Need Explain about opensearch.yml Wazuh Indexer

[Aditya Firman Nugroho]

Dead Wazuh Team, 

I Need to know about opensearch.yml ( /etc/wazuh-indexer/opensearch.yml ), where i can read the documentation about this file. 

just want to know , if this file can help me to tunning wazuh. 

Best Regards, 

Aditya

[Stuti Gupta]

HI 

The opensearch.yml is a configuration file for wazuh-indexer (based on opensearch). It is used for configuring the node, IP address, connection, cluster connection, and deploying certs, networking, paths, and security. To know more about settings, you can refer to https://documentation.wazuh.com/current/installation-guide/wazuh-indexer/step-by-step.html#configuring-the-wazuh-indexer

It is mainly used for node and cluster configuration. Most performance tuning (like memory usage or shards and replicas performance) is usually done through JVM settings or shards and replicas settings using file /etc/filebeat/indexer-template.json. For that, you can refer to https://documentation.wazuh.com/current/user-manual/wazuh-indexer/wazuh-indexer-tuning.html 

For enabling memory locking, you need to edit /etc/wazuh-indexer/opensearch.yml configuration file. 

Additionally, for adding a node and setting the multi-cluster node. You need to edit opensearch.yml

Let me know if you need further help with tuning the wazuh-indexer or storage management.