diff --git a/plugins/environment/elk/config/elasticsearch/elasticsearch.yml b/plugins/environment/elk/config/elasticsearch/elasticsearch.yml
new file mode 100644
index 0000000..2a9fcfb
--- /dev/null
+++ b/plugins/environment/elk/config/elasticsearch/elasticsearch.yml
@@ -0,0 +1,7 @@
+cluster.name: "docker-cluster"
+network.host: 0.0.0.0
+
+# minimum_master_nodes need to be explicitly set when bound on a public IP
+# set to 1 to allow single node clusters
+# Details: https://github.com/elastic/elasticsearch/pull/17288
+discovery.zen.minimum_master_nodes: 1
\ No newline at end of file
diff --git a/plugins/environment/elk/config/elasticsearch/jvm.options b/plugins/environment/elk/config/elasticsearch/jvm.options
new file mode 100644
index 0000000..c26a663
--- /dev/null
+++ b/plugins/environment/elk/config/elasticsearch/jvm.options
@@ -0,0 +1,99 @@
+## JVM configuration
+
+################################################################
+## IMPORTANT: JVM heap size
+################################################################
+##
+## You should always set the min and max JVM heap
+## size to the same value. For example, to set
+## the heap to 4 GB, set:
+##
+## -Xms4g
+## -Xmx4g
+##
+## See https://www.elastic.co/guide/en/elasticsearch/reference/current/heap-size.html
+## for more information
+##
+################################################################
+
+# Xms represents the initial size of total heap space
+# Xmx represents the maximum size of total heap space
+
+-Xms500m
+-Xmx500m
+
+################################################################
+## Expert settings
+################################################################
+##
+## All settings below this section are considered
+## expert settings. Don't tamper with them unless
+## you understand what you are doing
+##
+################################################################
+
+## GC configuration
+-XX:+UseConcMarkSweepGC
+-XX:CMSInitiatingOccupancyFraction=75
+-XX:+UseCMSInitiatingOccupancyOnly
+
+## optimizations
+
+# pre-touch memory pages used by the JVM during initialization
+-XX:+AlwaysPreTouch
+
+## basic
+
+# explicitly set the stack size
+-Xss1m
+
+# set to headless, just in case
+-Djava.awt.headless=true
+
+# ensure UTF-8 encoding by default (e.g. filenames)
+-Dfile.encoding=UTF-8
+
+# use our provided JNA always versus the system one
+-Djna.nosys=true
+
+# turn off a JDK optimization that throws away stack traces for common
+# exceptions because stack traces are important for debugging
+-XX:-OmitStackTraceInFastThrow
+
+# flags to configure Netty
+-Dio.netty.noUnsafe=true
+-Dio.netty.noKeySetOptimization=true
+-Dio.netty.recycler.maxCapacityPerThread=0
+
+# log4j 2
+-Dlog4j.shutdownHookEnabled=false
+-Dlog4j2.disable.jmx=true
+
+-Djava.io.tmpdir=${ES_TMPDIR}
+
+## heap dumps
+
+# generate a heap dump when an allocation from the Java heap fails
+# heap dumps are created in the working directory of the JVM
+-XX:+HeapDumpOnOutOfMemoryError
+
+# specify an alternative path for heap dumps
+# ensure the directory exists and has sufficient space
+#-XX:HeapDumpPath=/heap/dump/path
+
+## JDK 8 GC logging
+
+8:-XX:+PrintGCDetails
+8:-XX:+PrintGCDateStamps
+8:-XX:+PrintTenuringDistribution
+8:-XX:+PrintGCApplicationStoppedTime
+8:-Xloggc:logs/gc.log
+8:-XX:+UseGCLogFileRotation
+8:-XX:NumberOfGCLogFiles=32
+8:-XX:GCLogFileSize=64m
+
+# JDK 9+ GC logging
+9-:-Xlog:gc*,gc+age=trace,safepoint:file=logs/gc.log:utctime,pid,tags:filecount=32,filesize=64m
+# due to internationalization enhancements in JDK 9 Elasticsearch need to set the provider to COMPAT otherwise
+# time/date parsing will break in an incompatible way for some date patterns and locals
+9-:-Djava.locale.providers=COMPAT
\ No newline at end of file
diff --git a/plugins/environment/elk/config/elasticsearch/log4j2.properties b/plugins/environment/elk/config/elasticsearch/log4j2.properties
new file mode 100644
index 0000000..d23f390
--- /dev/null
+++ b/plugins/environment/elk/config/elasticsearch/log4j2.properties
@@ -0,0 +1,9 @@
+status = error
+
+appender.console.type = Console
+appender.console.name = console
+appender.console.layout.type = PatternLayout
+appender.console.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] %marker%m%n
+
+rootLogger.level = info
+rootLogger.appenderRef.console.ref = console
\ No newline at end of file
diff --git a/plugins/environment/elk/docker-compose.yml.j2 b/plugins/environment/elk/docker-compose.yml.j2
index 3d11adf..babb5fb 100644
--- a/plugins/environment/elk/docker-compose.yml.j2
+++ b/plugins/environment/elk/docker-compose.yml.j2
@@ -21,6 +21,7 @@ services:
     image: docker.elastic.co/elasticsearch/elasticsearch-oss:6.2.4
     environment:
       - SERVICE_9200_NAME=elasticsearch
+      - discovery.type=single-node 
     ports:
       - target: 9200
         published: 9200
@@ -31,6 +32,8 @@ services:
         protocol: tcp
         mode: host
     volumes:
+      - /var/lidop/elk/elasticsearch/:/usr/share/elasticsearch/config
+      - /usr/share/elasticsearch/config/ingest-geoip
       - /var/lidop/elk/elasticsearch:/usr/share/elasticsearch/data
     deploy:
       restart_policy:
diff --git a/plugins/environment/elk/service.yml b/plugins/environment/elk/service.yml
index c29abbf..87638db 100644
--- a/plugins/environment/elk/service.yml
+++ b/plugins/environment/elk/service.yml
@@ -8,9 +8,6 @@
     folder: "/var/lidop/elk"
 
   tasks:
-    - name: fix max memory
-      command: sysctl -w vm.max_map_count=262144
-
     - name: delete directory
       file:
         path: "{{ folder }}"
@@ -22,17 +19,6 @@
         dest: "{{ folder }}"
         mode: 0644
       when: state == "present"
-      
-    - name: Create folders
-      file:
-        state: "directory"
-        path: "{{ folder }}{{ item }}"
-        owner: "{{ root_user }}"
-        group: "{{ root_user }}"
-        mode: '0777'
-      with_items:
-        - /elasticsearch
-      when: state == "present"
 
     - name: set docker-compose
       template: