypted, this value is optional.
|
||||
//TBD: You cannot use this setting and `ssl.key_passphrase` at the same time.
|
||||
end::ssl-secure-key-passphrase[]
|
||||
|
||||
|
@ -98,7 +123,7 @@ the default is `TLSv1.3,TLSv1.2,TLSv1.1`. Otherwise, the default is
|
|||
`TLSv1.2,TLSv1.1`.
|
||||
+
|
||||
--
|
||||
NOTE: If `xpack.security.fips_mode.enabled` is `true`, you cannot use `SSLv2Hello`
|
||||
NOTE: If `xpack.security.fips_mode.enabled` is `true`, you cannot use `SSLv2Hello`
|
||||
or `SSLv3`. See <<fips-140-compliance>>.
|
||||
|
||||
--
|
||||
|
@ -106,12 +131,17 @@ end::ssl-supported-protocols[]
|
|||
|
||||
tag::ssl-truststore-password[]
|
||||
The password for the truststore.
|
||||
+
|
||||
You cannot use this setting and `ssl.truststore.secure_password` at the same
|
||||
time.
|
||||
//TBD: You cannot use this setting and `ssl.truststore.secure_password` at the same time.
|
||||
end::ssl-truststore-password[]
|
||||
|
||||
tag::ssl-truststore-path[]
|
||||
The path for the keystore that contains the certificates to trust. It must be
|
||||
either a Java keystore (jks) or a PKCS#12 file.
|
||||
+
|
||||
You cannot use this setting and `ssl.certificate_authorities` at the same time.
|
||||
//TBD: You cannot use this setting and `ssl.certificate_authorities` at the same time.
|
||||
end::ssl-truststore-path[]
|
||||
|
||||
|
@ -133,13 +163,16 @@ PKCS#12 files, use `PKCS12`. For a PKCS#11 token, use `PKCS11`. The default is
|
|||
end::ssl-truststore-type-pkcs11[]
|
||||
|
||||
tag::ssl-verification-mode-values[]
|
||||
Controls the verification of certificates.
|
||||
+
|
||||
Valid values are:
|
||||
- `full`, which verifies that the provided certificate is signed by a trusted
|
||||
|
||||
* `full`, which verifies that the provided certificate is signed by a trusted
|
||||
authority (CA) and also verifies that the server's hostname (or IP address)
|
||||
matches the names identified within the certificate.
|
||||
- `certificate`, which verifies that the provided certificate is signed by a
|
||||
* `certificate`, which verifies that the provided certificate is signed by a
|
||||
trusted authority (CA), but does not perform any hostname verification.
|
||||
- `none`, which performs _no verification_ of the server's certificate. This
|
||||
* `none`, which performs _no verification_ of the server's certificate. This
|
||||
mode disables many of the security benefits of SSL/TLS and should only be used
|
||||
after very careful consideration. It is primarily intended as a temporary
|
||||
diagnostic mechanism when attempting to resolve TLS errors; its use on
|
||||
|
|
|
@ -6,6 +6,8 @@
|
|||
<titleabbrev>Machine learning settings</titleabbrev>
|
||||
++++
|
||||
|
||||
[[ml-settings-description]]
|
||||
// tag::ml-settings-description-tag[]
|
||||
You do not need to configure any settings to use {ml}. It is enabled by default.
|
||||
|
||||
IMPORTANT: {ml-cap} uses SSE4.2 instructions, so will only work on machines whose
|
||||
|
@ -13,13 +15,15 @@ CPUs https://en.wikipedia.org/wiki/SSE4#Supporting_CPUs[support] SSE4.2. If you
|
|||
run {es} on older hardware you must disable {ml} (by setting `xpack.ml.enabled`
|
||||
to `false`).
|
||||
|
||||
All of these settings can be added to the `elasticsearch.yml` configuration file.
|
||||
The dynamic settings can also be updated across a cluster with the
|
||||
All of these settings can be added to the `elasticsearch.yml` configuration file.
|
||||
The dynamic settings can also be updated across a cluster with the
|
||||
<<cluster-update-settings,cluster update settings API>>.
|
||||
|
||||
TIP: Dynamic settings take precedence over settings in the `elasticsearch.yml`
|
||||
TIP: Dynamic settings take precedence over settings in the `elasticsearch.yml`
|
||||
file.
|
||||
|
||||
// end::ml-settings-description-tag[]
|
||||
|
||||
[float]
|
||||
[[general-ml-settings]]
|
||||
==== General machine learning settings
|
||||
|
@ -58,13 +62,16 @@ heap on each ingest node. The cache affords faster processing times for the
|
|||
or a percentage of total allocated heap. The default is "40%".
|
||||
See also <<model-inference-circuit-breaker>>.
|
||||
|
||||
`xpack.ml.inference_model.time_to_live`::
|
||||
[[xpack-interference-model-ttl]]
|
||||
// tag::interference-model-ttl-tag[]
|
||||
`xpack.ml.inference_model.time_to_live` {ess-icon}::
|
||||
The time to live (TTL) for models in the inference model cache. The TTL is
|
||||
calculated from last access. The `inference` processor attempts to load the
|
||||
model from cache. If the `inference` processor does not receive any documents
|
||||
for the duration of the TTL, the referenced model is flagged for eviction from
|
||||
the cache. If a document is processed later, the model is again loaded into the
|
||||
cache. Defaults to `5m`.
|
||||
// end::interference-model-ttl-tag[]
|
||||
|
||||
`xpack.ml.max_inference_processors` (<<cluster-update-settings,Dynamic>>)::
|
||||
The total number of `inference` type processors allowed across all ingest
|
||||
|
@ -88,12 +95,12 @@ affected when you update this setting. For more information about the
|
|||
[[xpack.ml.max_open_jobs]]
|
||||
`xpack.ml.max_open_jobs` (<<cluster-update-settings,Dynamic>>)::
|
||||
The maximum number of jobs that can run simultaneously on a node. Defaults to
|
||||
`20`. In this context, jobs include both {anomaly-jobs} and {dfanalytics-jobs}.
|
||||
The maximum number of jobs is also constrained by memory usage. Thus if the
|
||||
estimated memory usage of the jobs would be higher than allowed, fewer jobs will
|
||||
run on a node. Prior to version 7.1, this setting was a per-node non-dynamic
|
||||
setting. It became a cluster-wide dynamic setting in version 7.1. As a result,
|
||||
changes to its value after node startup are used only after every node in the
|
||||
`20`. In this context, jobs include both {anomaly-jobs} and {dfanalytics-jobs}.
|
||||
The maximum number of jobs is also constrained by memory usage. Thus if the
|
||||
estimated memory usage of the jobs would be higher than allowed, fewer jobs will
|
||||
run on a node. Prior to version 7.1, this setting was a per-node non-dynamic
|
||||
setting. It became a cluster-wide dynamic setting in version 7.1. As a result,
|
||||
changes to its value after node startup are used only after every node in the
|
||||
cluster is running version 7.1 or higher. The maximum permitted value is `512`.
|
||||
|
||||
`xpack.ml.node_concurrent_job_allocations` (<<cluster-update-settings,Dynamic>>)::
|
||||
|
@ -106,14 +113,14 @@ opening spend more time in the `opening` state. Defaults to `2`.
|
|||
[[advanced-ml-settings]]
|
||||
==== Advanced machine learning settings
|
||||
|
||||
These settings are for advanced use cases; the default values are generally
|
||||
These settings are for advanced use cases; the default values are generally
|
||||
sufficient:
|
||||
|
||||
`xpack.ml.enable_config_migration` (<<cluster-update-settings,Dynamic>>)::
|
||||
Reserved.
|
||||
|
||||
`xpack.ml.max_anomaly_records` (<<cluster-update-settings,Dynamic>>)::
|
||||
The maximum number of records that are output per bucket. The default value is
|
||||
The maximum number of records that are output per bucket. The default value is
|
||||
`500`.
|
||||
|
||||
`xpack.ml.max_lazy_ml_nodes` (<<cluster-update-settings,Dynamic>>)::
|
||||
|
|
|
@ -34,9 +34,12 @@ This deprecated setting has no effect.
|
|||
[[monitoring-collection-settings]]
|
||||
==== Monitoring Collection Settings
|
||||
|
||||
[[monitoring-settings-description]]
|
||||
// tag::monitoring-settings-description-tag[]
|
||||
The `xpack.monitoring.collection` settings control how data is collected from
|
||||
your Elasticsearch nodes. You can dynamically change all monitoring collection
|
||||
settings using the <<cluster-update-settings,cluster update settings API>>.
|
||||
// end::monitoring-settings-description-tag[]
|
||||
|
||||
`xpack.monitoring.collection.enabled` (<<cluster-update-settings,Dynamic>>)::
|
||||
|
||||
|
@ -45,7 +48,9 @@ this setting is `false` (default), {es} monitoring data is not collected and
|
|||
all monitoring data from other sources such as {kib}, Beats, and Logstash is
|
||||
ignored.
|
||||
|
||||
`xpack.monitoring.collection.interval` (<<cluster-update-settings,Dynamic>>)::
|
||||
[[xpack-monitoring-collection-interval]]
|
||||
// tag::monitoring-collection-interval-tag[]
|
||||
`xpack.monitoring.collection.interval` (<<cluster-update-settings,Dynamic>>) {ess-icon}::
|
||||
|
||||
Setting to `-1` to disable data collection is no longer supported beginning with
|
||||
7.0.0. deprecated[6.3.0, Use `xpack.monitoring.collection.enabled` set to `false` instead.]
|
||||
|
@ -53,6 +58,7 @@ Setting to `-1` to disable data collection is no longer supported beginning with
|
|||
Controls how often data samples are collected. Defaults to `10s`. If you
|
||||
modify the collection interval, set the `xpack.monitoring.min_interval_seconds`
|
||||
option in `kibana.yml` to the same value.
|
||||
// end::monitoring-collection-interval-tag[]
|
||||
|
||||
`xpack.monitoring.elasticsearch.collection.enabled` (<<cluster-update-settings,Dynamic>>)::
|
||||
|
||||
|
@ -92,7 +98,9 @@ collect only active recoveries. Defaults to `false`.
|
|||
|
||||
(<<time-units,time value>>) Timeout for collecting the recovery information. Defaults to `10s`.
|
||||
|
||||
`xpack.monitoring.history.duration` (<<cluster-update-settings,Dynamic>>)::
|
||||
[[xpack-monitoring-history-duration]]
|
||||
// tag::monitoring-history-duration-tag[]
|
||||
`xpack.monitoring.history.duration` (<<cluster-update-settings,Dynamic>>) {ess-icon}::
|
||||
|
||||
(<<time-units,time value>>) Retention duration beyond which the indices created by a Monitoring
|
||||
exporter are automatically deleted. Defaults to `7d` (7 days).
|
||||
|
@ -105,6 +113,8 @@ IMPORTANT: This setting currently only impacts `local`-type exporters. Indices c
|
|||
the `http` exporter will not be deleted automatically.
|
||||
--
|
||||
|
||||
// end::monitoring-history-duration-tag[]
|
||||
|
||||
`xpack.monitoring.exporters`::
|
||||
|
||||
Configures where the agent stores monitoring data. By default, the agent uses a
|
||||
|
|
|
@ -7,6 +7,8 @@
|
|||
<titleabbrev>{watcher} settings</titleabbrev>
|
||||
++++
|
||||
|
||||
[[notification-settings-description]]
|
||||
// tag::notification-settings-description-tag[]
|
||||
You configure {watcher} settings to set up {watcher} and send notifications via
|
||||
<<email-notification-settings,email>>,
|
||||
<<slack-notification-settings,Slack>>, and
|
||||
|
@ -17,6 +19,7 @@ with the exception of the secure settings, which you add to the {es} keystore.
|
|||
For more information about creating and updating the {es} keystore, see
|
||||
<<secure-settings>>. Dynamic settings can also be updated across a cluster with the
|
||||
<<cluster-update-settings,cluster update settings API>>.
|
||||
// end::notification-settings-description-tag[]
|
||||
|
||||
[float]
|
||||
[[general-notification-settings]]
|
||||
|
@ -24,17 +27,22 @@ For more information about creating and updating the {es} keystore, see
|
|||
`xpack.watcher.enabled`::
|
||||
Set to `false` to disable {watcher} on the node.
|
||||
|
||||
`xpack.watcher.encrypt_sensitive_data`::
|
||||
[[xpack-watcher-encrypt-sensitive-data]]
|
||||
// tag::watcher-encrypt-sensitive-data-tag[]
|
||||
`xpack.watcher.encrypt_sensitive_data` {ess-icon}::
|
||||
Set to `true` to encrypt sensitive data. If this setting is enabled, you
|
||||
must also specify the `xpack.watcher.encryption_key` setting. For more
|
||||
information, see <<encrypting-data>>.
|
||||
// end::watcher-encrypt-sensitive-data-tag[]
|
||||
|
||||
`xpack.watcher.encryption_key` (<<secure-settings,Secure>>)::
|
||||
Specifies the path to a file that contains a key for encrypting sensitive data.
|
||||
If `xpack.watcher.encrypt_sensitive_data` is set to `true`, this setting is
|
||||
required. For more information, see <<encrypting-data>>.
|
||||
|
||||
`xpack.watcher.history.cleaner_service.enabled`::
|
||||
[[xpack-watcher-history-cleaner-service]]
|
||||
// tag::watcher-history-cleaner-service-tag[]
|
||||
`xpack.watcher.history.cleaner_service.enabled` {ess-icon}::
|
||||
added:[6.3.0,Default changed to `true`.]
|
||||
deprecated:[7.0.0,Watcher history indices are now managed by the `watch-history-ilm-policy` ILM policy]
|
||||
+
|
||||
|
@ -44,6 +52,7 @@ removes previous versions of {watcher} indices (for example,
|
|||
{watcher} indices is determined by the `xpack.monitoring.history.duration`
|
||||
setting, which defaults to 7 days. For more information about that setting,
|
||||
see <<monitoring-settings>>.
|
||||
// end::watcher-history-cleaner-service-tag[]
|
||||
|
||||
`xpack.http.proxy.host`::
|
||||
Specifies the address of the proxy server to use to connect to HTTP services.
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -6,7 +6,7 @@
|
|||
<titleabbrev>{slm-cap} settings</titleabbrev>
|
||||
++++
|
||||
|
||||
These are the settings available for configuring
|
||||
These are the settings available for configuring
|
||||
<<snapshot-lifecycle-management, {slm}>> ({slm-init}).
|
||||
|
||||
==== Cluster-level settings
|
||||
|
@ -19,7 +19,7 @@ to the `slm-history-*` indices. Defaults to `true`.
|
|||
|
||||
[[slm-retention-schedule]]
|
||||
`slm.retention_schedule`::
|
||||
(<<cluster-update-settings,Dynamic>>, <<schedule-cron,cron scheduler value>>)
|
||||
(<<cluster-update-settings,Dynamic>>, <<schedule-cron,cron scheduler value>>)
|
||||
Controls when the <<slm-retention,retention task>> runs.
|
||||
Can be a periodic or absolute time schedule.
|
||||
Supports all values supported by the <<schedule-cron,cron scheduler>>.
|
||||
|
@ -31,3 +31,8 @@ Defaults to daily at 1:30am UTC: `0 30 1 * * ?`.
|
|||
Limits how long {slm-init} should spend deleting old snapshots.
|
||||
Defaults to one hour: `1h`.
|
||||
|
||||
[[repositories-url-allowed]]
|
||||
// tag::repositories-url-allowed[]
|
||||
`repositories.url.allowed_urls` {ess-icon}::
|
||||
Specifies the <<snapshots-read-only-repository,read-only URL repositories>> that snapshots can be restored from.
|
||||
// end::repositories-url-allowed[]
|
||||
|
|
|
@ -61,6 +61,8 @@ include::modules/http.asciidoc[]
|
|||
|
||||
include::settings/ilm-settings.asciidoc[]
|
||||
|
||||
include::modules/indices/index_management.asciidoc[]
|
||||
|
||||
include::modules/indices/recovery.asciidoc[]
|
||||
|
||||
include::modules/indices/indexing_buffer.asciidoc[]
|
||||
|
|
|
@ -4,7 +4,8 @@
|
|||
++++
|
||||
<titleabbrev>Register repository</titleabbrev>
|
||||
++++
|
||||
|
||||
[[snapshots-register-repository-description]]
|
||||
// tag::snapshots-register-repository-tag[]
|
||||
You must register a snapshot repository before you can perform snapshot and
|
||||
restore operations. We recommend creating a new snapshot repository for each
|
||||
major version. The valid repository settings depend on the repository type.
|
||||
|
@ -12,7 +13,7 @@ major version. The valid repository settings depend on the repository type.
|
|||
If you register same snapshot repository with multiple clusters, only
|
||||
one cluster should have write access to the repository. All other clusters
|
||||
connected to that repository should set the repository to `readonly` mode.
|
||||
|
||||
// end::snapshots-register-repository-tag[]
|
||||
IMPORTANT: The snapshot format can change across major versions, so if you have
|
||||
clusters on different versions trying to write the same repository, snapshots
|
||||
written by one version may not be visible to the other and the repository could
|
||||
|
|
Loading…
Reference in New Issue