Elasticsearch Misuse of Wildcards in OpenSearch

By Opster Team

Updated: Apr 9, 2023

| 1 min read

In addition to reading this guide, we recommend you run the Elasticsearch Health Check-Up. It will detect issues and improve your Elasticsearch performance by analyzing your shard sizes, threadpools, memory, snapshots, disk watermarks and more.

The Elasticsearch Check-Up is free and requires no installation.

Before you begin reading this guide, we recommend you try running the OpenSearch Error Check-Up which analyzes 2 JSON files to detect many configuration errors.

To evaluate your use of wildcards in OpenSearch, try AutoOps for OpenSearch. AutoOps will also help you optimize other important settings in OpenSearch and improve performance automatically.

Overview

It is possible to reduce the risk of accidental deletion of indices by preventing the use of wildcard for destructive (deletion) operations.

How to fix the issue

To check whether this setting exists on the cluster, run:

GET /_cluster/settings/action*

Look for a setting called:

action.destructive_requires_name

To apply this setting use:

PUT /_cluster/settings
{
  "transient": {
	"action.destructive_requires_name":true

  }
}

To remove this setting use:

PUT /_cluster/settings
{
  "transient": {
	"action.destructive_requires_name":false

  }
}

Note that this setting can also be applied on each node via the opensearch.yml file, but the cluster setting will take priority over any individual node settings.

How helpful was this guide?

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?


Analyze your cluster & get personalized recommendations

Skip to content