Elasticsearch Misuse of Wildcards

By Opster Team

Updated: Mar 4, 2024

| 1 min read

Overview

It is possible to reduce the risk of accidental deletion of indices by preventing the use of wildcard for destructive (deletion) operations.

How to fix the issue

To check whether this setting exists on the cluster, run:

GET _cluster/settings?include_defaults&filter_path=*.action

Look for a setting called:

action.destructive_requires_name

To apply this setting use:

PUT /_cluster/settings
{
  "transient": {
	"action.destructive_requires_name":true

  }
}

To remove this setting use:

PUT /_cluster/settings
{
  "transient": {
	"action.destructive_requires_name":false

  }
}

Note that this setting can also be applied on each node via the elasticsearch.yml file, but the cluster setting will take priority over any individual node settings.

How helpful was this guide?

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?