Change security-auditlog-* index replicas

Hello everyone!!

When creating a single Open Distro node, I can see the following index:

yellow open security-auditlog-2019.10.31 N0lY70jLTGqD26HZnUb04A 1 1 29 0 46.7kb 46.7kb

As you can see, the index has a replica and having a single node the state of the cluster is always yellow.

If I set the replicas to 0 the problem is fixed, until the next day, when the new daily index is created with a replica.

How can I make all security-auditlog indices are created with 0 replicas?

I haven’t found any template or setting that indicates it.

Thank you very much in advance.

Best regards,

Alfonso

Hello everyone!!

I’d like to know if what I’m trying to do is possible. I would like to have a single node environment but the replication of these indices alters the state of the cluster.

Thank you in advance!

Alfonso

2 Likes

Same question. thanks for any help in advance.
image

https://github.com/opendistro-for-elasticsearch/security-kibana-plugin/issues/164

in the same issue…
I was trying to solve it using something like this in the elasticsearch.yml:

opendistro_security.audit.type: internal_elasticsearch
opendistro_security.audit.config.index: "'auditlog-'YYYY.MM.dd"
opendistro_security.audit.config.index.number_of_shards: 1
opendistro_security.audit.config.index.number_of_replicas: 0

unsuccesful!

Any idea about how to solve it?

Best regards

2 Likes

well. finally I solved it just using the console

PUT /my_index/_settings
{
  "index" : {
    "number_of_replicas" : 0
  }
}

And the .opendistro_security index remains in that way, because it is a only one index…

@alfonsorbj I’m not sure I understand the issue, did you try to create a template to be used for audit index like so:

PUT _template/template_1
{
    "index_patterns": ["audit*"],
     "settings": {
           "number_of_replicas": 0
    }
}

Thanks, with this I’m able to set security-audit log to monthly log