Creating an Elasticsearch Cluster (New Version)_Using Elasticsearch for Data Search_User Guide

Prerequisites

You have planned the Elasticsearch cluster configuration by following the guidelines in Elasticsearch Cluster Planning Suggestions, including the cluster size, node configuration, and storage capacity requirements.
You have created a VPC, subnet, and security group beforehand, or you can create them when creating the cluster. For more information, see Virtual Private Cloud User Guide.
If you are going to enable automatic snapshot creation for the cluster, make sure you have created an OBS bucket for storing snapshots. The OBS bucket must be in the same region as the Elasticsearch clusters, and the storage class must be Standard or Warm.

Impact on Billing

If you enable automatic snapshot creation, automatically created snapshots will be stored in standard OBS buckets, and you will need to pay extra for the storage. For more information, see Billing Overview.
VPC endpoints, if created for the cluster, will incur extra fees, depending on the resource usage. For details, see VPC Endpoint Billing.

Opening the Create Cluster Page

Log in to the CSS management console.
In the navigation pane on the left, choose Clusters > Elasticsearch.
In the upper right corner, click Create Cluster. The new-version UI for creating a cluster is displayed by default.
Figure 1 Create Cluster (new version)

Cluster Configuration

Select the cluster type and version.

**Table 1** Cluster configuration
Parameter	Description
Cluster Type	Select Elasticsearch.
Cluster Version	Select a cluster version from the drop-down list.

Basic Settings

Select the region, billing mode, and AZ of the cluster.

**Table 2** Basic settings
Parameter	Description
Region	Select the region where the cluster is located. A region is the location of a physical data center. Regions are defined based on their geographical location and network latency. For lower network latency and quicker resource access, select the nearest region.
AZ	Select one or more AZs associated with the cluster region. An AZ is a physical region where resources use independent power supplies and networks. AZs are physically isolated but interconnected through an internal network. A maximum of three AZs can be configured. For details about the use of multiple AZs, see Suggestions on Multi-AZ Deployment.
Billing Mode	Billing mode for the cluster, which can be Yearly/Monthly or Pay-per-use. Yearly/Monthly: You prepay for a yearly or monthly subscription. This mode is cost-effective when the duration of your service usage is predictable. It is recommended for long-term users. A yearly/monthly subscription cannot be deleted. If you no longer need it, unsubscribe from it. Pay-per-use (postpaid): You will be billed hourly by actual duration of use. Any partial hour of usage will be rounded up to one hour. This mode is ideal for short-term or unpredictable workloads. Pay-per-use resources can be provisioned and deleted at any time.

Data Nodes

Configure the cluster's data nodes.

Data nodes are primarily used to store the cluster's data. The functions of the data nodes vary depending on the node types enabled for the cluster.

If the cluster has no client nodes, the data nodes will need to handle the additional task of query request distribution and data analysis.
If the cluster has no master nodes, the data nodes will also need to handle cluster management.

**Table 3** Configuring data nodes
Parameter	Description
CPU Architecture	Select the CPU architecture of the data nodes. x86 and Kunpeng nodes are supported. The architectures actually supported may vary depending on the regional environment.
Node Specifications	Select the specifications of the data nodes. Click Available. On the displayed page, select a flavor that suits your needs. The nodes may use either local or EVS disks. For more information about different node specifications, see ECS Types. In the node flavor list, vCPUs \| Memory indicate the number of vCPUs and memory capacity available for each flavor, and Recommended Storage indicates the supported storage capacity range. The node flavors available may vary depending on the region you select. WARNING: Local disks are less reliable than EVS disks—if the underlying host fails, data stored on local disks may be permanently lost. For this reason, avoid using local disks to store mission-critical data. Instead, use EVS disks. If you do use local disks, you are advised to enable automatic snapshot creation when creating the cluster, and also enable replicas when creating indexes. This helps lower the risk of data loss.
Node Storage Type and Capacity	Select the storage type and capacity of the data nodes. If the selected node flavor uses EVS disks, you need to further select Node Storage Type and Capacity based on service requirements. Available EVS disk types vary depending on your region. For more on EVS disk performance, see Disk Types and Performance. The value range of node storage capacity is determined by the node flavor you select. The value must be divisible by 20. Node storage capacity cannot be reduced once the cluster is created. Evaluate your long-term data needs and select an appropriate size. If the selected node flavor uses local disks, there is no need to select the node storage type, and the node storage capacity is a fixed value. Both of them are determined by the local disk specifications.
Nodes	Set the number of data nodes for the cluster. If master nodes are configured, the number of data nodes ranges from 1 to 200. If no master nodes are configured, the number of data nodes ranges from 1 to 32. To ensure cluster availability, you should configure at least three data nodes. If the number of data nodes in your cluster is not evenly divisible by the number of AZs, data distribution may become unbalanced across nodes. This will negatively impact both query and write performance.

Master Nodes

Configure master nodes for the cluster. By default, master nodes are not enabled. To enable master nodes, select Master Node, and configure the node settings.

Master nodes manage cluster-wide operations, including metadata, indexes, and shard allocation. For large-scale deployments, using dedicated master nodes enhances cluster stability, service availability, and centralized control.

**Table 4** Configuring master nodes
Parameter	Description
CPU Architecture	Select the CPU architecture of the master nodes. x86 and Kunpeng nodes are supported. The architectures actually supported may vary depending on the regional environment.
Node Specifications	Select the specifications of the master nodes. Click Available. On the displayed page, select a flavor that suits your needs. Master nodes support EVS disks only. For more information about different node specifications, see ECS Types. In the node flavor list, vCPUs \| Memory indicate the number of vCPUs and memory capacity available for each flavor. The node flavors available may vary depending on the region you select.
Node Storage Type and Capacity	Select the storage type and capacity of the master nodes. Available EVS disk types vary depending on your region. For more on EVS disk performance, see Disk Types and Performance. The node storage capacity is fixed at 40 GB.
Nodes	Set the number of master nodes for the cluster. The value can be 3, 5, 7, or 9.

Client Nodes

Configure client nodes for the cluster. By default, client nodes are not enabled. To enable client nodes, select Client Node, and configure the node settings.

Client nodes route and coordinate search and index requests, offloading processing from data nodes for enhanced query performance and cluster scalability when there are heavy loads.

**Table 5** Configuring client nodes
Parameter	Description
CPU Architecture	Select the CPU architecture of the client nodes. x86 and Kunpeng nodes are supported. The architectures actually supported may vary depending on the regional environment.
Node Specifications	Select the specifications of the client nodes. Click Available. On the displayed page, select a flavor that suits your needs. Client nodes support EVS disks only. For more information about different node specifications, see ECS Types. In the node flavor list, vCPUs \| Memory indicate the number of vCPUs and memory capacity available for each flavor. The node flavors available may vary depending on the region you select.
Node Storage Type and Capacity	Select the storage type and capacity of the client nodes. Available EVS disk types vary depending on your region. For more on EVS disk performance, see Disk Types and Performance. The node storage capacity is fixed at 40 GB.
Nodes	Set the number of client nodes for the cluster. Value range: 1 to 32

Cold Data Nodes

Configure cold data nodes for the cluster. By default, cold data nodes are not enabled. To enable cold data nodes, select Cold Data Node, and configure the node settings. Cold data nodes must be configured at cluster creation and cannot be modified later.

Cold data nodes are used to store and query large quantities of latency-insensitive data. They offer an effective way to manage large datasets while cutting storage costs. When cold data nodes are enabled, you can switch between cold and hot data storage. For details, see Switching Between Hot and Cold Storage for an Elasticsearch Cluster. If there are no cold data nodes, we recommend that you use decoupled storage and compute, which can also cut storage costs. For details, see Configuring Decoupled Storage and Compute for an Elasticsearch Cluster.

**Table 6** Configuring cold data nodes
Parameter	Description
CPU Architecture	Select the CPU architecture of the cold data nodes. x86 and Kunpeng nodes are supported. The architectures actually supported may vary depending on the regional environment.
Node Specifications	Select the specifications of the cold data nodes. Click Available. On the displayed page, select a flavor that suits your needs. The nodes may use either local or EVS disks. For more information about different node specifications, see ECS Types. In the node flavor list, vCPUs \| Memory indicate the number of vCPUs and memory capacity available for each flavor, and Recommended Storage indicates the supported storage capacity range. The node flavors available may vary depending on the region you select. WARNING: Local disks are less reliable than EVS disks—if the underlying host fails, data stored on local disks may be permanently lost. For this reason, avoid using local disks to store mission-critical data. Instead, use EVS disks. If you do use local disks, you are advised to enable automatic snapshot creation when creating the cluster, and also enable replicas when creating indexes. This helps lower the risk of data loss.
Node Storage Type and Capacity	Select the storage type and capacity of the cold data nodes. If the selected node flavor uses EVS disks, you need to further select Node Storage Type and Capacity based on service requirements. Available EVS disk types vary depending on your region. For more on EVS disk performance, see Disk Types and Performance. The value range of node storage capacity is determined by the node flavor you select. The value must be divisible by 20. Node storage capacity cannot be reduced once the cluster is created. Evaluate your long-term data needs and select an appropriate size. If the selected node flavor uses local disks, there is no need to select the node storage type, and the node storage capacity is a fixed value. Both of them are determined by the local disk specifications.
Nodes	Set the number of cold data nodes for the cluster. Value range: 1 to 32 If the number of cold data nodes in your cluster is not evenly divisible by the number of AZs, data distribution may become unbalanced across nodes. This will negatively impact both query and write performance.

Network Settings

Configure the VPC, subnet, IP addresses, and security group of the cluster.

**Table 7** Network settings
Parameter	Description
VPC	Select a VPC for the cluster for proper network isolation. You can select a shared VPC, which is indicated by Shared VPC in the VPC name. To create a CSS cluster in a shared VPC, the default vpc subnet statement permission is required. VPC sharing allows you to centrally manage resources across multiple accounts, helping to improve resource management efficiency and reduce O&M costs. For more information about shared VPCs, see VPC Sharing. If none of the existing VPCs meets your requirements, click Create VPC to create one. (Make sure you have the permission to create VPCs.) For details, see Creating a VPC and Subnet.
Subnet	Select a subnet for the cluster. A subnet improves network security by providing exclusive network resources that are isolated from other networks. Select a subnet in the current VPC. Or you can select a subnet under a shared VPC. The owner of a VPC can share the VPC to specified users.
IPv4 Address	Assign IPv4 addresses to cluster nodes. Assign automatically: Private IPv4 addresses will be automatically assigned to cluster nodes. Assign manually: Manually assign private IPv4 addresses to cluster nodes. Before assigning an IP address, click View In-Use IP Address to check IP addresses that are already in use. If you manually specify fewer IP addresses than the total number of cluster nodes, the system will automatically assign random private IPv4 addresses to the remaining nodes. Manually specified IP addresses will be assigned in the following priority order: client nodes > data nodes > cold data nodes > master nodes. Default value: Assign automatically
Security Group	Select a security group for the cluster. A security group serves as a virtual firewall that provides access control policies for clusters. To select a security group that meets your requirements, click View Security Group to go to the security group list, where you can check the details of each security group. The selected security group must allow port 9200 in the inbound direction. Otherwise, the cluster may be inaccessible to external services. Furthermore, to enable Kibana private network access, port 5601 must also be allowed. If none of the existing security groups meets your requirements, click Create Security Group to create one. (Make sure you have the permission to create security groups.) For details, see Creating a Security Group.

Security Mode

Configure the cluster's security mode and access methods. The security mode is enabled by default when you create a cluster. To disable it, deselect Security Mode.

Configure the security mode based on the security needs of your cluster.

Disabling the security mode: Use when creating a cluster for internal testing or workloads that have a low security standard. When the security mode is disabled, HTTP is used, data is transmitted in plaintext, and no user authentication is required for cluster access. Make sure the cluster is deployed in a secure environment. Do not expose the cluster's network interface to the public network.
Security mode + HTTP: Use to balance security and performance. In this setting, user authentication is required for cluster access, yet data is transmitted via HTTP.
Security mode + HTTPS: Use when security takes precedence over performance. In this setting, user authentication is required for cluster access, and data is transmitted via HTTPS in ciphertext.

HTTPS, public network access, and Kibana public network access can be enabled only when the security mode is enabled.

**Table 8** Configuring the security mode
Parameter	Description
Administrator account and password	When the security mode is enabled, cluster access requires user authentication. In this case, the administrator password must be configured. Administrator: The default value is admin and cannot be changed. Administrator Password: Set and confirm the administrator password. This password will be required when you access this cluster.
HTTPS Access	Whether to enable HTTPS access for the cluster. Enabled by default, HTTPS improves security by encrypting all communication with the cluster. To use HTTP instead, deselect HTTPS Access. Data security cannot be guaranteed when HTTPS is disabled. Exercise caution. When HTTPS is used, data encryption and decryption introduce computational overhead, which may impact the cluster's read and write performance.
Public Network Access	Whether to enable public network access. By default, it is disabled. To enable it, select Public Network Access, and configure the necessary settings. Public network access can be enabled only if the security mode and HTTPS are both enabled for the cluster. When public network access is enabled, the cluster is automatically assigned a public IP address with dedicated dynamic BGP bandwidth. When Public Network Access is selected, further configure the following parameters: Bandwidth: Set the bandwidth for public network access. The value ranges from 1 Mbit/s to 200 Mbit/s. Configure Whitelist Control public network access to the cluster using a whitelist. If a whitelist is configured, only IP addresses that are on this whitelist can access the cluster over the public network. Click +Add. In the displayed text box, enter IP addresses or CIDR blocks that are allowed to access the cluster from the public network. Separate them using commas (,). Each value must be unique. An example of valid values: 192.168.1.1,10.0.0.0/24. Examples of invalid values: 0.0.0.0, xx.xx.xx.x0, 172.16.0.0-172.16.255.255, non-standard formats (e.g., 192.168.1), and duplicate values. If no whitelist is configured, all public IP addresses can access the cluster. However, this can be a security risk and should be avoided.

Cluster Management

Configure the cluster name, enterprise project, and more.

**Table 9** Cluster management information
Parameter	Description
Cluster Name	User-defined cluster name. The cluster name must start with a letter and can contain 4 to 32 characters. Only letters, digits, hyphens (-), and underscores (_) are allowed.
Add Description	Add a description for the cluster for easy recognition. Click + Add Description and then enter a description of the cluster. The value can contain 0 to 128 characters.
Enterprise Project	Associate the cluster with an enterprise project. An enterprise project groups cloud resources, so you can manage resources and members by project. The default project is default. If enterprise projects are enabled, you can select an enterprise project from the drop-down list. You can click View Enterprise Projects to go to the Enterprise Project Management Service console and check enterprise project details. For more information, see Accessing the Enterprise Center.
Tags	Adding tags to clusters helps you identify and manage your cluster resources. Click + Add. You can select existing tag keys and values from the drop-down lists or enter new ones. If you want to use the same tag to identify multiple cloud resources for better resource grouping, we recommend that you predefine tags in Tag Management Service (TMS). For details, see Predefined Tags. Each cluster can have a maximum of 20 tags. If your organization has configured tag policies for CSS, add tags to clusters based on these policies. If a tag does not comply with the tag policies, cluster creation may fail. Contact the administrator to learn more about tag policies.

Automatic Snapshot Creation

Click

to expand More Settings and configure automatic snapshot creation. Automatic snapshot creation is disabled by default. To enable it, select Automatic Snapshot Creation, and configure the necessary settings. Automatic snapshot creation provides continuous data protection by periodically backing up cluster data.

If you enable automatic snapshot creation, automatically created snapshots will be stored in standard OBS buckets, and you will need to pay extra for the storage. For more information, see Billing Overview.

**Table 10** Configuring automatic snapshot creation
Parameter	Description
OBS Bucket	From the drop-down list, select an OBS bucket for storing snapshots. If no OBS buckets meet your requirements, click Create Bucket to go to the OBS console and create one. For details, see Creating a Bucket. To grant an IAM user access to an OBS bucket, you need to grant the GetBucketStoragePolicy, GetBucketLocation, ListBucket, and ListAllMyBuckets permissions to that user.
Backup Path	Snapshot storage path in the OBS bucket. The backup path cannot: Contain the following characters: *\:?"<>\|'{}** Start with a slash (/). Start or end with a period (.). Contain more than two consecutive slashes (/) or periods (.). Exceed 512 characters.
Maximum Backup Rate (per Second)	The parameter sets the maximum backup rate per node. When it is exceeded, flow control is triggered to prevent excessive resource usage and ensure system stability. The actual backup rate may not reach the configured value, as it depends on factors such as OBS performance and disk I/O. Value format: number + unit Number range: 0–9999 Unit: KB, MB, GB, TB, PB, or B Default value: 40 MB The value 0MB means there is no limit on how fast data is backed up to snapshots. An overly high backup rate may lead to excessive resource usage, which may impact cluster stability. Therefore, set this parameter carefully.
Maximum Recovery Rate (per Second)	The parameter sets the maximum recovery rate per node. When it is exceeded, flow control is triggered to prevent excessive resource usage and ensure system stability. The actual recovery rate may not reach the configured value, as it depends on factors such as OBS performance and disk I/O. Value format: number + unit Number range: 0–9999 Unit: KB, MB, GB, TB, PB, or B Default value: For Elasticsearch 7.6.2 clusters or earlier, the default value is 40 MB. For Elasticsearch clusters later than 7.6.2, the default value is 0 MB, indicating no limit. An overly high recovery rate may lead to excessive resource usage, which may impact cluster stability. Therefore, set this parameter carefully. For Elasticsearch clusters later than 7.6.2, the recovery rate is also limited by the indices.recovery.max_bytes_per_sec parameter. If Maximum Recovery Rate (per Second) is less than indices.recovery.max_bytes_per_sec, the former takes effect. If Maximum Recovery Rate (per Second) is greater than indices.recovery.max_bytes_per_sec, the latter takes effect. NOTE: To check the value of indices.recovery.max_bytes_per_sec, run the following command: GET _cluster/settings To modify indices.recovery.max_bytes_per_sec, run the following command: PUT _cluster/settings { "transient": { "indices.recovery.max_bytes_per_sec": "100mb" } }
IAM Agency	Select an IAM agency to grant the current account the permission to access and use OBS. To store snapshots to an OBS bucket, you must have the required OBS access permissions. If you are configuring an agency for the first time, click Automatically Create IAM Agency to create css-obs-agency. If there is an IAM agency automatically created earlier, you can click One-click authorization to have the OBS Administrator permissions deleted automatically, and have the following custom policies added automatically instead to implement more refined permissions control. "obs:bucket:GetBucketLocation", "obs:object:GetObjectVersion", "obs:object:GetObject", "obs:object:DeleteObject", "obs:bucket:HeadBucket", "obs:bucket:GetBucketStoragePolicy", "obs:object:DeleteObjectVersion", "obs:bucket:ListBucketVersions", "obs:bucket:ListBucket", "obs:object:PutObject" When OBS buckets use SSE-KMS encryption, the IAM agency must be granted KMS permissions. You can click Automatically Create IAM Agency and One-click authorization to have the following custom policies created automatically. "kms:cmk:create", "kms:dek:create", "kms:cmk:get", "kms:dek:decrypt", "kms:cmk:list" To use Automatically Create IAM Agency and One-click authorization, the following minimum permissions are required: "iam:agencies:listAgencies", "iam:roles:listRoles", "iam:agencies:getAgency", "iam:agencies:createAgency", "iam:permissions:listRolesForAgency", "iam:permissions:grantRoleToAgency", "iam:permissions:listRolesForAgencyOnProject", "iam:permissions:revokeRoleFromAgency", "iam:roles:createRole" To use an IAM agency, the following minimum permissions are required: "iam:agencies:listAgencies", "iam:agencies:getAgency", "iam:permissions:listRolesForAgencyOnProject", "iam:permissions:listRolesForAgency" WARNING: The agency name can contain only letters (case-sensitive), digits, underscores (_), and hyphens (-). Otherwise, the backup will fail.
Snapshot Name Prefix	A snapshot name consists of the snapshot name prefix and timestamp, for example, snapshot-1566921603720. The snapshot name prefix can contain 1 to 32 characters. It must start with a lowercase letter, and it can only contain lowercase letters, digits, hyphens (-), and underscores (_). The default value is snapshot.
Time Zone	Select a time zone for the backup start time.
Backup Start Time	Specify the start time of auto backup. Select a value from the drop-down list. The interval can be Daily, Hourly, or weekly (by selecting a specific day of the week), and the backup time can be set to any hour from 00:00 to 23:00 (full hours only).
Retained Snapshots	Number of automatically created snapshots to be retained. The value ranges from 1 to 90. The system automatically deletes excess snapshots every half hour. (The expiration deletion policy applies only to the snapshots that were automatically created at the same frequency as the current automatic snapshot creation policy.) NOTE: If the snapshot creation interval is short or if the data size of indexes is large, the number of automatic snapshots retained may not reach the value set using this parameter.

VPC Endpoint

Expand More Settings and configure a VPC endpoint for the cluster. VPC endpoint is disabled by default. To enable it, select VPC Endpoint, and configure the necessary settings.

VPC Endpoint enables you to access resources across VPCs using a dedicated gateway without exposing the network information of servers. The address of a VPC endpoint consists of an IPv4 address and internal domain name.

If a shared VPC and a subnet within this shared VPC were selected earlier for the cluster, VPC Endpoint cannot be enabled.
VPC endpoints, if created for the cluster, will incur extra fees, depending on the resource usage. For details, see VPC Endpoint Billing.
You need specific permissions to create VPC endpoints. For details, see VPCEP Permissions.

**Table 11** Configuring VPC Endpoint
Parameter	Description
Create Private Domain Name	Whether to create a private domain name for the VPC endpoint. Enable: The system automatically assigns a private domain name to the VPC endpoint. After cluster creation, you can check this private domain name on the VPC Endpoint tab of the cluster details page. Disable: No private domain name will be configured for the VPC endpoint. The cluster can only be accessed through an IP address assigned to the VPC endpoint.
Add Account	Add accounts that are allowed to access the cluster through the VPC endpoint service. To add an account, click Add Account and enter an account ID. To obtain your authorized account ID, point to your username in the upper right corner, and choose My Credentials. Copy the value of Account ID. If no account is added or the account ID is set to *, all users are allowed to access the cluster through the VPC endpoint.

Kibana Public Network Access

Expand More Settings and configure Kibana public network access for the cluster. Kibana public network access is disabled by default. To enable it, select Kibana Public Network Access, and configure the necessary settings.

When Kibana public network access is enabled, a public IP address will be automatically assigned for Kibana access. Users will be able to access this Elasticsearch cluster's Kibana console from the public network through this address.

This parameter is available only when the security mode is enabled for the cluster.

**Table 12** Configuring public network access for Kibana
Parameter	Description
Bandwidth	Bandwidth for accessing Kibana from the public network Value range: 1 Mbit/s to 200 Mbit/s
Configure Whitelist	Control Kibana public network access using a whitelist. If a whitelist is configured, only IP addresses that are on this whitelist can access the cluster's Kibana console over the public network. Click + Add. In the displayed text box, enter IP addresses or CIDR blocks that are allowed to access the cluster's Kibana console from the public network. Separate them using commas (,). Each value must be unique. An example of valid values: 192.168.1.1,10.0.0.0/24. Examples of invalid values: 0.0.0.0, xx.xx.xx.x0, 172.16.0.0-172.16.255.255, non-standard formats (e.g., 192.168.1), and duplicate values. If no whitelist is configured, all public IP addresses can access the cluster's Kibana console. However, this can be a security risk and should be avoided.

Quantity

Configure the cluster's subscription duration and auto-renewal option. This parameter is available only when Billing Mode is set to Yearly/Monthly.

**Table 13** Configuring the subscription duration
Parameter	Description
Required Duration	Set the duration of your subscription in the range of 1 month to 3 years. If you plan to use the cluster for more than nine months, you should choose a yearly subscription for a better price.
Auto-renew	Whether to automatically renew the subscription. By default, auto-renewal is disabled. To enable it, select Auto-renew. When Auto-renew is selected, a yearly/monthly subscription is automatically renewed upon expiry. Monthly subscription: auto-renews for 1 month each time. Yearly subscription: auto-renews for 1 year each time. For more information, see Auto-Renewal Rules.

Submit

In the Configuration Summary panel on the right, review the cluster configuration details.
Any mandatory fields that are missing are displayed in red, and you have to set them in the configuration area.
Click Create Now.
Cluster creation time depends on the number of nodes. Typically, this process takes less than 60 minutes, though clusters with a large number of nodes may require additional time.
Return to the cluster list and check the newly created cluster.
If the cluster is created successfully, Cluster Status changes to Available.

Creating an Elasticsearch Cluster (New Version)