Elasticsearch Use of Wildcards Can Accidentally Cause Index Deletion



Elasticsearch Use of Wildcards Can Accidentally Cause Index Deletion

Opster Team

July 2020, Version: 1.7-8.0


Before you begin reading the explanation below, try running the free ES Health Check-Up get actionable recommendations that can improve Elasticsearch performance and prevent serious incidents. Just 2 minutes to complete and you can check your threadpools, memory, snapshots and many more

What Does it Mean?

It is possible to reduce the risk of accidental deletion of indices by preventing the use of wildcard for destructive (delete) operations.

How to Fix it

To check whether this setting exists on the cluster, run:

GET /_cluster/settings/action*

Look for a setting called:

action.destructive_requires_name

To apply this setting use:

PUT /_cluster/settings
{
  "transient": {
	"action.destructive_requires_name":true

  }
}

To remove this setting use:

PUT /_cluster/settings
{
  "transient": {
	"action.destructive_requires_name":false

  }
}

Note that this setting can also be applied on each node via the elasticsearch.yml file, but the cluster setting will take priority over any individual node settings.



About Opster

Opster detects, prevents, optimizes and automates everything needed to run mission-critical Elasticsearch

Find Configuration Errors

Analyze Now