Learnitweb

Understanding Cluster Settings in Elasticsearch

In this tutorial, we are going to look at cluster-level settings in Elasticsearch and understand why they exist, how to view them, and how to change them at runtime. Even though this is a “quick” lecture conceptually, the topic itself is very important, because cluster settings control global behavior of your entire Elasticsearch cluster, not just a single index.

We will use a very simple and practical example: automatic index creation. This will help us understand both the purpose of cluster settings and the difference between transient and persistent configuration changes.

A Small Experiment: Automatic Index Creation

Go to Kibana Dev Console and first try to check whether an index (for example, my_index) already exists.

GET /my_index

You will see an error saying that the index does not exist. That is expected.

Now, without creating the index explicitly, try to insert a document directly:

POST /my_index/_doc
{
  "name": "Test Product"
}

You will notice something interesting. The request succeeds, and if you now check again:

GET /_cat/indices?v

You will see that my_index has been created automatically.

This demonstrates an important default behavior of Elasticsearch:

By default, if you try to index a document into an index that does not exist, Elasticsearch will automatically create that index for you.

This behavior is often very convenient during development and experimentation, because you do not have to worry about creating indices explicitly before inserting data.

However, in production systems, this behavior is sometimes considered dangerous. A simple typo in an index name, or a bug in application code, can suddenly create dozens or hundreds of unwanted indices, which can slowly but surely damage cluster health.

This is exactly the kind of behavior that is controlled using cluster settings.

The Cluster Settings API

Elasticsearch provides a special API to view and modify cluster-wide settings. Let us first look at the current settings.

GET /_cluster/settings

The response will look something like this:

{
  "persistent": {},
  "transient": {}
}

At first glance, this looks empty, but it is not actually empty. It simply means:

Only non-default settings are shown here. All default values are hidden.

If you want to see all settings including defaults, you can ask Elasticsearch explicitly:

GET /_cluster/settings?include_defaults=true

Now you will get a very large response containing many settings. These are the default cluster-level behaviors that Elasticsearch uses internally.

Finding the Automatic Index Creation Setting

Inside this large response, one important setting is:

action.auto_create_index

By default, this is set to:

true

This explains the behavior we just saw: when we indexed a document into a non-existent index, Elasticsearch automatically created the index for us.

So at this point, we can already understand something very important:

Automatic index creation is not some hard-coded behavior. It is a cluster-level setting that can be turned on or off.

Transient vs Persistent Cluster Settings

Before we change anything, we must understand how Elasticsearch allows us to change cluster settings.

When you update a cluster setting, you can do it in two different ways:

  • A transient setting is a temporary change that lives only in memory. It will work immediately and affect the cluster behavior, but it will be lost when the cluster is restarted. This is useful for quick experiments, temporary tuning, or testing how the cluster behaves with a certain configuration.
  • A persistent setting is a permanent change that is stored in the cluster state. This means even if you restart all nodes, the setting will still be applied. This is what you would normally use in production, because you usually want configuration changes to survive restarts.

In real systems, you should almost always prefer persistent settings. In this demo, we will use a transient setting simply because it is easy to revert and safe for experimentation.

Disabling Automatic Index Creation

Now let us disable automatic index creation using the Cluster Settings API.

PUT /_cluster/settings
{
  "transient": {
    "action.auto_create_index": false
  }
}

If the response says "acknowledged": true, it means the cluster has accepted and applied the change.

Conceptually, what we have just told Elasticsearch is:

“From now on, do not create indices automatically when someone tries to index a document into a non-existent index.”

Verifying the New Behavior

Now let us try the same experiment again.

Try to index a document into a new index that does not exist, for example my_index_1:

POST /my_index_1/_doc
{
  "name": "Another Product"
}

This time, the request will fail with an error saying that the index does not exist and auto-creation is disabled.

This proves that:

Cluster settings are actively controlling how the entire cluster behaves, and the change takes effect immediately without restarting anything.