Elasticsearch action.auto_create_index Setting

Pulse - Elasticsearch Operations Done Right

On this page

Example Common Issues and Misuses Do's and Don'ts Frequently Asked Questions

The action.auto_create_index setting in Elasticsearch controls whether indices can be automatically created when documents are indexed into a non-existent index. This setting is crucial for managing index creation behavior and preventing unintended index proliferation.

  • Default value: true
  • Possible values: true, false, or a comma-separated list of index name patterns
  • Recommendations: In production environments, it's often recommended to set this to false or a specific list of allowed index patterns to prevent accidental index creation.

When set to true, Elasticsearch will automatically create an index if it doesn't exist when a document is being indexed. When set to false, an error will be thrown if an attempt is made to index a document into a non-existent index. You can also specify a list of allowed index patterns, which gives more granular control over which indices can be automatically created.

Example

To change the action.auto_create_index setting using the cluster settings API:

PUT _cluster/settings
{
  "persistent": {
    "action.auto_create_index": "logstash-*,kibana-*"
  }
}

In this example, we're allowing automatic creation of indices that start with "logstash-" or "kibana-". This might be useful in an environment where you want to allow automatic creation of time-based indices for logging or monitoring, but prevent other indices from being created automatically.

Common Issues and Misuses

  • Leaving action.auto_create_index set to true in production can lead to index explosion, where numerous unintended indices are created due to typos or misconfigured applications.
  • Setting it to false without proper planning can cause indexing failures if new indices aren't manually created before use.
  • Overly permissive patterns can still allow unintended index creation.

Do's and Don'ts

  • Do set action.auto_create_index to false or a specific list of patterns in production environments.
  • Do regularly review and update the allowed index patterns if using a pattern list.
  • Don't leave it set to true in production unless you have a specific reason and understand the implications.
  • Don't forget to create necessary indices manually or through automation when auto_create_index is disabled.
  • Do use this setting in conjunction with index templates for better control over index settings and mappings.

Frequently Asked Questions

Q: Can I change the action.auto_create_index setting dynamically?
A: Yes, you can change this setting dynamically using the cluster settings API without restarting your Elasticsearch nodes.

Q: What happens if I try to index a document into a non-existent index when action.auto_create_index is set to false?
A: Elasticsearch will return an error indicating that the index doesn't exist and the document cannot be indexed.

Q: How does action.auto_create_index interact with index templates?
A: If action.auto_create_index allows an index to be created, and an index template matches the index name, the settings and mappings from the template will be applied to the new index.

Q: Can I use wildcards in the action.auto_create_index pattern list?
A: Yes, you can use wildcards like "*" to match multiple characters and "?" to match a single character in your index patterns.

Q: Does action.auto_create_index affect the creation of system indices?
A: No, system indices (like those created by Elasticsearch features or plugins) are not affected by this setting and will be created as needed.

Pulse - Elasticsearch Operations Done Right

Stop googling errors and staring at dashboards.

Free Trial

Subscribe to the Pulse Newsletter

Get early access to new Pulse features, insightful blogs & exclusive events , webinars, and workshops.

We use cookies to provide an optimized user experience and understand our traffic. To learn more, read our use of cookies; otherwise, please choose 'Accept Cookies' to continue using our website.