In Elasticsearch, you can use wildcard in a lot of the index operations. This is very handy, but can be dangerous sometimes, e.g., when you use wildcards when deleting indexes. You may delete unintended indexes accidentally and cause serious interruptions to your business/work.
There is a setting action.destructive_requires_name for cluster that can change this behaviour.
When set to true, you must specify the index name to delete an index. It is not possible to delete all indices with _all or use wildcards. Defaults to true.
So if this option is True, you can not use wildcards when deleting indexes. This can prevent you from deleting a lot of indexes and causing serious problems1. The following API call won’t work:
DELETE my-*index/
To check your current setting for this option, you can run the following api call in the kibana Dev tools:
GET /_cluster/settings?include_defaults=true
To set option action.destructive_requires_name to true, we can run the following api calls:
PUT /_cluster/settings
{
"persistent": {
"action.destructive_requires_name": true
}
}
The persistent key in the above api call makes sure the option persists through cluster restarts.
References#
- update cluster setting api: https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-cluster-put-settings
- relevant issue about option destructive_requires_name: https://github.com/elastic/elasticsearch/issues/61074
- disable wildcard index delete: https://stackoverflow.com/a/65502843/6064933
But of course, you can still use the index name to delete an index ↩︎