The action.auto_create_index setting in Elasticsearch controls whether indices can be automatically created when documents are indexed into a non-existent index. This setting is crucial for managing index creation behavior and preventing unintended index proliferation.
- Default value:
true - Possible values:
true,false, or a comma-separated list of index name patterns - Recommendations: In production environments, it's often recommended to set this to
falseor a specific list of allowed index patterns to prevent accidental index creation.
When set to true, Elasticsearch will automatically create an index if it doesn't exist when a document is being indexed. When set to false, an error will be thrown if an attempt is made to index a document into a non-existent index. You can also specify a list of allowed index patterns, which gives more granular control over which indices can be automatically created. For controlled index creation, create the index explicitly with the settings and mappings you want before sending writes; pair this with `action.destructive_requires_name` to prevent accidental deletions.
Example
To change the action.auto_create_index setting using the cluster settings API:
PUT _cluster/settings
{
"persistent": {
"action.auto_create_index": "logstash-*,kibana-*"
}
}
In this example, we're allowing automatic creation of indices that start with "logstash-" or "kibana-". This might be useful in an environment where you want to allow automatic creation of time-based indices for logging or monitoring, but prevent other indices from being created automatically.
Common Issues and Misuses
- Leaving
action.auto_create_indexset totruein production can lead to index explosion, where numerous unintended indices are created due to typos or misconfigured applications. - Setting it to
falsewithout proper planning can cause indexing failures if new indices aren't manually created before use. - Overly permissive patterns can still allow unintended index creation.
Do's and Don'ts
- Do set
action.auto_create_indextofalseor a specific list of patterns in production environments. - Do regularly review and update the allowed index patterns if using a pattern list.
- Don't leave it set to
truein production unless you have a specific reason and understand the implications. - Don't forget to create necessary indices manually or through automation when
auto_create_indexis disabled. - Do use this setting in conjunction with index templates for better control over index settings and mappings.
Frequently Asked Questions
Q: Can I change the action.auto_create_index setting dynamically?
A: Yes, you can change this setting dynamically using the cluster settings API without restarting your Elasticsearch nodes.
Q: What happens if I try to index a document into a non-existent index when action.auto_create_index is set to false?
A: Elasticsearch will return an error indicating that the index doesn't exist and the document cannot be indexed.
Q: How does action.auto_create_index interact with index templates?
A: If action.auto_create_index allows an index to be created, and an index template matches the index name, the settings and mappings from the template will be applied to the new index.
Q: Can I use wildcards in the action.auto_create_index pattern list?
A: Yes, you can use wildcards like "*" to match multiple characters and "?" to match a single character in your index patterns.
Q: Does action.auto_create_index affect the creation of system indices?
A: No, system indices (like those created by Elasticsearch features or plugins) are not affected by this setting and will be created as needed.
