Advanced parameters for Aiven for OpenSearch®

See the configuration options available for Aiven for OpenSearch®:

Parameter
additional_backup_regions array Additional Cloud Regions for Backup Replication
opensearch_version string,null OpenSearch major version
disable_replication_factor_adjustment boolean,null Disable replication factor adjustment DEPRECATED: Disable automatic replication factor adjustment for multi-node services. By default, Aiven ensures all indexes are replicated at least to two nodes. Note: Due to potential data loss in case of losing a service node, this setting can no longer be activated.
custom_domain string,null Custom domain Serve the web frontend using a custom CNAME pointing to the Aiven DNS name
ip_filter array default: 0.0.0.0/0 IP filter Allow incoming connections from CIDR address block, e.g. '10.20.0.0/16'
service_log boolean,null Service logging Store logs for the service so that they are available in the HTTP API and console.
static_ips boolean Static IP addresses Use static public IP addresses
saml object OpenSearch SAML configuration saml.enabled boolean default: true Enable or disable OpenSearch SAML authentication Enables or disables SAML-based authentication for OpenSearch. When enabled, users can authenticate using SAML with an Identity Provider. saml.idp_metadata_url string Identity Provider (IdP) SAML metadata URL The URL of the SAML metadata for the Identity Provider (IdP). This is used to configure SAML-based authentication with the IdP. saml.idp_entity_id string Identity Provider Entity ID The unique identifier for the Identity Provider (IdP) entity that is used for SAML authentication. This value is typically provided by the IdP. saml.sp_entity_id string Service Provider Entity ID The unique identifier for the Service Provider (SP) entity that is used for SAML authentication. This value is typically provided by the SP. saml.subject_key string,null SAML response subject attribute Optional. Specifies the attribute in the SAML response where the subject identifier is stored. If not configured, the NameID attribute is used by default. saml.roles_key string,null SAML response role attribute Optional. Specifies the attribute in the SAML response where role information is stored, if available. Role attributes are not required for SAML authentication, but can be included in SAML assertions by most Identity Providers (IdPs) to determine user access levels or permissions. saml.idp_pemtrustedcas_content string,null PEM-encoded root CA Content for SAML IdP server verification This parameter specifies the PEM-encoded root certificate authority (CA) content for the SAML identity provider (IdP) server verification. The root CA content is used to verify the SSL/TLS certificate presented by the server.
openid object OpenSearch OpenID Connect Configuration openid.enabled boolean default: true Enable or disable OpenSearch OpenID Connect authentication Enables or disables OpenID Connect authentication for OpenSearch. When enabled, users can authenticate using OpenID Connect with an Identity Provider. openid.connect_url string OpenID Connect metadata/configuration URL The URL of your IdP where the Security plugin can find the OpenID Connect metadata/configuration settings. openid.roles_key string,null The key in the JSON payload that stores the user’s roles The key in the JSON payload that stores the user’s roles. The value of this key must be a comma-separated list of roles. Required only if you want to use roles in the JWT openid.subject_key string,null The key in the JSON payload that stores the user’s name The key in the JSON payload that stores the user’s name. If not defined, the subject registered claim is used. Most IdP providers use the preferred_username claim. Optional. openid.jwt_header string,null The HTTP header that stores the token The HTTP header that stores the token. Typically the Authorization header with the Bearer schema: Authorization: Bearer <token>. Optional. Default is Authorization. openid.jwt_url_parameter string,null URL JWT token. If the token is not transmitted in the HTTP header, but as an URL parameter, define the name of the parameter here. Optional. openid.refresh_rate_limit_count integer,null min: 10 max: 9223372036854776000 default: 10 The maximum number of unknown key IDs in the time frame The maximum number of unknown key IDs in the time frame. Default is 10. Optional. openid.refresh_rate_limit_time_window_ms integer,null min: 10000 max: 9223372036854776000 default: 10000 The time frame to use when checking the maximum number of unknown key IDs, in milliseconds The time frame to use when checking the maximum number of unknown key IDs, in milliseconds. Optional.Default is 10000 (10 seconds). openid.client_id string The ID of the OpenID Connect client The ID of the OpenID Connect client configured in your IdP. Required. openid.client_secret string The client secret of the OpenID Connect The client secret of the OpenID Connect client configured in your IdP. Required. openid.scope string The scope of the identity token issued by the IdP The scope of the identity token issued by the IdP. Optional. Default is openid profile email address phone. openid.header string default: Authorization HTTP header name of the JWT token HTTP header name of the JWT token. Optional. Default is Authorization.
azure_migration object Azure migration settings azure_migration.snapshot_name string The snapshot name to restore from The snapshot name to restore from azure_migration.base_path string The path to the repository data within its container The path to the repository data within its container. The value of this setting should not start or end with a / azure_migration.compress boolean Metadata files are stored in compressed format when set to true metadata files are stored in compressed format azure_migration.chunk_size string Chunk size Big files can be broken down into chunks during snapshotting if needed. Should be the same as for the 3rd party repository azure_migration.restore_global_state boolean Restore the cluster state or not If true, restore the cluster state. Defaults to false azure_migration.include_aliases boolean Include aliases Whether to restore aliases alongside their associated indexes. Default is true. azure_migration.indices string Indices to restore A comma-delimited list of indices to restore from the snapshot. Multi-index syntax is supported. By default, a restore operation includes all data streams and indices in the snapshot. If this argument is provided, the restore operation only includes the data streams and indices that you specify. azure_migration.container string Azure container name Azure container name azure_migration.account string Account name Azure account name azure_migration.key string Account secret key Azure account secret key. One of key or sas_token should be specified azure_migration.sas_token string SAS token A shared access signatures (SAS) token. One of key or sas_token should be specified azure_migration.endpoint_suffix string Endpoint suffix Defines the DNS suffix for Azure Storage endpoints.
gcs_migration object Google Cloud Storage migration settings gcs_migration.snapshot_name string The snapshot name to restore from The snapshot name to restore from gcs_migration.base_path string The path to the repository data within its container The path to the repository data within its container. The value of this setting should not start or end with a / gcs_migration.compress boolean Metadata files are stored in compressed format when set to true metadata files are stored in compressed format gcs_migration.chunk_size string Chunk size Big files can be broken down into chunks during snapshotting if needed. Should be the same as for the 3rd party repository gcs_migration.restore_global_state boolean Restore the cluster state or not If true, restore the cluster state. Defaults to false gcs_migration.include_aliases boolean Include aliases Whether to restore aliases alongside their associated indexes. Default is true. gcs_migration.indices string Indices to restore A comma-delimited list of indices to restore from the snapshot. Multi-index syntax is supported. By default, a restore operation includes all data streams and indices in the snapshot. If this argument is provided, the restore operation only includes the data streams and indices that you specify. gcs_migration.bucket string The path to the repository data within its container Google Cloud Storage bucket name gcs_migration.credentials string Credentials Google Cloud Storage credentials file content
s3_migration object AWS S3 / AWS S3 compatible migration settings s3_migration.snapshot_name string The snapshot name to restore from The snapshot name to restore from s3_migration.base_path string The path to the repository data within its container The path to the repository data within its container. The value of this setting should not start or end with a / s3_migration.compress boolean Metadata files are stored in compressed format when set to true metadata files are stored in compressed format s3_migration.chunk_size string Chunk size Big files can be broken down into chunks during snapshotting if needed. Should be the same as for the 3rd party repository s3_migration.restore_global_state boolean Restore the cluster state or not If true, restore the cluster state. Defaults to false s3_migration.include_aliases boolean Include aliases Whether to restore aliases alongside their associated indexes. Default is true. s3_migration.indices string Indices to restore A comma-delimited list of indices to restore from the snapshot. Multi-index syntax is supported. By default, a restore operation includes all data streams and indices in the snapshot. If this argument is provided, the restore operation only includes the data streams and indices that you specify. s3_migration.bucket string S3 bucket name S3 bucket name s3_migration.region string S3 region S3 region s3_migration.endpoint string The S3 service endpoint to connect The S3 service endpoint to connect to. If you are using an S3-compatible service then you should set this to the service’s endpoint s3_migration.server_side_encryption boolean Server side encryption When set to true files are encrypted on server side s3_migration.access_key string AWS Access key AWS Access key s3_migration.secret_key string AWS secret key AWS secret key
index_patterns array Index patterns
max_index_count integer max: 9223372036854776000 Maximum index count DEPRECATED: use index_patterns instead
keep_index_refresh_interval boolean Don't reset index.refresh_interval to the default value Aiven automation resets index.refresh_interval to default value for every index to be sure that indices are always visible to search. If it doesn't fit your case, you can disable this by setting up this flag to true.
opensearch_dashboards object OpenSearch Dashboards settings opensearch_dashboards.enabled boolean default: true Enable or disable OpenSearch Dashboards opensearch_dashboards.max_old_space_size integer min: 64 max: 2048 default: 128 max_old_space_size Limits the maximum amount of memory (in MiB) the OpenSearch Dashboards process can use. This sets the max_old_space_size option of the nodejs running the OpenSearch Dashboards. Note: the memory reserved by OpenSearch Dashboards is not available for OpenSearch. opensearch_dashboards.opensearch_request_timeout integer min: 5000 max: 120000 default: 30000 Timeout in milliseconds for requests made by OpenSearch Dashboards towards OpenSearch
index_rollup object Index rollup settings index_rollup.rollup_search_backoff_millis integer min: 1 plugins.rollup.search.backoff_millis The backoff time between retries for failed rollup jobs. Defaults to 1000ms. index_rollup.rollup_search_backoff_count integer min: 1 plugins.rollup.search.backoff_count How many retries the plugin should attempt for failed rollup jobs. Defaults to 5. index_rollup.rollup_search_search_all_jobs boolean plugins.rollup.search.all_jobs Whether OpenSearch should return all jobs that match all specified search terms. If disabled, OpenSearch returns just one, as opposed to all, of the jobs that matches the search terms. Defaults to false. index_rollup.rollup_dashboards_enabled boolean plugins.rollup.dashboards.enabled Whether rollups are enabled in OpenSearch Dashboards. Defaults to true. index_rollup.rollup_enabled boolean plugins.rollup.enabled Whether the rollup plugin is enabled. Defaults to true.
opensearch object OpenSearch settings opensearch.reindex_remote_whitelist array,null reindex_remote_whitelist Whitelisted addresses for reindexing. Changing this value will cause all OpenSearch instances to restart. opensearch.http_max_content_length integer min: 1 max: 2147483647 http.max_content_length Maximum content length for HTTP requests to the OpenSearch HTTP API, in bytes. opensearch.http_max_header_size integer min: 1024 max: 262144 http.max_header_size The max size of allowed headers, in bytes opensearch.http_max_initial_line_length integer min: 1024 max: 65536 http.max_initial_line_length The max length of an HTTP URL, in bytes opensearch.indices_query_bool_max_clause_count integer min: 64 max: 4096 indices.query.bool.max_clause_count Maximum number of clauses Lucene BooleanQuery can have. The default value (1024) is relatively high, and increasing it may cause performance issues. Investigate other approaches first before increasing this value. opensearch.search_max_buckets integer,null min: 1 max: 1000000 search.max_buckets Maximum number of aggregation buckets allowed in a single response. OpenSearch default value is used when this is not defined. opensearch.indices_fielddata_cache_size integer,null min: 3 max: 100 indices.fielddata.cache.size Relative amount. Maximum amount of heap memory used for field data cache. This is an expert setting; decreasing the value too much will increase overhead of loading field data; too much memory used for field data cache will decrease amount of heap available for other operations. opensearch.indices_memory_index_buffer_size integer min: 3 max: 40 indices.memory.index_buffer_size Percentage value. Default is 10%. Total amount of heap used for indexing buffer, before writing segments to disk. This is an expert setting. Too low value will slow down indexing; too high value will increase indexing performance but causes performance issues for query performance. opensearch.indices_memory_min_index_buffer_size integer min: 3 max: 2048 indices.memory.min_index_buffer_size Absolute value. Default is 48mb. Doesn't work without indices.memory.index_buffer_size. Minimum amount of heap used for query cache, an absolute indices.memory.index_buffer_size minimal hard limit. opensearch.indices_memory_max_index_buffer_size integer min: 3 max: 2048 indices.memory.max_index_buffer_size Absolute value. Default is unbound. Doesn't work without indices.memory.index_buffer_size. Maximum amount of heap used for query cache, an absolute indices.memory.index_buffer_size maximum hard limit. opensearch.indices_queries_cache_size integer min: 3 max: 40 indices.queries.cache.size Percentage value. Default is 10%. Maximum amount of heap used for query cache. This is an expert setting. Too low value will decrease query performance and increase performance for other operations; too high value will cause issues with other OpenSearch functionality. opensearch.indices_recovery_max_bytes_per_sec integer min: 40 max: 400 indices.recovery.max_bytes_per_sec Limits total inbound and outbound recovery traffic for each node. Applies to both peer recoveries as well as snapshot recoveries (i.e., restores from a snapshot). Defaults to 40mb opensearch.indices_recovery_max_concurrent_file_chunks integer min: 2 max: 5 indices.recovery.max_concurrent_file_chunks Number of file chunks sent in parallel for each recovery. Defaults to 2. opensearch.action_auto_create_index_enabled boolean action.auto_create_index Explicitly allow or block automatic creation of indices. Defaults to true opensearch.plugins_alerting_filter_by_backend_roles boolean plugins.alerting.filter_by_backend_roles Enable or disable filtering of alerting by backend roles. Requires Security plugin. Defaults to false opensearch.knn_memory_circuit_breaker_limit integer min: 3 max: 100 knn.memory.circuit_breaker.limit Maximum amount of memory that can be used for KNN index. Defaults to 50% of the JVM heap size. opensearch.knn_memory_circuit_breaker_enabled boolean knn.memory.circuit_breaker.enabled Enable or disable KNN memory circuit breaker. Defaults to true. opensearch.auth_failure_listeners object Opensearch Security Plugin Settings opensearch.enable_security_audit boolean Enable/Disable security audit opensearch.thread_pool_search_size integer min: 1 max: 128 search thread pool size Size for the thread pool. See documentation for exact details. Do note this may have maximum value depending on CPU count - value is automatically lowered if set to higher than maximum value. opensearch.thread_pool_search_throttled_size integer min: 1 max: 128 search_throttled thread pool size Size for the thread pool. See documentation for exact details. Do note this may have maximum value depending on CPU count - value is automatically lowered if set to higher than maximum value. opensearch.thread_pool_get_size integer min: 1 max: 128 get thread pool size Size for the thread pool. See documentation for exact details. Do note this may have maximum value depending on CPU count - value is automatically lowered if set to higher than maximum value. opensearch.thread_pool_analyze_size integer min: 1 max: 128 analyze thread pool size Size for the thread pool. See documentation for exact details. Do note this may have maximum value depending on CPU count - value is automatically lowered if set to higher than maximum value. opensearch.thread_pool_write_size integer min: 1 max: 128 write thread pool size Size for the thread pool. See documentation for exact details. Do note this may have maximum value depending on CPU count - value is automatically lowered if set to higher than maximum value. opensearch.thread_pool_force_merge_size integer min: 1 max: 128 force_merge thread pool size Size for the thread pool. See documentation for exact details. Do note this may have maximum value depending on CPU count - value is automatically lowered if set to higher than maximum value. opensearch.thread_pool_search_queue_size integer min: 10 max: 2000 search thread pool queue size Size for the thread pool queue. See documentation for exact details. opensearch.thread_pool_search_throttled_queue_size integer min: 10 max: 2000 search_throttled thread pool queue size Size for the thread pool queue. See documentation for exact details. opensearch.thread_pool_get_queue_size integer min: 10 max: 2000 get thread pool queue size Size for the thread pool queue. See documentation for exact details. opensearch.thread_pool_analyze_queue_size integer min: 10 max: 2000 analyze thread pool queue size Size for the thread pool queue. See documentation for exact details. opensearch.thread_pool_write_queue_size integer min: 10 max: 2000 write thread pool queue size Size for the thread pool queue. See documentation for exact details. opensearch.action_destructive_requires_name boolean,null Require explicit index names when deleting opensearch.cluster_max_shards_per_node integer min: 100 max: 10000 cluster.max_shards_per_node Controls the number of shards allowed in the cluster per data node opensearch.override_main_response_version boolean compatibility.override_main_response_version Compatibility mode sets OpenSearch to report its version as 7.10 so clients continue to work. Default is false opensearch.script_max_compilations_rate string Script max compilation rate - circuit breaker to prevent/minimize OOMs Script compilation circuit breaker limits the number of inline script compilations within a period of time. Default is use-context opensearch.cluster_routing_allocation_node_concurrent_recoveries integer min: 2 max: 16 Concurrent incoming/outgoing shard recoveries per node How many concurrent incoming/outgoing shard recoveries (normally replicas) are allowed to happen on a node. Defaults to node cpu count * 2. opensearch.email_sender_name string Sender name placeholder to be used in Opensearch Dashboards and Opensearch keystore This should be identical to the Sender name defined in Opensearch dashboards opensearch.email_sender_username string Sender username for Opensearch alerts opensearch.email_sender_password string Sender password for Opensearch alerts to authenticate with SMTP server Sender password for Opensearch alerts to authenticate with SMTP server opensearch.ism_enabled boolean Specifies whether ISM is enabled or not opensearch.ism_history_enabled boolean Specifies whether audit history is enabled or not. The logs from ISM are automatically indexed to a logs document. opensearch.ism_history_max_age integer min: 1 max: 2147483647 The maximum age before rolling over the audit history index in hours opensearch.ism_history_max_docs integer min: 1 max: 9223372036854776000 The maximum number of documents before rolling over the audit history index. opensearch.ism_history_rollover_check_period integer min: 1 max: 2147483647 The time between rollover checks for the audit history index in hours. opensearch.ism_history_rollover_retention_period integer min: 1 max: 2147483647 How long audit history indices are kept in days. opensearch.search_backpressure object Search Backpressure Settings opensearch.shard_indexing_pressure object Shard indexing back pressure settings
index_template object Template settings for all new indexes index_template.mapping_nested_objects_limit integer,null max: 100000 index.mapping.nested_objects.limit The maximum number of nested JSON objects that a single document can contain across all nested types. This limit helps to prevent out of memory errors when a document contains too many nested objects. Default is 10000. index_template.number_of_shards integer,null min: 1 max: 1024 index.number_of_shards The number of primary shards that an index should have. index_template.number_of_replicas integer,null max: 29 index.number_of_replicas The number of replicas each primary shard has.
private_access object Allow access to selected service ports from private networks private_access.opensearch boolean Allow clients to connect to opensearch with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations private_access.opensearch_dashboards boolean Allow clients to connect to opensearch_dashboards with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations private_access.prometheus boolean Allow clients to connect to prometheus with a DNS name that always resolves to the service's private IP addresses. Only available in certain network locations
privatelink_access object Allow access to selected service components through Privatelink privatelink_access.opensearch boolean Enable opensearch privatelink_access.opensearch_dashboards boolean Enable opensearch_dashboards privatelink_access.prometheus boolean Enable prometheus
public_access object Allow access to selected service ports from the public Internet public_access.opensearch boolean Allow clients to connect to opensearch from the public internet for service nodes that are in a project VPC or another type of private network public_access.opensearch_dashboards boolean Allow clients to connect to opensearch_dashboards from the public internet for service nodes that are in a project VPC or another type of private network public_access.prometheus boolean Allow clients to connect to prometheus from the public internet for service nodes that are in a project VPC or another type of private network
recovery_basebackup_name string Name of the basebackup to restore in forked service
service_to_fork_from string,null Name of another service to fork from. This has effect only when a new service is being created.
project_to_fork_from string,null Name of another project to fork a service from. This has effect only when a new service is being created.