- Elastic Cloud Enterprise - Elastic Cloud on your Infrastructure: other versions:
- Introducing Elastic Cloud Enterprise
- Preparing your installation
- Installing Elastic Cloud Enterprise
- Identify the deployment scenario
- Install ECE on a public cloud
- Install ECE on your own premises
- Alternative: Install ECE with Ansible
- Log into the Cloud UI
- Install ECE on additional hosts
- Migrate ECE to Podman hosts
- Post-installation steps
- Configuring your installation
- System deployments configuration
- Configure deployment templates
- Tag your allocators
- Edit instance configurations
- Create instance configurations
- Create deployment templates
- Configure system deployment templates
- Configure index management for templates
- Updating custom templates to support
node_rolesand autoscaling - Updating custom templates to support Integrations Server
- Default instance configurations
- Include additional Kibana plugins
- Manage snapshot repositories
- Manage licenses
- Change the ECE API URL
- Change endpoint URLs
- Enable custom endpoint aliases
- Configure allocator affinity
- Change allocator disconnect timeout
- Migrate ECE on Podman hosts to SELinux in
enforcingmode
- Securing your installation
- Monitoring your installation
- Administering your installation
- Working with deployments
- Create a deployment
- Access Kibana
- Adding data to Elasticsearch
- Migrating data
- Ingesting data from your application
- Ingest data with Node.js on Elastic Cloud Enterprise
- Ingest data with Python on Elastic Cloud Enterprise
- Ingest data from Beats to Elastic Cloud Enterprise with Logstash as a proxy
- Ingest data from a relational database into Elastic Cloud Enterprise
- Ingest logs from a Python application using Filebeat
- Ingest logs from a Node.js web application using Filebeat
- Manage data from the command line
- Administering deployments
- Change your deployment configuration
- Maintenance mode
- Terminate a deployment
- Restart a deployment
- Restore a deployment
- Delete a deployment
- Migrate to index lifecycle management
- Disable an Elasticsearch data tier
- Access the Elasticsearch API console
- Work with snapshots
- Restore a snapshot across clusters
- Upgrade versions
- Editing your user settings
- Deployment autoscaling
- Configure Beats and Logstash with Cloud ID
- Keep your clusters healthy
- Keep track of deployment activity
- Secure your clusters
- Deployment heap dumps
- Deployment thread dumps
- Traffic Filtering
- Connect to your cluster
- Manage your Kibana instance
- Manage your APM & Fleet Server (7.13+)
- Manage your APM Server (versions before 7.13)
- Manage your Integrations Server
- Switch from APM to Integrations Server payload
- Enable logging and monitoring
- Enable cross-cluster search and cross-cluster replication
- Access other deployments of the same Elastic Cloud Enterprise environment
- Access deployments of another Elastic Cloud Enterprise environment
- Access deployments of an Elasticsearch Service organization
- Access clusters of a self-managed environment
- Enabling CCS/R between Elastic Cloud Enterprise and ECK
- Edit or remove a trusted environment
- Migrate the cross-cluster search deployment template
- Enable App Search
- Enable Enterprise Search
- Enable Graph (versions before 5.0)
- Troubleshooting
- RESTful API
- Authentication
- API calls
- How to access the API
- API examples
- Setting up your environment
- A first API call: What deployments are there?
- Create a first Deployment: Elasticsearch and Kibana
- Applying a new plan: Resize and add high availability
- Updating a deployment: Checking on progress
- Applying a new deployment configuration: Upgrade
- Enable more stack features: Add Enterprise Search to a deployment
- Dipping a toe into platform automation: Generate a roles token
- Customize your deployment
- Remove unwanted deployment templates and instance configurations
- Secure your settings
- API reference
- Changes to index allocation and API
- Script reference
- Release notes
- Elastic Cloud Enterprise 3.7.3
- Elastic Cloud Enterprise 3.7.2
- Elastic Cloud Enterprise 3.7.1
- Elastic Cloud Enterprise 3.7.0
- Elastic Cloud Enterprise 3.6.2
- Elastic Cloud Enterprise 3.6.1
- Elastic Cloud Enterprise 3.6.0
- Elastic Cloud Enterprise 3.5.1
- Elastic Cloud Enterprise 3.5.0
- Elastic Cloud Enterprise 3.4.1
- Elastic Cloud Enterprise 3.4.0
- Elastic Cloud Enterprise 3.3.0
- Elastic Cloud Enterprise 3.2.1
- Elastic Cloud Enterprise 3.2.0
- Elastic Cloud Enterprise 3.1.1
- Elastic Cloud Enterprise 3.1.0
- Elastic Cloud Enterprise 3.0.0
- Elastic Cloud Enterprise 2.13.4
- Elastic Cloud Enterprise 2.13.3
- Elastic Cloud Enterprise 2.13.2
- Elastic Cloud Enterprise 2.13.1
- Elastic Cloud Enterprise 2.13.0
- Elastic Cloud Enterprise 2.12.4
- Elastic Cloud Enterprise 2.12.3
- Elastic Cloud Enterprise 2.12.2
- Elastic Cloud Enterprise 2.12.1
- Elastic Cloud Enterprise 2.12.0
- Elastic Cloud Enterprise 2.11.2
- Elastic Cloud Enterprise 2.11.1
- Elastic Cloud Enterprise 2.11.0
- Elastic Cloud Enterprise 2.10.1
- Elastic Cloud Enterprise 2.10.0
- Elastic Cloud Enterprise 2.9.2
- Elastic Cloud Enterprise 2.9.1
- Elastic Cloud Enterprise 2.9.0
- Elastic Cloud Enterprise 2.8.1
- Elastic Cloud Enterprise 2.8.0
- Elastic Cloud Enterprise 2.7.2
- Elastic Cloud Enterprise 2.7.1
- Elastic Cloud Enterprise 2.7.0
- Elastic Cloud Enterprise 2.6.2
- Elastic Cloud Enterprise 2.6.1
- Elastic Cloud Enterprise 2.6.0
- Elastic Cloud Enterprise 2.5.1
- Elastic Cloud Enterprise 2.5.0
- Elastic Cloud Enterprise 2.4.3
- Elastic Cloud Enterprise 2.4.2
- Elastic Cloud Enterprise 2.4.1
- Elastic Cloud Enterprise 2.4.0
- Elastic Cloud Enterprise 2.3.2
- Elastic Cloud Enterprise 2.3.1
- Elastic Cloud Enterprise 2.3.0
- Elastic Cloud Enterprise 2.2.3
- Elastic Cloud Enterprise 2.2.2
- Elastic Cloud Enterprise 2.2.1
- Elastic Cloud Enterprise 2.2.0
- Elastic Cloud Enterprise 2.1.1
- Elastic Cloud Enterprise 2.1.0
- Elastic Cloud Enterprise 2.0.1
- Elastic Cloud Enterprise 2.0.0
- Elastic Cloud Enterprise 1.1.5
- Elastic Cloud Enterprise 1.1.4
- Elastic Cloud Enterprise 1.1.3
- Elastic Cloud Enterprise 1.1.2
- Elastic Cloud Enterprise 1.1.1
- Elastic Cloud Enterprise 1.1.0
- Elastic Cloud Enterprise 1.0.2
- Elastic Cloud Enterprise 1.0.1
- Elastic Cloud Enterprise 1.0.0
- What’s new with the Elastic Stack
- About this product
Add Elasticsearch user settings
editAdd Elasticsearch user settings
editChange how Elasticsearch runs by providing your own user settings. User settings are appended to the elasticsearch.yml configuration file for your cluster and provide custom configuration options. Elastic Cloud Enterprise supports many of the user settings for the version of Elasticsearch that your cluster is running.
Some settings that could break your cluster if set incorrectly are blocked, such as certain zen discovery and security settings. For examples of a few of the settings that are generally safe in cloud environments, check Additional Examples of Supported User Settings and Editing Your User Settings that can be enabled on our Elastic Cloud hosted offering.
To add user settings:
- Log into the Cloud UI.
-
On the Deployments page, select your deployment.
Narrow the list by name, ID, or choose from several other filters. To further define the list, use a combination of filters.
- From your deployment menu, go to the Edit page.
- In the Elasticsearch section, select Edit elasticsearch.yml. For deployments with existing user settings, you may have to expand the User setting overrides caret for each node type instead.
- Update the user settings.
-
Select Save changes.
If you encounter the Edit elasticsearch.yml carets, be sure to make your changes on all Elasticsearch node types.
Example: Enable email notifications from Gmail
editThe following examples configure email notifications to Gmail for a user that you specify. Which example you use depends on the version of Elasticsearch that your cluster is running.
+
CAUTION: Before you add the xpack.notification.email* setting in Elasticsearch user settings, make sure you add the account SMTP password to the keystore as a secret value.
For version 6.3 and later: Check Configuring email actions.
For version 5.0 to 6.2: Check Configuring email actions.
xpack.notification.email.account: gmail_account: profile: gmail smtp: auth: true starttls.enable: true host: smtp.gmail.com port: 587 user: <username> password: <password>
For versions before 5.0: Use Watcher to configure an email watch action. To learn more, check Configuring Email Actions.
watcher.actions.email.service.account: work: profile: gmail email_defaults: from: <email> smtp: auth: true starttls.enable: true host: smtp.gmail.com port: 587 user: <username> password: <password>
Additional examples of supported user settings
editThese example user settings cover only a subset of all user settings that you can include in the elasticsearch.yml configuration file. To learn more about available settings, check Configuring Elasticsearch.
Examples of Elasticsearch user settings that you can specify:
-
cluster.indices.close.enable -
Enables closing indices in Elasticsearch version 2.2 and later. Defaults to
truefor versions 7.2.0 and later, and tofalsefor previous versions. In versions 7.1 and below, closed indices represent a data loss risk: if you close an index, it is not included in snapshots and you will not be able to restore the data. Similarly, closed indices are not included when you make cluster configuration changes, such as scaling to a different capacity, failover, and many other operations. Lastly, closed indices can lead to inaccurate disk space counts.For versions 7.1 and below, closed indices represent a data loss risk. Enable this setting only temporarily for these versions.
-
reindex.remote.whitelist -
Explicitly allows the hosts that can be reindexed from remotely. Consists of a comma-delimited list of
host:portentries. Defaults to["\*.io:*", "\*.com:*"]. -
script.painless.regex.enabled - Enables regular expressions for the Painless scripting language.
- X-Pack alerting features (formerly Watcher)
-
Enables watches, including integration with Slack, HipChat, and PagerDuty. For example:
For version 6.3 and later:
-
xpack.notification.slack- Configures Slack notification settings. -
xpack.notification.hipchat- Configures HipChat notification settings.Deprecated in all versions.
Hipchat has ceased operation.
-
xpack.notification.pagerduty- Configures PagerDuty notification settings.
For version 5.0 to 6.2:
-
xpack.notification.slack- Configures Slack notification settings. -
xpack.notification.hipchat- Configures HipChat notification settings. -
xpack.notification.pagerduty- Configures PagerDuty notification settings.
For versions before 5.0:
-
watcher.actions.slack.service- Configures Slack notification settings. -
watcher.actions.hipchat.service- Configures HipChat notification settings.Deprecated in all versions.
Hipchat has ceased operation.
-
watcher.actions.pagerduty.service- Configures Configures PagerDuty notification settings.
-
Remember to check your user settings when performing a major version upgrade. For version 5.0 and later, the syntax for alerts is different when compared to earlier versions, for example.
- Disk-based shard allocation settings
-
The following disk-based allocation settings are supported:
-
cluster.routing.allocation.disk.watermark.low - Configures disk-based shard allocation’s low watermark.
-
cluster.routing.allocation.disk.watermark.high - Configures disk-based shard allocation’s high watermark.
-
cluster.routing.allocation.disk.watermark.flood_stage - Configures disk-based shard allocation’s flood_stage (available only on 6.x and higher).
-
- Monitoring settings
-
Examples of Elasticsearch monitoring settings:
For versions 5.0 and later:
-
xpack.monitoring.collection.interval - Controls how often data samples are collected.
-
xpack.monitoring.collection.min_interval_seconds -
Specifies the minimum number of seconds that a time bucket in a chart can represent. If you modify the
xpack.monitoring.collection.interval, use the same value in this setting.Defaults to
10(10 seconds). -
xpack.monitoring.history.duration - Sets the retention duration beyond which the indices created by a monitoring exporter will be automatically deleted.
-
- Audit settings
- Examples of Elasticsearch audit settings:
-
xpack.security.audit.enabled - Enables auditing on Elasticsearch cluster nodes. Defaults to false.
-
xpack.security.audit.logfile.events.include - Specifies which events to include in the auditing output.
-
xpack.security.audit.logfile.events.exclude - Specifies which events to exclude from the output. No events are excluded by default.
-
xpack.security.audit.logfile.events.emit_request_body - Specifies whether to include the request body from REST requests on certain event types, for example authentication_failed. Defaults to false.
-
xpack.security.audit.logfile.emit_node_name - For versions above 6.5.0: Specifies whether to include the node name as a field in each audit event. Defaults to true.
-
xpack.security.audit.logfile.prefix.emit_node_name - For versions below 6.5.0: Specifies whether to include the node name as a field in each audit event. Defaults to true.
-
xpack.security.audit.logfile.emit_node_host_address - For versions above 6.5.0: Specifies whether to include the node’s IP address as a field in each audit event. Defaults to false.
-
xpack.security.audit.logfile.prefix.emit_node_host_address - For versions below 6.5.0: Specifies whether to include the node’s IP address as a field in each audit event. Defaults to false.
-
xpack.security.audit.logfile.emit_node_host_name - For versions above 6.5.0: Specifies whether to include the node’s host name as a field in each audit event. Defaults to false.
-
xpack.security.audit.logfile.prefix.emit_node_host_name - For versions below 6.5.0: Specifies whether to include the node’s host name as a field in each audit event. Defaults to false.
-
xpack.security.audit.logfile.emit_node_id - For versions above 6.5.0: Specifies whether to include the node ID as a field in each audit event. Defaults to true.
-
xpack.security.audit.logfile.events.ignore_filters.<policy_name>.users - A list of user names or wildcards. The specified policy will not print audit events for users matching these values.
-
xpack.security.audit.logfile.events.ignore_filters.<policy_name>.realms - A list of authentication realm names or wildcards. The specified policy will not print audit events for users in these realms.
-
xpack.security.audit.logfile.events.ignore_filters.<policy_name>.roles - A list of role names or wildcards. The specified policy will not print audit events for users that have these roles.
-
xpack.security.audit.logfile.events.ignore_filters.<policy_name>.indices - A list of index names or wildcards. The specified policy will not print audit events when all the indices in the event match these values.
To enable and change audit settings, you must first enable deployment logging.
On this page