Elasticsearch Use of Wildcards Can Accidentally Cause Index Deletion

Elasticsearch Use of Wildcards Can Accidentally Cause Index Deletion

Opster Team

Nov 2020


In addition to reading this guide, run the Elasticsearch Health Check-Up. Detect problems and improve performance by analyzing your shard sizes, threadpools, memory, snapshots, disk watermarks and many more.
Free tool that requires no installation with +1000 users.

Run the Elasticsearch check-up to receive recommendations like this:

checklist Run Check-Up
error

The following configuration error was detected on node 123...

error-img

Description

This error can have a severe impact on your system. It's important to understand that it was caused by...

error-img

Recommendation

In order to resolve this issue and prevent it from occurring again, we recommend that you begin by changing the configuration to...

1

X-PUT curl -H "Content-Type: application/json" [customized recommendation]

Misuse of Wildcards in Elasticsearch

What does it mean?

It is possible to reduce the risk of accidental deletion of indices by preventing the use of wildcard for destructive (deletion) operations.

How to fix it:

To check whether this setting exists on the cluster, run:

GET /_cluster/settings/action*

Look for a setting called:

action.destructive_requires_name

To apply this setting use:

PUT /_cluster/settings
{
  "transient": {
	"action.destructive_requires_name":true

  }
}

To remove this setting use:

PUT /_cluster/settings
{
  "transient": {
	"action.destructive_requires_name":false

  }
}

Note that this setting can also be applied on each node via the elasticsearch.yml file, but the cluster setting will take priority over any individual node settings.

Run the Elasticsearch check-up to receive recommendations like this:

checklist Run Check-Up
error

The following configuration error was detected on node 123...

error-img

Description

This error can have a severe impact on your system. It's important to understand that it was caused by...

error-img

Recommendation

In order to resolve this issue and prevent it from occurring again, we recommend that you begin by changing the configuration to...

1

X-PUT curl -H "Content-Type: application/json" [customized recommendation]





Improve Elasticsearch Performance

Run The Analysis