- Elasticsearch Guide: other versions:
- Getting Started
- Set up Elasticsearch
- Installing Elasticsearch
- Configuring Elasticsearch
- Important Elasticsearch configuration
- Secure Settings
- Bootstrap Checks
- Heap size check
- File descriptor check
- Memory lock check
- Maximum number of threads check
- Max file size check
- Maximum size virtual memory check
- Maximum map count check
- Client JVM check
- Use serial collector check
- System call filter check
- OnError and OnOutOfMemoryError checks
- Early-access check
- G1GC check
- Important System Configuration
- Upgrading Elasticsearch
- Stopping Elasticsearch
- Set up X-Pack
- Breaking changes
- Breaking changes in 5.6
- Breaking changes in 5.5
- Breaking changes in 5.4
- Breaking changes in 5.3
- Breaking changes in 5.2
- Breaking changes in 5.1
- Breaking changes in 5.0
- Search and Query DSL changes
- Mapping changes
- Percolator changes
- Suggester changes
- Index APIs changes
- Document API changes
- Settings changes
- Allocation changes
- HTTP changes
- REST API changes
- CAT API changes
- Java API changes
- Packaging
- Plugin changes
- Filesystem related changes
- Path to data on disk
- Aggregation changes
- Script related changes
- API Conventions
- Document APIs
- Search APIs
- Aggregations
- Metrics Aggregations
- Avg Aggregation
- Cardinality Aggregation
- Extended Stats Aggregation
- Geo Bounds Aggregation
- Geo Centroid Aggregation
- Max Aggregation
- Min Aggregation
- Percentiles Aggregation
- Percentile Ranks Aggregation
- Scripted Metric Aggregation
- Stats Aggregation
- Sum Aggregation
- Top hits Aggregation
- Value Count Aggregation
- Bucket Aggregations
- Adjacency Matrix Aggregation
- Children Aggregation
- Date Histogram Aggregation
- Date Range Aggregation
- Diversified Sampler Aggregation
- Filter Aggregation
- Filters Aggregation
- Geo Distance Aggregation
- GeoHash grid Aggregation
- Global Aggregation
- Histogram Aggregation
- IP Range Aggregation
- Missing Aggregation
- Nested Aggregation
- Range Aggregation
- Reverse nested Aggregation
- Sampler Aggregation
- Significant Terms Aggregation
- Terms Aggregation
- Pipeline Aggregations
- Avg Bucket Aggregation
- Derivative Aggregation
- Max Bucket Aggregation
- Min Bucket Aggregation
- Sum Bucket Aggregation
- Stats Bucket Aggregation
- Extended Stats Bucket Aggregation
- Percentiles Bucket Aggregation
- Moving Average Aggregation
- Cumulative Sum Aggregation
- Bucket Script Aggregation
- Bucket Selector Aggregation
- Serial Differencing Aggregation
- Matrix Aggregations
- Caching heavy aggregations
- Returning only aggregation results
- Aggregation Metadata
- Returning the type of the aggregation
- Metrics Aggregations
- Indices APIs
- Create Index
- Delete Index
- Get Index
- Indices Exists
- Open / Close Index API
- Shrink Index
- Rollover Index
- Put Mapping
- Get Mapping
- Get Field Mapping
- Types Exists
- Index Aliases
- Update Indices Settings
- Get Settings
- Analyze
- Index Templates
- Shadow replica indices
- Indices Stats
- Indices Segments
- Indices Recovery
- Indices Shard Stores
- Clear Cache
- Flush
- Refresh
- Force Merge
- cat APIs
- Cluster APIs
- Query DSL
- Mapping
- Analysis
- Anatomy of an analyzer
- Testing analyzers
- Analyzers
- Normalizers
- Tokenizers
- Token Filters
- Standard Token Filter
- ASCII Folding Token Filter
- Flatten Graph Token Filter
- Length Token Filter
- Lowercase Token Filter
- Uppercase Token Filter
- NGram Token Filter
- Edge NGram Token Filter
- Porter Stem Token Filter
- Shingle Token Filter
- Stop Token Filter
- Word Delimiter Token Filter
- Word Delimiter Graph Token Filter
- Stemmer Token Filter
- Stemmer Override Token Filter
- Keyword Marker Token Filter
- Keyword Repeat Token Filter
- KStem Token Filter
- Snowball Token Filter
- Phonetic Token Filter
- Synonym Token Filter
- Synonym Graph Token Filter
- Compound Word Token Filters
- Reverse Token Filter
- Elision Token Filter
- Truncate Token Filter
- Unique Token Filter
- Pattern Capture Token Filter
- Pattern Replace Token Filter
- Trim Token Filter
- Limit Token Count Token Filter
- Hunspell Token Filter
- Common Grams Token Filter
- Normalization Token Filter
- CJK Width Token Filter
- CJK Bigram Token Filter
- Delimited Payload Token Filter
- Keep Words Token Filter
- Keep Types Token Filter
- Classic Token Filter
- Apostrophe Token Filter
- Decimal Digit Token Filter
- Fingerprint Token Filter
- Minhash Token Filter
- Character Filters
- Modules
- Index Modules
- Ingest Node
- Pipeline Definition
- Ingest APIs
- Accessing Data in Pipelines
- Handling Failures in Pipelines
- Processors
- Append Processor
- Convert Processor
- Date Processor
- Date Index Name Processor
- Fail Processor
- Foreach Processor
- Grok Processor
- Gsub Processor
- Join Processor
- JSON Processor
- KV Processor
- Lowercase Processor
- Remove Processor
- Rename Processor
- Script Processor
- Set Processor
- Split Processor
- Sort Processor
- Trim Processor
- Uppercase Processor
- Dot Expander Processor
- X-Pack APIs
- Info API
- Explore API
- Machine Learning APIs
- Close Jobs
- Create Datafeeds
- Create Jobs
- Delete Datafeeds
- Delete Jobs
- Delete Model Snapshots
- Flush Jobs
- Get Buckets
- Get Categories
- Get Datafeeds
- Get Datafeed Statistics
- Get Influencers
- Get Jobs
- Get Job Statistics
- Get Model Snapshots
- Get Records
- Open Jobs
- Post Data to Jobs
- Preview Datafeeds
- Revert Model Snapshots
- Start Datafeeds
- Stop Datafeeds
- Update Datafeeds
- Update Jobs
- Update Model Snapshots
- Security APIs
- Watcher APIs
- Migration APIs
- Deprecation Info APIs
- Definitions
- X-Pack Commands
- How To
- Testing
- Glossary of terms
- Release Notes
- 5.6.16 Release Notes
- 5.6.15 Release Notes
- 5.6.14 Release Notes
- 5.6.13 Release Notes
- 5.6.12 Release Notes
- 5.6.11 Release Notes
- 5.6.10 Release Notes
- 5.6.9 Release Notes
- 5.6.8 Release Notes
- 5.6.7 Release Notes
- 5.6.6 Release Notes
- 5.6.5 Release Notes
- 5.6.4 Release Notes
- 5.6.3 Release Notes
- 5.6.2 Release Notes
- 5.6.1 Release Notes
- 5.6.0 Release Notes
- 5.5.3 Release Notes
- 5.5.2 Release Notes
- 5.5.1 Release Notes
- 5.5.0 Release Notes
- 5.4.3 Release Notes
- 5.4.2 Release Notes
- 5.4.1 Release Notes
- 5.4.0 Release Notes
- 5.3.3 Release Notes
- 5.3.2 Release Notes
- 5.3.1 Release Notes
- 5.3.0 Release Notes
- 5.2.2 Release Notes
- 5.2.1 Release Notes
- 5.2.0 Release Notes
- 5.1.2 Release Notes
- 5.1.1 Release Notes
- 5.1.0 Release Notes
- 5.0.2 Release Notes
- 5.0.1 Release Notes
- 5.0.0 Combined Release Notes
- 5.0.0 GA Release Notes
- 5.0.0-rc1 Release Notes
- 5.0.0-beta1 Release Notes
- 5.0.0-alpha5 Release Notes
- 5.0.0-alpha4 Release Notes
- 5.0.0-alpha3 Release Notes
- 5.0.0-alpha2 Release Notes
- 5.0.0-alpha1 Release Notes
- 5.0.0-alpha1 Release Notes (Changes previously released in 2.x)
WARNING: Version 5.6 of Elasticsearch has passed its EOL date.
This documentation is no longer being maintained and may be removed. If you are running this version, we strongly advise you to upgrade. For the latest information, see the current release documentation.
Node
editNode
editAny time that you start an instance of Elasticsearch, you are starting a node. A collection of connected nodes is called a cluster. If you are running a single node of Elasticsearch, then you have a cluster of one node.
Every node in the cluster can handle HTTP and
Transport traffic by default. The transport layer
is used exclusively for communication between nodes and the
Java TransportClient
; the HTTP layer is
used only by external REST clients.
All nodes know about all the other nodes in the cluster and can forward client requests to the appropriate node. Besides that, each node serves one or more purpose:
- Master-eligible node
-
A node that has
node.master
set totrue
(default), which makes it eligible to be elected as the master node, which controls the cluster. - Data node
-
A node that has
node.data
set totrue
(default). Data nodes hold data and perform data related operations such as CRUD, search, and aggregations. - Ingest node
-
A node that has
node.ingest
set totrue
(default). Ingest nodes are able to apply an ingest pipeline to a document in order to transform and enrich the document before indexing. With a heavy ingest load, it makes sense to use dedicated ingest nodes and to mark the master and data nodes asnode.ingest: false
. - Tribe node
-
A tribe node, configured via the
tribe.*
settings, is a special type of coordinating only node that can connect to multiple clusters and perform search and other operations across all connected clusters.
By default a node is a master-eligible node and a data node, plus it can pre-process documents through ingest pipelines. This is very convenient for small clusters but, as the cluster grows, it becomes important to consider separating dedicated master-eligible nodes from dedicated data nodes.
Requests like search requests or bulk-indexing requests may involve data held on different data nodes. A search request, for example, is executed in two phases which are coordinated by the node which receives the client request — the coordinating node.
In the scatter phase, the coordinating node forwards the request to the data nodes which hold the data. Each data node executes the request locally and returns its results to the coordinating node. In the gather phase, the coordinating node reduces each data node’s results into a single global resultset.
Every node is implicitly a coordinating node. This means that a node that has
all three node.master
, node.data
and node.ingest
set to false
will
only act as a coordinating node, which cannot be disabled. As a result, such
a node needs to have enough memory and CPU in order to deal with the gather
phase.
Master Eligible Node
editThe master node is responsible for lightweight cluster-wide actions such as creating or deleting an index, tracking which nodes are part of the cluster, and deciding which shards to allocate to which nodes. It is important for cluster health to have a stable master node.
Any master-eligible node (all nodes by default) may be elected to become the master node by the master election process.
Master nodes must have access to the data/
directory (just like
data
nodes) as this is where the cluster state is persisted between node restarts.
Indexing and searching your data is CPU-, memory-, and I/O-intensive work which can put pressure on a node’s resources. To ensure that your master node is stable and not under pressure, it is a good idea in a bigger cluster to split the roles between dedicated master-eligible nodes and dedicated data nodes.
While master nodes can also behave as coordinating nodes and route search and indexing requests from clients to data nodes, it is better not to use dedicated master nodes for this purpose. It is important for the stability of the cluster that master-eligible nodes do as little work as possible.
To create a dedicated master-eligible node, set:
The |
|
Disable the |
|
Disable the |
These settings apply only when X-Pack is not installed. To create a dedicated master-eligible node when X-Pack is installed, see X-Pack node settings.
Avoiding split brain with minimum_master_nodes
editTo prevent data loss, it is vital to configure the
discovery.zen.minimum_master_nodes
setting (which defaults to 1
) so that
each master-eligible node knows the minimum number of master-eligible nodes
that must be visible in order to form a cluster.
To explain, imagine that you have a cluster consisting of two master-eligible
nodes. A network failure breaks communication between these two nodes. Each
node sees one master-eligible node… itself. With minimum_master_nodes
set
to the default of 1
, this is sufficient to form a cluster. Each node elects
itself as the new master (thinking that the other master-eligible node has
died) and the result is two clusters, or a split brain. These two nodes
will never rejoin until one node is restarted. Any data that has been written
to the restarted node will be lost.
Now imagine that you have a cluster with three master-eligible nodes, and
minimum_master_nodes
set to 2
. If a network split separates one node from
the other two nodes, the side with one node cannot see enough master-eligible
nodes and will realise that it cannot elect itself as master. The side with
two nodes will elect a new master (if needed) and continue functioning
correctly. As soon as the network split is resolved, the single node will
rejoin the cluster and start serving requests again.
This setting should be set to a quorum of master-eligible nodes:
(master_eligible_nodes / 2) + 1
In other words, if there are three master-eligible nodes, then minimum master
nodes should be set to (3 / 2) + 1
or 2
:
To be able to remain available when one of the master-eligible nodes fails,
clusters should have at least three master-eligible nodes, with
minimum_master_nodes
set accordingly. A rolling upgrade,
performed without any downtime, also requires at least three master-eligible
nodes to avoid the possibility of data loss if a network split occurs while the
upgrade is in progress.
This setting can also be changed dynamically on a live cluster with the cluster update settings API:
PUT _cluster/settings { "transient": { "discovery.zen.minimum_master_nodes": 2 } }
An advantage of splitting the master and data roles between dedicated
nodes is that you can have just three master-eligible nodes and set
minimum_master_nodes
to 2
. You never have to change this setting, no
matter how many dedicated data nodes you add to the cluster.
Data Node
editData nodes hold the shards that contain the documents you have indexed. Data nodes handle data related operations like CRUD, search, and aggregations. These operations are I/O-, memory-, and CPU-intensive. It is important to monitor these resources and to add more data nodes if they are overloaded.
The main benefit of having dedicated data nodes is the separation of the master and data roles.
To create a dedicated data node, set:
Disable the |
|
The |
|
Disable the |
These settings apply only when X-Pack is not installed. To create a dedicated data node when X-Pack is installed, see X-Pack node settings.
Ingest Node
editIngest nodes can execute pre-processing pipelines, composed of one or more ingest processors. Depending on the type of operations performed by the ingest processors and the required resources, it may make sense to have dedicated ingest nodes, that will only perform this specific task.
To create a dedicated ingest node, set:
Disable the |
|
Disable the |
|
The |
|
Disable cross-cluster search (enabled by default). |
These settings apply only when X-Pack is not installed. To create a dedicated ingest node when X-Pack is installed, see X-Pack node settings.
Coordinating only node
editIf you take away the ability to be able to handle master duties, to hold data, and pre-process documents, then you are left with a coordinating node that can only route requests, handle the search reduce phase, and distribute bulk indexing. Essentially, coordinating only nodes behave as smart load balancers.
Coordinating only nodes can benefit large clusters by offloading the coordinating node role from data and master-eligible nodes. They join the cluster and receive the full cluster state, like every other node, and they use the cluster state to route requests directly to the appropriate place(s).
Adding too many coordinating only nodes to a cluster can increase the burden on the entire cluster because the elected master node must await acknowledgement of cluster state updates from every node! The benefit of coordinating only nodes should not be overstated — data nodes can happily serve the same purpose.
To create a dedicated coordinating node, set:
Disable the |
|
Disable the |
|
Disable the |
|
Disable cross-cluster search (enabled by default). |
These settings apply only when X-Pack is not installed. To create a dedicated coordinating node when X-Pack is installed, see X-Pack node settings.
Node data path settings
editpath.data
editEvery data and master-eligible node requires access to a data directory where
shards and index and cluster metadata will be stored. The path.data
defaults
to $ES_HOME/data
but can be configured in the elasticsearch.yml
config
file an absolute path or a path relative to $ES_HOME
as follows:
path.data: /var/elasticsearch/data
Like all node settings, it can also be specified on the command line as:
./bin/elasticsearch -Epath.data=/var/elasticsearch/data
When using the .zip
or .tar.gz
distributions, the path.data
setting
should be configured to locate the data directory outside the Elasticsearch
home directory, so that the home directory can be deleted without deleting
your data! The RPM and Debian distributions do this for you already.
node.max_local_storage_nodes
editThe data path can be shared by multiple nodes, even by nodes from different clusters. This is very useful for testing failover and different configurations on your development machine. In production, however, it is recommended to run only one node of Elasticsearch per server.
By default, Elasticsearch is configured to prevent more than one node from sharing the same data
path. To allow for more than one node (e.g., on your development machine), use the setting
node.max_local_storage_nodes
and set this to a positive integer larger than one.
Never run different node types (i.e. master, data) from the same data directory. This can lead to unexpected data loss.
Other node settings
editMore node settings can be found in Modules. Of particular note are
the cluster.name
, the node.name
and the
network settings.
If X-Pack is installed, there is an additional node type:
- Machine learning node
-
A node that has
xpack.ml.enabled
andnode.ml
set totrue
, which is the default behavior when X-Pack is installed. If you want to use X-Pack machine learning features, there must be at least one machine learning node in your cluster. For more information about X-Pack machine learning features, see Machine Learning in the Elastic Stack.
Do not set use the node.ml
setting unless X-Pack is installed.
Otherwise, the node fails to start.
If X-Pack is installed, nodes are master-eligible, data, ingest, and machine learning nodes by default. As the cluster grows and in particular if you have large machine learning jobs, consider separating dedicated master-eligible nodes from dedicated data nodes and dedicated machine learning nodes.
To create a dedicated master-eligible node when X-Pack is installed, set:
The |
|
Disable the |
|
Disable the |
|
Disable the |
|
The |
To create a dedicated data node when X-Pack is installed, set:
Disable the |
|
The |
|
Disable the |
|
Disable the |
To create a dedicated ingest node when X-Pack is installed, set:
Disable the |
|
Disable the |
|
The |
|
Disable cross-cluster search (enabled by default). |
|
Disable the |
To create a dedicated coordinating node when X-Pack is installed, set:
Disable the |
|
Disable the |
|
Disable the |
|
Disable cross-cluster search (enabled by default). |
|
Disable the |
The X-Pack machine learning features provide machine learning nodes, which run jobs and handle machine learning API
requests. If xpack.ml.enabled
is set to true and node.ml
is set to false
,
the node can service API requests but it cannot run jobs.
If you want to use X-Pack machine learning features in your cluster, you must enable machine learning
(set xpack.ml.enabled
to true
) on all master-eligible nodes. Do not use
these settings if you do not have X-Pack installed.
For more information about these settings, see Machine Learning Settings.
To create a dedicated machine learning node, set:
node.master: false node.data: false node.ingest: false search.remote.connect: false node.ml: true xpack.ml.enabled: true
Disable the |
|
Disable the |
|
Disable the |
|
Disable cross-cluster search (enabled by default). |
|
The |
|
The |
On this page