Elasticsearch Dangerous Default Settings

Opster Team

Last updated: Dec 18, 2022

| 2 min read

In addition to reading this guide, we recommend you run the Elasticsearch Health Check-Up. It will detect issues and improve your Elasticsearch performance by analyzing your shard sizes, threadpools, memory, snapshots, disk watermarks and more.

The Elasticsearch Check-Up is free and requires no installation.

In addition to reading about two Elasticsearch dangerous default settings: cluster name and data path, we recommend you run the Elasticsearch Health Check-Up. It will detect issues and improve your Elasticsearch performance by analyzing your shard sizes, threadpools, memory, snapshots, disk watermarks and more.

The Elasticsearch Check-Up is free and requires no installation.

Overview

Cluster name

It is important to change the name of the cluster in elasticsearch.yml to avoid Elasticsearch nodes joining the wrong cluster. This is particularly important when development, staging and production environments can find themselves on the same network. 

How to prevent it from happening

If you want to change the name of the cluster, then you need to modify the setting in elasticsearch.yml and perform a rolling restart:

cluster.name: myapp-prod

Remember that changing the cluster name will also change the default name of your Elasticsearch log files.

Data path

If you have installed Elasticsearch using zip or tar.gz files, then by default the data directory is a subdirectory of the Elasticsearch home directory. This creates a high risk of potentially deleting your data when upgrading Elasticsearch.

How to prevent it from happening

Make sure you set the data and logs directories in elasticsearch.yml to a path separated from your Elasticsearch program files:

path:
  logs: /var/log/elasticsearch
  data: /var/data/elasticsearch

These directories must be writable by the Elasticsearch user.

If you have already created data in the default path, and you want to move the directory, then you should follow the steps in the procedure below.

How to change the data path:

  1. Double check to ensure you have a recent snapshot of all indices on the node

  2. Temporarily stop shard relocation using:

    curl -XPUT localhost:9200/_cluster/settings -d ‘{
            “transient” : {
                “cluster.routing.allocation.enable” : “none”
            }
    }’

  3. Stop the Elasticsearch node

  4. Move the entire data directory to its new location

  5. Modify the path in elasticsearch.yml

  6. Start the Elasticsearch node

Please be extra careful when taking the above steps and make sure they fit your system, as misusing them can lead to loss of production data.

It is recommended to use RPM or Debian packages to avoid this, and other installation issues. RPM and Debian packages by default store data separately from program files.


Watch product tour

Try AutoOps to find & fix Elasticsearch problems

Analyze Your Cluster
Skip to content