Skip to main content

Advanced parameters for Aiven for OpenSearch®

See the configuration options available for Aiven for OpenSearch®:

Parameter

Additional Cloud Regions for Backup Replication

OpenSearch major version

Disable replication factor adjustment

Disable automatic replication factor adjustment for multi-node services. By default, Aiven ensures all indexes are replicated at least to two nodes. Note: Due to potential data loss in case of losing a service node, this setting can not be activated unless specifically allowed for the project.

custom_domain

string,null

Custom domain

Serve the web frontend using a custom CNAME pointing to the Aiven DNS name

  • default: 0.0.0.0/0

IP filter

Allow incoming connections from CIDR address block, e.g. '10.20.0.0/16'

service_log

boolean,null

Service logging

Store logs for the service so that they are available in the HTTP API and console.

static_ips

boolean

Static IP addresses

Use static public IP addresses

saml

object

OpenSearch SAML configuration

  • default: true

Enable or disable OpenSearch SAML authentication

Enables or disables SAML-based authentication for OpenSearch. When enabled, users can authenticate using SAML with an Identity Provider.

Identity Provider (IdP) SAML metadata URL

The URL of the SAML metadata for the Identity Provider (IdP). This is used to configure SAML-based authentication with the IdP.

Identity Provider Entity ID

The unique identifier for the Identity Provider (IdP) entity that is used for SAML authentication. This value is typically provided by the IdP.

Service Provider Entity ID

The unique identifier for the Service Provider (SP) entity that is used for SAML authentication. This value is typically provided by the SP.

saml.subject_key

string,null

SAML response subject attribute

Optional. Specifies the attribute in the SAML response where the subject identifier is stored. If not configured, the NameID attribute is used by default.

saml.roles_key

string,null

SAML response role attribute

Optional. Specifies the attribute in the SAML response where role information is stored, if available. Role attributes are not required for SAML authentication, but can be included in SAML assertions by most Identity Providers (IdPs) to determine user access levels or permissions.

PEM-encoded root CA Content for SAML IdP server verification

This parameter specifies the PEM-encoded root certificate authority (CA) content for the SAML identity provider (IdP) server verification. The root CA content is used to verify the SSL/TLS certificate presented by the server.

openid

object

OpenSearch OpenID Connect Configuration

  • default: true

Enable or disable OpenSearch OpenID Connect authentication

Enables or disables OpenID Connect authentication for OpenSearch. When enabled, users can authenticate using OpenID Connect with an Identity Provider.

OpenID Connect metadata/configuration URL

The URL of your IdP where the Security plugin can find the OpenID Connect metadata/configuration settings.

openid.roles_key

string,null

The key in the JSON payload that stores the user’s roles

The key in the JSON payload that stores the user’s roles. The value of this key must be a comma-separated list of roles. Required only if you want to use roles in the JWT

The key in the JSON payload that stores the user’s name

The key in the JSON payload that stores the user’s name. If not defined, the subject registered claim is used. Most IdP providers use the preferred_username claim. Optional.

The HTTP header that stores the token

The HTTP header that stores the token. Typically the Authorization header with the Bearer schema: Authorization: Bearer <token>. Optional. Default is Authorization.

URL JWT token.

If the token is not transmitted in the HTTP header, but as an URL parameter, define the name of the parameter here. Optional.

  • min: 10
  • max: 9223372036854776000
  • default: 10

The maximum number of unknown key IDs in the time frame

The maximum number of unknown key IDs in the time frame. Default is 10. Optional.

  • min: 10000
  • max: 9223372036854776000
  • default: 10000

The time frame to use when checking the maximum number of unknown key IDs, in milliseconds

The time frame to use when checking the maximum number of unknown key IDs, in milliseconds. Optional.Default is 10000 (10 seconds).

The ID of the OpenID Connect client

The ID of the OpenID Connect client configured in your IdP. Required.

The client secret of the OpenID Connect

The client secret of the OpenID Connect client configured in your IdP. Required.

The scope of the identity token issued by the IdP

The scope of the identity token issued by the IdP. Optional. Default is openid profile email address phone.

  • default: Authorization

HTTP header name of the JWT token

HTTP header name of the JWT token. Optional. Default is Authorization.

Azure migration settings

The snapshot name to restore from

The snapshot name to restore from

The path to the repository data within its container

The path to the repository data within its container. The value of this setting should not start or end with a /

Metadata files are stored in compressed format

when set to true metadata files are stored in compressed format

Chunk size

Big files can be broken down into chunks during snapshotting if needed. Should be the same as for the 3rd party repository

Restore the cluster state or not

If true, restore the cluster state. Defaults to false

Include aliases

Whether to restore aliases alongside their associated indexes. Default is true.

Indices to restore

A comma-delimited list of indices to restore from the snapshot. Multi-index syntax is supported.

Azure container name

Azure container name

Account name

Azure account name

Account secret key

Azure account secret key. One of key or sas_token should be specified

SAS token

A shared access signatures (SAS) token. One of key or sas_token should be specified

Endpoint suffix

Defines the DNS suffix for Azure Storage endpoints.

Google Cloud Storage migration settings

The snapshot name to restore from

The snapshot name to restore from

The path to the repository data within its container

The path to the repository data within its container. The value of this setting should not start or end with a /

Metadata files are stored in compressed format

when set to true metadata files are stored in compressed format

Chunk size

Big files can be broken down into chunks during snapshotting if needed. Should be the same as for the 3rd party repository

Restore the cluster state or not

If true, restore the cluster state. Defaults to false

Include aliases

Whether to restore aliases alongside their associated indexes. Default is true.

Indices to restore

A comma-delimited list of indices to restore from the snapshot. Multi-index syntax is supported.

The path to the repository data within its container

Google Cloud Storage bucket name

Credentials

Google Cloud Storage credentials file content

AWS S3 / AWS S3 compatible migration settings

The snapshot name to restore from

The snapshot name to restore from

The path to the repository data within its container

The path to the repository data within its container. The value of this setting should not start or end with a /

Metadata files are stored in compressed format

when set to true metadata files are stored in compressed format

Chunk size

Big files can be broken down into chunks during snapshotting if needed. Should be the same as for the 3rd party repository

Restore the cluster state or not

If true, restore the cluster state. Defaults to false

Include aliases

Whether to restore aliases alongside their associated indexes. Default is true.

Indices to restore

A comma-delimited list of indices to restore from the snapshot. Multi-index syntax is supported.

S3 bucket name

S3 bucket name

S3 region

S3 region

The S3 service endpoint to connect

The S3 service endpoint to connect to. If you are using an S3-compatible service then you should set this to the service’s endpoint

Server side encryption

When set to true files are encrypted on server side

AWS Access key

AWS Access key

AWS secret key

AWS secret key

Index patterns

  • max: 9223372036854776000

Maximum index count

DEPRECATED: use index_patterns instead

Don't reset index.refresh_interval to the default value

Aiven automation resets index.refresh_interval to default value for every index to be sure that indices are always visible to search. If it doesn't fit your case, you can disable this by setting up this flag to true.

OpenSearch Dashboards settings

  • default: true

Enable or disable OpenSearch Dashboards

  • min: 64
  • max: 2048
  • default: 128

max_old_space_size

Limits the maximum amount of memory (in MiB) the OpenSearch Dashboards process can use. This sets the max_old_space_size option of the nodejs running the OpenSearch Dashboards. Note: the memory reserved by OpenSearch Dashboards is not available for OpenSearch.

  • min: 5000
  • max: 120000
  • default: 30000

Timeout in milliseconds for requests made by OpenSearch Dashboards towards OpenSearch

Index rollup settings

  • min: 1

plugins.rollup.search.backoff_millis

The backoff time between retries for failed rollup jobs. Defaults to 1000ms.

  • min: 1

plugins.rollup.search.backoff_count

How many retries the plugin should attempt for failed rollup jobs. Defaults to 5.

plugins.rollup.search.all_jobs

Whether OpenSearch should return all jobs that match all specified search terms. If disabled, OpenSearch returns just one, as opposed to all, of the jobs that matches the search terms. Defaults to false.

plugins.rollup.dashboards.enabled

Whether rollups are enabled in OpenSearch Dashboards. Defaults to true.

plugins.rollup.enabled

Whether the rollup plugin is enabled. Defaults to true.

OpenSearch settings

reindex_remote_whitelist

Whitelisted addresses for reindexing. Changing this value will cause all OpenSearch instances to restart.

  • min: 1
  • max: 2147483647

http.max_content_length

Maximum content length for HTTP requests to the OpenSearch HTTP API, in bytes.

  • min: 1024
  • max: 262144

http.max_header_size

The max size of allowed headers, in bytes

  • min: 1024
  • max: 65536

http.max_initial_line_length

The max length of an HTTP URL, in bytes

  • min: 64
  • max: 4096

indices.query.bool.max_clause_count

Maximum number of clauses Lucene BooleanQuery can have. The default value (1024) is relatively high, and increasing it may cause performance issues. Investigate other approaches first before increasing this value.

  • min: 1
  • max: 1000000

search.max_buckets

Maximum number of aggregation buckets allowed in a single response. OpenSearch default value is used when this is not defined.

  • min: 3
  • max: 100

indices.fielddata.cache.size

Relative amount. Maximum amount of heap memory used for field data cache. This is an expert setting; decreasing the value too much will increase overhead of loading field data; too much memory used for field data cache will decrease amount of heap available for other operations.

  • min: 3
  • max: 40

indices.memory.index_buffer_size

Percentage value. Default is 10%. Total amount of heap used for indexing buffer, before writing segments to disk. This is an expert setting. Too low value will slow down indexing; too high value will increase indexing performance but causes performance issues for query performance.

  • min: 3
  • max: 2048

indices.memory.min_index_buffer_size

Absolute value. Default is 48mb. Doesn't work without indices.memory.index_buffer_size. Minimum amount of heap used for query cache, an absolute indices.memory.index_buffer_size minimal hard limit.

  • min: 3
  • max: 2048

indices.memory.max_index_buffer_size

Absolute value. Default is unbound. Doesn't work without indices.memory.index_buffer_size. Maximum amount of heap used for query cache, an absolute indices.memory.index_buffer_size maximum hard limit.

  • min: 3
  • max: 40

indices.queries.cache.size

Percentage value. Default is 10%. Maximum amount of heap used for query cache. This is an expert setting. Too low value will decrease query performance and increase performance for other operations; too high value will cause issues with other OpenSearch functionality.

  • min: 40
  • max: 400

indices.recovery.max_bytes_per_sec

Limits total inbound and outbound recovery traffic for each node. Applies to both peer recoveries as well as snapshot recoveries (i.e., restores from a snapshot). Defaults to 40mb

  • min: 2
  • max: 5

indices.recovery.max_concurrent_file_chunks

Number of file chunks sent in parallel for each recovery. Defaults to 2.

action.auto_create_index

Explicitly allow or block automatic creation of indices. Defaults to true

plugins.alerting.filter_by_backend_roles

Enable or disable filtering of alerting by backend roles. Requires Security plugin. Defaults to false

  • min: 3
  • max: 100

knn.memory.circuit_breaker.limit

Maximum amount of memory that can be used for KNN index. Defaults to 50% of the JVM heap size.

knn.memory.circuit_breaker.enabled

Enable or disable KNN memory circuit breaker. Defaults to true.

Opensearch Security Plugin Settings

Enable/Disable security audit

  • min: 1
  • max: 128

search thread pool size

Size for the thread pool. See documentation for exact details. Do note this may have maximum value depending on CPU count - value is automatically lowered if set to higher than maximum value.

  • min: 1
  • max: 128

search_throttled thread pool size

Size for the thread pool. See documentation for exact details. Do note this may have maximum value depending on CPU count - value is automatically lowered if set to higher than maximum value.

  • min: 1
  • max: 128

get thread pool size

Size for the thread pool. See documentation for exact details. Do note this may have maximum value depending on CPU count - value is automatically lowered if set to higher than maximum value.

  • min: 1
  • max: 128

analyze thread pool size

Size for the thread pool. See documentation for exact details. Do note this may have maximum value depending on CPU count - value is automatically lowered if set to higher than maximum value.

  • min: 1
  • max: 128

write thread pool size

Size for the thread pool. See documentation for exact details. Do note this may have maximum value depending on CPU count - value is automatically lowered if set to higher than maximum value.

  • min: 1
  • max: 128

force_merge thread pool size

Size for the thread pool. See documentation for exact details. Do note this may have maximum value depending on CPU count - value is automatically lowered if set to higher than maximum value.

  • min: 10
  • max: 2000

search thread pool queue size

Size for the thread pool queue. See documentation for exact details.

  • min: 10
  • max: 2000

search_throttled thread pool queue size

Size for the thread pool queue. See documentation for exact details.

  • min: 10
  • max: 2000

get thread pool queue size

Size for the thread pool queue. See documentation for exact details.

  • min: 10
  • max: 2000

analyze thread pool queue size

Size for the thread pool queue. See documentation for exact details.

  • min: 10
  • max: 2000

write thread pool queue size

Size for the thread pool queue. See documentation for exact details.

Require explicit index names when deleting

  • min: 100
  • max: 10000

cluster.max_shards_per_node

Controls the number of shards allowed in the cluster per data node

compatibility.override_main_response_version

Compatibility mode sets OpenSearch to report its version as 7.10 so clients continue to work. Default is false

Script max compilation rate - circuit breaker to prevent/minimize OOMs

Script compilation circuit breaker limits the number of inline script compilations within a period of time. Default is use-context

  • min: 2
  • max: 16

Concurrent incoming/outgoing shard recoveries per node

How many concurrent incoming/outgoing shard recoveries (normally replicas) are allowed to happen on a node. Defaults to node cpu count * 2.

Sender name placeholder to be used in Opensearch Dashboards and Opensearch keystore

This should be identical to the Sender name defined in Opensearch dashboards

Sender username for Opensearch alerts

Sender password for Opensearch alerts to authenticate with SMTP server

Sender password for Opensearch alerts to authenticate with SMTP server

Specifies whether ISM is enabled or not

Specifies whether audit history is enabled or not. The logs from ISM are automatically indexed to a logs document.

  • min: 1
  • max: 2147483647

The maximum age before rolling over the audit history index in hours

  • min: 1
  • max: 9223372036854776000

The maximum number of documents before rolling over the audit history index.

  • min: 1
  • max: 2147483647

The time between rollover checks for the audit history index in hours.

  • min: 1
  • max: 2147483647

How long audit history indices are kept in days.

Search Backpressure Settings

Shard indexing back pressure settings

Template settings for all new indexes

  • max: 100000

index.mapping.nested_objects.limit

The maximum number of nested JSON objects that a single document can contain across all nested types. This limit helps to prevent out of memory errors when a document contains too many nested objects. Default is 10000.

  • min: 1
  • max: 1024

index.number_of_shards

The number of primary shards that an index should have.

  • max: 29

index.number_of_replicas

The number of replicas each primary shard has.

Allow access to selected service ports from private networks

Allow clients to connect to opensearch with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations

Allow clients to connect to opensearch_dashboards with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations

Allow clients to connect to prometheus with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations

Allow access to selected service components through Privatelink

Enable opensearch

Enable opensearch_dashboards

Enable prometheus

Allow access to selected service ports from the public Internet

Allow clients to connect to opensearch from the public internet for service nodes that are in a project VPC or another type of private network

Allow clients to connect to opensearch_dashboards from the public internet for service nodes that are in a project VPC or another type of private network

Allow clients to connect to prometheus from the public internet for service nodes that are in a project VPC or another type of private network

Name of the basebackup to restore in forked service

Name of another service to fork from. This has effect only when a new service is being created.

Name of another project to fork a service from. This has effect only when a new service is being created.

Elasticsearch major version