Disable Wazuh replica index

142 views
Skip to first unread message

Hari ft

unread,
Apr 28, 2025, 3:37:43 AM4/28/25
to Wazuh | Mailing List
Dear Team,

I'm able to turn off replica shards for all other indices except for ".opendistro-ism-managed-index-history-yyyy.mm.dd". How can I disable the replica for this one?

Wazuh server 4.11.2
I'm using a single server for all components. Please help.

Md. Nazmur Sakib

unread,
Apr 28, 2025, 4:13:52 AM4/28/25
to Wazuh | Mailing List

Hi Hari,

.opendistro-alerting-alert-history is a system index and you cannot make changes to this index by default.

To make changes to the index first you need to allow making changes to the system index from the indexer configuration.

Go to
/etc/wazuh-indexer/opensearch.yml

And change plugins.security.system_indices.enabled:  to false from true.


Now, restart the indexer.

systemctl restart wazuh-indexer


And run this command to change the replicas number to 0

curl -k -u user:Password -XPUT 'https://indexer-ip:9200/.opendistro-alerting-alert-history-*/_settings' -H 'Content-Type: application/json' -d '{ "index": { "number_of_replicas": "0", "auto_expand_replicas":"false" } }'






Now, revert the changes you have made in the /etc/wazuh-indexer/opensearch.yml


Let me know if this works for you.

Hari ft

unread,
Apr 28, 2025, 7:37:37 AM4/28/25
to Wazuh | Mailing List
Dear Team,

settings updated, and the replicas gone. I'm monitoring it, once there are no more replicas in the future, everything will be fine.
thanks for the support

Reply all
Reply to author
Forward
0 new messages