ES6.x - Prevent new index to be created with replica shards

This issue appears on ES 6.7 with the Filebeat Client still being 6.2.

I've set the number of replicas to 0 with:

curl -XPUT "http://localhost:9200/_settings" -H 'Content-Type: application/json' -d'
{
    "index" : {
        "number_of_replicas" : 0
    }
}'

However, when a new index is created at the beginning of the days it gets one replica shard for each primary shards.

I've looked into the elasticsearch configuration and even in the Management Tab in Kibana, but could not find where I could set that new index would be created without any replica shards.

Look at Index Templates to set your default number_of_replicas (and shards) for new indices.

So I added the setting in the json configuration file, but the indices still are created with replica shards.

Now the filebeat client, together with the json and yml configuration are distributed through automation to all machines which feeds their log to the elasticsearch. To completely be sure that the changes didn't work, I'll have to track down which filebeat client triggered the creation of the index. (or either the host where the filebeat client is installed)

Is there a way to do that?

By the way, as a workaround, I used a crontab task to execute a shell script setting the number of replica with a curl call.

As this is clunky, I don't want to keep that as my definitive answer, but I thought it might help someone having the same issue.

@Bernt_Rostad

So I found out about the auto_expand_replicas setting from this thread while searching something else. I've set it to false and I will see if it works tomorrow when the new index is created.

EDIT: Marking this as the solution, since then the cluster configuration changed so I needed the replicas, as such I couldn't test it thoroughly, but this is as close of a solution I came, and I hope it can help someone.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.