MongoDB Ation Mongo DB Manual V3.2

User Manual:

Open the PDF directly: View PDF .
Page Count: 1095

Download
Open PDF In Browser	View PDF

MongoDB Documentation
Release 3.2.5

MongoDB, Inc.

April 25, 2016

Contents

Introduction to MongoDB
1.1 Document Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.2 Key Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Install MongoDB
2.1 Supported Platforms . . . . .
2.2 Deprecation of 32-bit Versions
2.3 Tutorials . . . . . . . . . . .
2.4 Additional Resources . . . . .

3
3
4

.
.
.
.

21
21
21
22
75

The mongo Shell
3.1 Introduction . . . . . . . . . . . . . . . . . .
3.2 Start the mongo Shell . . . . . . . . . . . . .
3.3 Working with the mongo Shell . . . . . . . .
3.4 Tab Completion and Other Keyboard Shortcuts
3.5 Exit the Shell . . . . . . . . . . . . . . . . . .

.
.
.
.
.

77
77
77
78
79
80

MongoDB CRUD Operations
4.1 MongoDB CRUD Introduction
4.2 MongoDB CRUD Concepts . .
4.3 MongoDB CRUD Tutorials . .
4.4 MongoDB CRUD Reference . .

.
.
.
.

97
. 97
. 99
. 136
. 178

Aggregation
5.1 Aggregation Pipeline . . . . . . . . . .
5.2 Map-Reduce . . . . . . . . . . . . . .
5.3 Single Purpose Aggregation Operations
5.4 Additional Features and Behaviors . . .
5.5 Additional Resources . . . . . . . . . .

.
.
.
.
.

.
.
.
.

195
195
197
198
198
237

Text Search
239
6.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239
6.2 Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239
6.3 Language Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240

Data Models
7.1 Data Modeling Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
7.2 Document Validation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
7.3 Data Modeling Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

247
247
250
252
i

7.4
7.5
8

Data Model Examples and Patterns . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258
Data Model Reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276

Administration
8.1 Administration Concepts .
8.2 Administration Tutorials .
8.3 Administration Reference
8.4 Production Checklist . . .

.
.
.
.

281
281
318
372
386

Security
9.1 Security Checklist . . . . . . . .
9.2 Authentication . . . . . . . . . .
9.3 Role-Based Access Control . . .
9.4 Encryption . . . . . . . . . . . .
9.5 Auditing . . . . . . . . . . . . .
9.6 Security Hardening . . . . . . . .
9.7 Implement Field Level Redaction
9.8 Security Reference . . . . . . . .
9.9 Create a Vulnerability Report . .
9.10 Additional Resources . . . . . . .

.
.
.
.
.
.
.
.
.
.

391
391
393
433
449
466
472
482
484
512
514

.
.
.
.

10 Indexes
10.1 Default _id Index . . . .
10.2 Create an Index . . . . . .
10.3 Index Types . . . . . . . .
10.4 Index Properties . . . . .
10.5 Index Use . . . . . . . . .
10.6 Covered Queries . . . . .
10.7 Index Intersection . . . .
10.8 Restrictions . . . . . . . .
10.9 Additional Considerations
10.10 Additional Resources . . .

.
.
.
.
.
.
.
.
.
.

515
515
516
516
518
519
519
520
520
520
593

11 Storage
11.1 Storage Engines . . . .
11.2 Journaling . . . . . . .
11.3 GridFS . . . . . . . . .
11.4 FAQ: MongoDB Storage

.
.
.
.

595
595
606
611
615

12 Replication
12.1 Replication Introduction
12.2 Replication Concepts . .
12.3 Replica Set Tutorials . .
12.4 Replication Reference .

.
.
.
.

623
623
627
665
716

13 Sharding
13.1 Sharding Introduction . .
13.2 Sharding Concepts . . . .
13.3 Sharded Cluster Tutorials
13.4 Sharding Reference . . .

.
.
.
.

733
733
739
764
822

14 Frequently Asked Questions
831
14.1 FAQ: MongoDB Fundamentals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 831
14.2 FAQ: Indexes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 833
14.3 FAQ: Concurrency . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 835

14.4
14.5
14.6
14.7

FAQ: Sharding with MongoDB . .
FAQ: Replication and Replica Sets
FAQ: MongoDB Storage . . . . . .
FAQ: MongoDB Diagnostics . . . .

.
.
.
.

15 Release Notes
15.1 Current Stable Release . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
15.2 Previous Stable Releases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
15.3 MongoDB Version Numbers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
16 About MongoDB Documentation
16.1 License . . . . . . . . . . . . . . . . . . .
16.2 Editions . . . . . . . . . . . . . . . . . . .
16.3 Version and Revisions . . . . . . . . . . .
16.4 Report an Issue or Make a Change Request
16.5 Contribute to the Documentation . . . . .

.
.
.
.
.

841
846
850
856
865
865
911
1070
1073
1073
1073
1074
1074
1075

iii

MongoDB Documentation, Release 3.2.5

Note: This version of the PDF does not include the reference section, see MongoDB Reference Manual1 for a PDF
edition of all MongoDB Reference Material.

1 http://docs.mongodb.org/master/MongoDB-reference-manual.pdf

Contents

MongoDB Documentation, Release 3.2.5

Contents

CHAPTER 1

Introduction to MongoDB

On this page
• Document Database (page 3)
• Key Features (page 4)
MongoDB is an open-source document database that provides high performance, high availability, and automatic
scaling.

1.1 Document Database
A record in MongoDB is a document, which is a data structure composed of field and value pairs. MongoDB documents are similar to JSON objects. The values of fields may include other documents, arrays, and arrays of documents.

The advantages of using documents are:
• Documents (i.e. objects) correspond to native data types in many programming languages.
• Embedded documents and arrays reduce need for expensive joins.
• Dynamic schema supports fluent polymorphism.

MongoDB Documentation, Release 3.2.5

1.2 Key Features
1.2.1 High Performance
MongoDB provides high performance data persistence. In particular,
• Support for embedded data models reduces I/O activity on database system.
• Indexes support faster queries and can include keys from embedded documents and arrays.

1.2.2 Rich Query Language
MongoDB supports a rich query language to support read and write operations (page 97) as well as:
• data aggregation (page 199)
• Text Search and Geospatial Queries (page 545).

1.2.3 High Availability
MongoDB’s replication facility, called replica set (page 623), provides:
• automatic failover and
• data redundancy.
A replica set (page 623) is a group of MongoDB servers that maintain the same data set, providing redundancy and
increasing data availability.

1.2.4 Horizontal Scalability
MongoDB provides horizontal scalability as part of its core functionality:
• Sharding (page 733) distributes data across a cluster of machines.
• Tag aware sharding allows for directing data to specific shards, such as to take into consideration geographic
distribution of the shards.

1.2.5 Support for Multiple Storage Engines
MongoDB supports multiple storage engines (page 595), such as:
• WiredTiger Storage Engine (page 595) and
• MMAPv1 Storage Engine (page 603).
In addition, MongoDB provides pluggable storage engine API that allows third parties to develop storage engines for
MongoDB.
Databases and Collections

Chapter 1. Introduction to MongoDB

MongoDB Documentation, Release 3.2.5

On this page
• Databases (page 5)
• Collections (page 5)
MongoDB stores BSON documents (page 8), i.e. data records, in collections; the collections in databases.
Databases

In MongoDB, databases hold collections of documents.
To select a database to use, in the mongo shell, issue the use statement, as in the following example:
use myDB

Create a Database If a database does not exist, MongoDB creates the database when you first store data for that
database. As such, you can switch to a non-existent database and perform the following operation in the mongo shell:
use myNewDB
db.myNewCollection1.insert( { x: 1 } )

The insert() operation creates both the database myNewDB and the collection myNewCollection1 if they do
not already exist.
For a list of restrictions on database names, see restrictions-on-db-names.
Collections

MongoDB stores documents in collections. Collections are analogous to tables in relational databases.
Create a Collection If a collection does not exist, MongoDB creates the collection when you first store data for that
collection.
db.myNewCollection2.insert( { x: 1 } )
db.myNewCollection3.createIndex( { y: 1 } )

Both the insert() and the createIndex() operations create their respective collection if they do not already
exist.
For a list of restrictions on database names, see restrictions-on-collection-names.
Explicit Creation MongoDB provides the db.createCollection() method to explicitly create a collection
with various options, such as setting the maximum size or the documentation validation rules. If you are not specifying
these options, you do not need to explicitly create the collection since MongoDB creates new collections when you
first store data for the collections.
To modify these collection options, see collMod.

1.2. Key Features

MongoDB Documentation, Release 3.2.5

Document Validation New in version 3.2.
By default, a collection does not require its documents to have the same schema; i.e. the documents in a single
collection do not need to have the same set of fields and the data type for a field can differ across documents within a
collection.
Starting in MongoDB 3.2, however, you can enforce document validation rules (page 250) for a collection during
update and insert operations. See Document Validation (page 250) for details.
Modifying Document Structure To change the structure of the documents in a collection, such as add new fields,
remove existing fields, or change the field values to a new type, update the documents to the new structure.

On this page
Capped Collections

•
•
•
•

Overview (page 6)
Behavior (page 6)
Restrictions and Recommendations (page 6)
Procedures (page 7)

Overview Capped collections are fixed-size collections that support high-throughput operations that insert and retrieve documents based on insertion order. Capped collections work in a way similar to circular buffers: once a
collection fills its allocated space, it makes room for new documents by overwriting the oldest documents in the
collection.
See createCollection() or create for more information on creating capped collections.
Behavior
Insertion Order Capped collections guarantee preservation of the insertion order. As a result, queries do not need
an index to return documents in insertion order. Without this indexing overhead, capped collections can support higher
insertion throughput.
Automatic Removal of Oldest Documents To make room for new documents, capped collections automatically
remove the oldest documents in the collection without requiring scripts or explicit remove operations.
For example, the oplog.rs collection that stores a log of the operations in a replica set uses a capped collection.
Consider the following potential use cases for capped collections:
• Store log information generated by high-volume systems. Inserting documents in a capped collection without
an index is close to the speed of writing log information directly to a file system. Furthermore, the built-in
first-in-first-out property maintains the order of events, while managing storage use.
• Cache small amounts of data in a capped collections. Since caches are read rather than write heavy, you would
either need to ensure that this collection always remains in the working set (i.e. in RAM) or accept some write
penalty for the required index or indexes.
_id Index Capped collections have an _id field and an index on the _id field by default.
Restrictions and Recommendations

Chapter 1. Introduction to MongoDB

MongoDB Documentation, Release 3.2.5

Updates If you plan to update documents in a capped collection, create an index so that these update operations do
not require a collection scan.
Document Size Changed in version 3.2.
If an update or a replacement operation changes the document size, the operation will fail.
Document Deletion You cannot delete documents from a capped collection. To remove all documents from a
collection, use the drop() method to drop the collection and recreate the capped collection.
Sharding You cannot shard a capped collection.
Query Efficiency Use natural ordering to retrieve the most recently inserted elements from the collection efficiently.
This is (somewhat) analogous to tail on a log file.
Aggregation $out The aggregation pipeline operator $out cannot write results to a capped collection.
Procedures
Create a Capped Collection You must create capped collections explicitly using the
db.createCollection() method, which is a helper in the mongo shell for the create command.
When creating a capped collection you must specify the maximum size of the collection in bytes, which MongoDB
will pre-allocate for the collection. The size of the capped collection includes a small amount of space for internal
overhead.
db.createCollection( "log", { capped: true, size: 100000 } )

If the size field is less than or equal to 4096, then the collection will have a cap of 4096 bytes. Otherwise, MongoDB
will raise the provided size to make it an integer multiple of 256.
Additionally, you may also specify a maximum number of documents for the collection using the max field as in the
following document:
db.createCollection("log", { capped : true, size : 5242880, max : 5000 } )

Important: The size argument is always required, even when you specify max number of documents. MongoDB
will remove older documents if a collection reaches the maximum size limit before it reaches the maximum document
count.
See
db.createCollection() and create.

Query a Capped Collection If you perform a find() on a capped collection with no ordering specified, MongoDB
guarantees that the ordering of results is the same as the insertion order.
To retrieve documents in reverse insertion order, issue find() along with the sort() method with the $natural
parameter set to -1, as shown in the following example:

1.2. Key Features

MongoDB Documentation, Release 3.2.5

db.cappedCollection.find().sort( { $natural: -1 } )

Check if a Collection is Capped Use the isCapped() method to determine if a collection is capped, as follows:
db.collection.isCapped()

Convert a Collection to Capped You can convert a non-capped collection to a capped collection with the
convertToCapped command:
db.runCommand({"convertToCapped": "mycoll", size: 100000});

The size parameter specifies the size of the capped collection in bytes.
Warning: This command obtains a global write lock and will block other operations until it has completed.

Automatically Remove Data After a Specified Period of Time For additional flexibility when expiring data, consider MongoDB’s TTL indexes, as described in Expire Data from Collections by Setting TTL (page 567). These indexes
allow you to expire and remove data from normal collections using a special type, based on the value of a date-typed
field and a TTL value for the index.
TTL Collections (page 567) are not compatible with capped collections.
Tailable Cursor You can use a tailable cursor with capped collections. Similar to the Unix tail -f command,
the tailable cursor “tails” the end of a capped collection. As new documents are inserted into the capped collection,
you can use the tailable cursor to continue retrieving documents.
See Create Tailable Cursor (page 172) for information on creating a tailable cursor.
Documents

On this page
•
•
•
•
•

Document Structure (page 8)
Dot Notation (page 9)
Document Limitations (page 10)
Other Uses of the Document Structure (page 11)
Additional Resources (page 12)

MongoDB stores data records as BSON documents. BSON is a binary representation of JSON documents, though it
contains more data types than JSON. For the BSON spec, see bsonspec.org1 . See also BSON Types (page 12).
Document Structure

MongoDB documents are composed of field-and-value pairs and have the following structure:
1 http://bsonspec.org/

Chapter 1. Introduction to MongoDB

MongoDB Documentation, Release 3.2.5

{
field1:
field2:
field3:
...
fieldN:

value1,
value2,
value3,
valueN

}

The value of a field can be any of the BSON data types (page 12), including other documents, arrays, and arrays of
documents. For example, the following document contains values of varying types:
var mydoc = {
_id: ObjectId("5099803df3f4948bd2f98391"),
name: { first: "Alan", last: "Turing" },
birth: new Date('Jun 23, 1912'),
death: new Date('Jun 07, 1954'),
contribs: [ "Turing machine", "Turing test", "Turingery" ],
views : NumberLong(1250000)
}

The above fields have the following data types:
• _id holds an ObjectId (page 14).
• name holds an embedded document that contains the fields first and last.
• birth and death hold values of the Date type.
• contribs holds an array of strings.
• views holds a value of the NumberLong type.
Field Names Field names are strings.
Documents (page 8) have the following restrictions on field names:
• The field name _id is reserved for use as a primary key; its value must be unique in the collection, is immutable,
and may be of any type other than an array.
• The field names cannot start with the dollar sign ($) character.
• The field names cannot contain the dot (.) character.
• The field names cannot contain the null character.
BSON documents may have more than one field with the same name. Most MongoDB interfaces, however,
represent MongoDB with a structure (e.g. a hash table) that does not support duplicate field names. If you need to
manipulate documents that have more than one field with the same name, see the driver documentation for
your driver.
Some documents created by internal MongoDB processes may have duplicate fields, but no MongoDB process will
ever add duplicate fields to an existing user document.
Field Value Limit For indexed collections (page 515), the values for the indexed fields have a Maximum Index
Key Length limit. See Maximum Index Key Length for details.
Dot Notation

MongoDB uses the dot notation to access the elements of an array and to access the fields of an embedded document.

1.2. Key Features

MongoDB Documentation, Release 3.2.5

Arrays To specify or access an element of an array by the zero-based index position, concatenate the array name
with the dot (.) and zero-based index position, and enclose in quotes:
"."

For example, given the following field in a document:
{
...
contribs: [ "Turing machine", "Turing test", "Turingery" ],
...
}

To specify the third element in the contribs array, use the dot notation "contribs.2".
See also:
• $ positional operator for update operations,
• $ projection operator when array index position is unknown
• Arrays (page 143) for dot notation examples with arrays.
Embedded Documents To specify or access a field of an embedded document with dot notation, concatenate the
embedded document name with the dot (.) and the field name, and enclose in quotes:
"."

For example, given the following field in a document:
{
...
name: { first: "Alan", last: "Turing" },
...
}

To specify the field named last in the name field, use the dot notation "name.last".
See also:
Embedded Documents (page 142) for dot notation examples with embedded documents.
Document Limitations

Documents have the following attributes:
Document Size Limit The maximum BSON document size is 16 megabytes.
The maximum document size helps ensure that a single document cannot use excessive amount of RAM or, during
transmission, excessive amount of bandwidth. To store documents larger than the maximum size, MongoDB provides
the GridFS API. See mongofiles and the documentation for your driver for more information about GridFS.
Document Field Order MongoDB preserves the order of the document fields following write operations except for
the following cases:
• The _id field is always the first field in the document.
• Updates that include renaming of field names may result in the reordering of fields in the document.

Chapter 1. Introduction to MongoDB

MongoDB Documentation, Release 3.2.5

Changed in version 2.6: Starting in version 2.6, MongoDB actively attempts to preserve the field order in a document.
Before version 2.6, MongoDB did not actively preserve the order of the fields in a document.
The _id Field The _id field has the following behavior and constraints:
• By default, MongoDB creates a unique index on the _id field during the creation of a collection.
• The _id field is always the first field in the documents. If the server receives a document that does not have the
_id field first, then the server will move the field to the beginning.
• The _id field may contain values of any BSON data type (page 12), other than an array.
Warning: To ensure functioning replication, do not store values that are of the BSON regular expression
type in the _id field.
The following are common options for storing values for _id:
• Use an ObjectId (page 14).
• Use a natural unique identifier, if available. This saves space and avoids an additional index.
• Generate an auto-incrementing number. See Create an Auto-Incrementing Sequence Field (page 173).
• Generate a UUID in your application code. For a more efficient storage of the UUID values in the collection
and in the _id index, store the UUID as a value of the BSON BinData type.
Index keys that are of the BinData type are more efficiently stored in the index if:
– the binary subtype value is in the range of 0-7 or 128-135, and
– the length of the byte array is: 0, 1, 2, 3, 4, 5, 6, 7, 8, 10, 12, 14, 16, 20, 24, or 32.
• Use your driver’s BSON UUID facility to generate UUIDs. Be aware that driver implementations may implement UUID serialization and deserialization logic differently, which may not be fully compatible with other
drivers. See your driver documentation2 for information concerning UUID interoperability.
Note: Most MongoDB driver clients will include the _id field and generate an ObjectId before sending the insert
operation to MongoDB; however, if the client sends a document without an _id field, the mongod will add the _id
field and generate the ObjectId.

Other Uses of the Document Structure

In addition to defining data records, MongoDB uses the document structure throughout, including but not limited to:
• Query filters or specifications (page 140). Query filter documents specify the conditions that determine which
records to select for read, update, and delete operations.
You can use : expressions to specify the equality condition and query operator expressions.
{
: ,
: { : },
...
}

For examples, see Query filters or specifications (page 140).
2 https://api.mongodb.org/

1.2. Key Features

MongoDB Documentation, Release 3.2.5

• Update specifications (page 148). Update specifications documents use update operators to specify the data
modifications to perform on specific fields during an db.collection.update() operation.
{
: { : , ... },
: { : , ... },
...
}

• Index specifications (page 515). Index specifications document define the field to index and the index type:
{ : , : , ...

}

Additional Resources

• Thinking in Documents Part 1 (Blog Post)3
BSON Types

On this page
•
•
•
•
•

Comparison/Sort Order (page 13)
ObjectId (page 14)
String (page 14)
Timestamps (page 15)
Date (page 15)

BSON is a binary serialization format used to store documents and make remote procedure calls in MongoDB. The
BSON specification is located at bsonspec.org4 .
BSON supports the following data types as values in documents. Each data type has a corresponding number and
string alias that can be used with the $type operator to query documents by BSON type.
3 https://www.mongodb.com/blog/post/thinking-documents-part-1?jmp=docs
4 http://bsonspec.org/

Chapter 1. Introduction to MongoDB

MongoDB Documentation, Release 3.2.5

Type
Double
String
Object
Array
Binary data
Undefined
ObjectId
Boolean
Date
Null
Regular Expression
DBPointer
JavaScript
Symbol
JavaScript (with scope)
32-bit integer
Timestamp
64-bit integer
Min key
Max key

Number
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
-1
127

Alias
“double”
“string”
“object”
“array”
“binData”
“undefined”
“objectId”
“bool”
“date”
“null”
“regex”
“dbPointer”
“javascript”
“symbol”
“javascriptWithScope”
“int”
“timestamp”
“long”
“minKey”
“maxKey”

Notes

Deprecated.

To determine a field’s type, see Check Types in the mongo Shell (page 89).
If you convert BSON to JSON, see the Extended JSON (page 16) reference.
Comparison/Sort Order

When comparing values of different BSON types, MongoDB uses the following comparison order, from lowest to
highest:
1. MinKey (internal type)
2. Null
3. Numbers (ints, longs, doubles)
4. Symbol, String
5. Object
6. Array
7. BinData
8. ObjectId
9. Boolean
10. Date
11. Timestamp
12. Regular Expression
13. MaxKey (internal type)
MongoDB treats some types as equivalent for comparison purposes. For instance, numeric types undergo conversion
before comparison.
Changed in version 3.0.0: Date objects sort before Timestamp objects. Previously Date and Timestamp objects sorted
together.
1.2. Key Features

MongoDB Documentation, Release 3.2.5

The comparison treats a non-existent field as it would an empty BSON Object. As such, a sort on the a field in
documents { } and { a: null } would treat the documents as equivalent in sort order.
With arrays, a less-than comparison or an ascending sort compares the smallest element of arrays, and a greater-than
comparison or a descending sort compares the largest element of the arrays. As such, when comparing a field whose
value is a single-element array (e.g. [ 1 ]) with non-array fields (e.g. 2), the comparison is between 1 and 2. A
comparison of an empty array (e.g. [ ]) treats the empty array as less than null or a missing field.
MongoDB sorts BinData in the following order:
1. First, the length or size of the data.
2. Then, by the BSON one-byte subtype.
3. Finally, by the data, performing a byte-by-byte comparison.
The following sections describe special considerations for particular BSON types.
ObjectId

ObjectIds are small, likely unique, fast to generate, and ordered. ObjectId values consists of 12-bytes, where the first
four bytes are a timestamp that reflect the ObjectId’s creation, specifically:
• a 4-byte value representing the seconds since the Unix epoch,
• a 3-byte machine identifier,
• a 2-byte process id, and
• a 3-byte counter, starting with a random value.
In MongoDB, documents stored in a collection require a unique _id field that acts as a primary key. If the _id field is
unspecified in documents, MongoDB uses ObjectIds as the default value for the _id field; i.e. if a document does not
contain a top-level _id field, the MongoDB driver adds the _id field that holds an ObjectId.
In addition, if the mongod receives a document to insert that does not contain an _id field, mongod will add the
_id field that holds an ObjectId.
MongoDB clients should add an _id field with a unique ObjectId. Using ObjectIds for the _id field provides the
following additional benefits:
• in the mongo shell, you can access
ObjectId.getTimestamp() method.

the

creation

time

the

ObjectId,

using

the

• sorting on an _id field that stores ObjectId values is roughly equivalent to sorting by creation time.
Important: The relationship between the order of ObjectId values and generation time is not strict within a
single second. If multiple systems, or multiple processes or threads on a single system generate values, within a
single second; ObjectId values do not represent a strict insertion order. Clock skew between clients can also
result in non-strict ordering even for values because client drivers generate ObjectId values.
See also:
ObjectId()
String

BSON strings are UTF-8. In general, drivers for each programming language convert from the language’s string format
to UTF-8 when serializing and deserializing BSON. This makes it possible to store most international characters in

Chapter 1. Introduction to MongoDB

MongoDB Documentation, Release 3.2.5

BSON strings with ease.

In addition, MongoDB $regex queries support UTF-8 in the regex string.

Timestamps

BSON has a special timestamp type for internal MongoDB use and is not associated with the regular Date (page 15)
type. Timestamp values are a 64 bit value where:
• the first 32 bits are a time_t value (seconds since the Unix epoch)
• the second 32 bits are an incrementing ordinal for operations within a given second.
Within a single mongod instance, timestamp values are always unique.
In replication, the oplog has a ts field. The values in this field reflect the operation time, which uses a BSON
timestamp value.
Note: The BSON timestamp type is for internal MongoDB use. For most cases, in application development, you will
want to use the BSON date type. See Date (page 15) for more information.
If you insert a document containing an empty BSON timestamp in a top-level field, the MongoDB server will replace
that empty timestamp with the current timestamp value. For example, if you create an insert a document with a
timestamp value, as in the following operation:
var a = new Timestamp();
db.test.insert( { ts: a } );

Then, the db.test.find() operation will return a document that resembles the following:
{ "_id" : ObjectId("542c2b97bac0595474108b48"), "ts" : Timestamp(1412180887, 1) }

If ts were a field in an embedded document, the server would have left it as an empty timestamp value.
Changed in version 2.6: Previously, the server would only replace empty timestamp values in the first two fields,
including _id, of an inserted document. Now MongoDB will replace any top-level field.
Date

BSON Date is a 64-bit integer that represents the number of milliseconds since the Unix epoch (Jan 1, 1970). This
results in a representable date range of about 290 million years into the past and future.
The official BSON specification6 refers to the BSON Date type as the UTC datetime.
BSON Date type is signed.

Negative values represent dates before 1970.

Example
Construct a Date using the new Date() constructor in the mongo shell:
var mydate1 = new Date()
5 Given strings using UTF-8 character sets, using sort() on strings will be reasonably correct. However, because internally sort() uses the
C++ strcmp api, the sort order may handle some characters incorrectly.
6 http://bsonspec.org/#/specification
7 Prior to version 2.0, Date values were incorrectly interpreted as unsigned integers, which affected sorts, range queries, and indexes on Date
fields. Because indexes are not recreated when upgrading, please re-index if you created an index on Date values with an earlier version, and dates
before 1970 are relevant to your application.

1.2. Key Features

MongoDB Documentation, Release 3.2.5

Example
Construct a Date using the ISODate() constructor in the mongo shell:
var mydate2 = ISODate()

Example
Return the Date value as string:
mydate1.toString()

Example
Return the month portion of the Date value; months are zero-indexed, so that January is month 0:
mydate1.getMonth()

MongoDB Extended JSON

On this page
• Parsers and Supported Format (page 16)
• BSON Data Types and Associated Representations (page 17)
JSON can only represent a subset of the types supported by BSON. To preserve type information, MongoDB adds the
following extensions to the JSON format:
• Strict mode. Strict mode representations of BSON types conform to the JSON RFC8 . Any JSON parser can
parse these strict mode representations as key/value pairs; however, only the MongoDB internal JSON parser
recognizes the type information conveyed by the format.
• mongo Shell mode. The MongoDB internal JSON parser and the mongo shell can parse this mode.
The representation used for the various data types depends on the context in which the JSON is parsed.
Parsers and Supported Format

Input in Strict Mode The following can parse representations in strict mode with recognition of the type information.
• REST Interfaces9
• mongoimport
• --query option of various MongoDB tools
Other JSON parsers, including mongo shell and db.eval(), can parse strict mode representations as key/value
pairs, but without recognition of the type information.
8 http://www.json.org
9 https://docs.mongodb.org/ecosystem/tools/http-interfaces

Chapter 1. Introduction to MongoDB

MongoDB Documentation, Release 3.2.5

Input in mongo Shell Mode The following can parse representations in mongo shell mode with recognition of the
type information.
• REST Interfaces10
• mongoimport
• --query option of various MongoDB tools
• mongo shell
Output in Strict mode mongoexport and REST and HTTP Interfaces11 output data in Strict mode.
Output in mongo Shell Mode bsondump outputs in mongo Shell mode.
BSON Data Types and Associated Representations

The following presents the BSON data types and the associated representations in Strict mode and mongo Shell mode.
Binary
data_binary
Strict Mode
{ "$binary": "", "$type": "" }

mongo Shell Mode
BinData ( , )

• is the base64 representation of a binary string.
• is a representation of a single byte indicating the data type. In Strict mode it is a hexadecimal string, and in
Shell mode it is an integer. See the extended bson documentation. http://bsonspec.org/spec.html
Date
data_date
Strict Mode
{ "$date": "" }

mongo Shell Mode
new Date ( )

In Strict mode, is an ISO-8601 date format with a mandatory time zone field following the template
YYYY-MM-DDTHH:mm:ss.mmm<+/-Offset>.
The MongoDB JSON parser currently does not support loading ISO-8601 strings representing dates prior to the
Unix epoch. When formatting pre-epoch dates and dates past what your system’s time_t type can hold, the
following format is used:
{ "$date" : { "$numberLong" : "" } }

In Shell mode, is the JSON representation of a 64-bit signed integer giving the number of milliseconds
since epoch UTC.
10 https://docs.mongodb.org/ecosystem/tools/http-interfaces
11 https://docs.mongodb.org/ecosystem/tools/http-interfaces

1.2. Key Features

MongoDB Documentation, Release 3.2.5

Timestamp
data_timestamp
Strict Mode
{ "$timestamp": { "t": , "i": } }

mongo Shell Mode
Timestamp( , )

• is the JSON representation of a 32-bit unsigned integer for seconds since epoch.
• is a 32-bit unsigned integer for the increment.
Regular Expression
data_regex
Strict Mode

mongo Shell Mode

{ "$regex": "", "$options": "" } //
• is a string of valid JSON characters.
• is a string that may contain valid JSON characters and unescaped double quote (") characters, but
may not contain unescaped forward slash (https://docs.mongodb.org/manual/) characters.
• is a string containing the regex options represented by the letters of the alphabet.
• is a string that may contain only the characters ‘g’, ‘i’, ‘m’ and ‘s’ (added in v1.9). Because
the JavaScript and mongo Shell representations support a limited range of options, any nonconforming
options will be dropped when converting to this representation.
OID
data_oid
Strict Mode
{ "$oid": "" }

mongo Shell Mode
ObjectId( "" )

is a 24-character hexadecimal string.
DB Reference
data_ref
Strict Mode
{ "$ref": "", "$id": "" }

mongo Shell Mode
DBRef("", "")

• is a string of valid JSON characters.
• is any valid extended JSON type.
Undefined Type
data_undefined
Strict Mode
{ "$undefined": true }

mongo Shell Mode
undefined

Chapter 1. Introduction to MongoDB

MongoDB Documentation, Release 3.2.5

The representation for the JavaScript/BSON undefined type.
You cannot use undefined in query documents. Consider the following document inserted into the people
collection:
db.people.insert( { name : "Sally", age : undefined } )

The following queries return an error:
db.people.find( { age : undefined } )
db.people.find( { age : { $gte : undefined } } )

However, you can query for undefined values using $type, as in:
db.people.find( { age : { $type : 6 } } )

This query returns all documents for which the age field has value undefined.
MinKey
data_minkey
Strict Mode
{ "$minKey": 1 }

mongo Shell Mode
MinKey

The representation of the MinKey BSON data type that compares lower than all other types. See Comparison/Sort Order (page 13) for more information on comparison order for BSON types.
MaxKey
data_maxkey
Strict Mode
{ "$maxKey": 1 }

mongo Shell Mode
MaxKey

The representation of the MaxKey BSON data type that compares higher than all other types. See Comparison/Sort Order (page 13) for more information on comparison order for BSON types.
NumberLong New in version 2.6.
data_numberlong
Strict Mode
{ "$numberLong": "" }

mongo Shell Mode
NumberLong( "" )

NumberLong is a 64 bit signed integer. You must include quotation marks or it will be interpreted as a floating
point number, resulting in a loss of accuracy.
For example, the following commands insert 9223372036854775807 as a NumberLong with and without
quotation marks around the integer value:
db.json.insert( { longQuoted : NumberLong("9223372036854775807") } )
db.json.insert( { longUnQuoted : NumberLong(9223372036854775807) } )

When you retrieve the documents, the value of longUnquoted has changed, while longQuoted retains its
accuracy:

1.2. Key Features

MongoDB Documentation, Release 3.2.5

db.json.find()
{ "_id" : ObjectId("54ee1f2d33335326d70987df"), "longQuoted" : NumberLong("9223372036854775807")
{ "_id" : ObjectId("54ee1f7433335326d70987e0"), "longUnquoted" : NumberLong("-922337203685477580

Chapter 1. Introduction to MongoDB

CHAPTER 2

Install MongoDB

On this page
•
•
•
•

Supported Platforms (page 21)
Deprecation of 32-bit Versions (page 21)
Tutorials (page 22)
Additional Resources (page 75)

This section of the manual contains tutorials on installation of MongoDB.

2.1 Supported Platforms
Platform
Amazon Linux
Debian 7
Fedora 8+
RHEL/CentOS 6.2+
RHEL/CentOS 7.0+
SLES 11
SLES 12
Solaris 64-bit
Ubuntu 12.04
Ubuntu 14.04
Microsoft Azure
Windows Vista/Server 2008R2/2012+
OSX 10.7+

3.2
Y
Y

3.0
Y
Y
Y
Y
Y

2.6
Y
Y
Y
Y
Y
Y

2.4
Y
Y
Y
Y

2.2
Y
Y
Y
Y

Y
Y
Y
Y
Y
Y
Y
Y
Y
Y

Y
Y
Y
Y
Y
Y

Y
Y

Y
Y
Y

Y
Y

2.2 Deprecation of 32-bit Versions
Changed in version 3.2: Starting in MongoDB 3.2, 32-bit binaries are deprecated and will be unavailable in future
releases.
Changed in version 3.0: Commercial support is no longer provided for MongoDB on 32-bit platforms (Linux and
Windows). See Platform Support (page 952).
In addition, the 32-bit versions of MongoDB have the following limitations:

MongoDB Documentation, Release 3.2.5

• 32-bit versions of MongoDB do not support the WiredTiger storage engine.
• 32-bit builds disable journaling by default because journaling further limits the maximum amount of data that
the database can store.
• When running a 32-bit build of MongoDB, the total storage size for the server, including data and indexes, is 2
gigabytes. For this reason, do not deploy MongoDB to production on 32-bit machines.
If you’re running a 64-bit build of MongoDB, there’s virtually no limit to storage size. For production deployments,
64-bit builds and operating systems are strongly recommended.
See also:
Blog Post: 32-bit Limitations1

2.3 Tutorials
2.3.1 MongoDB Community Edition
Install on Linux (page 22) Install MongoDB Community Edition and required dependencies on Linux.
Install on OS X (page 42) Install MongoDB Community Edition on OS X systems from Homebrew packages or from
MongoDB archives.
Install on Windows (page 44) Install MongoDB Community Edition on Windows systems and optionally start MongoDB as a Windows service.

2.3.2 MongoDB Enterprise
Install on Linux (page 50) Install the official builds of MongoDB Enterprise on Linux-based systems.
Install on OS X (page 68) Install the official build of MongoDB Enterprise on OS X
Install on Windows (page 69) Install MongoDB Enterprise on Windows using the .msi installer.
Install MongoDB Community Edition
These documents provide instructions to install MongoDB Community Edition.
Install on Linux (page 22) Install MongoDB Community Edition and required dependencies on Linux.
Install on OS X (page 42) Install MongoDB Community Edition on OS X systems from Homebrew packages or from
MongoDB archives.
Install on Windows (page 44) Install MongoDB Community Edition on Windows systems and optionally start MongoDB as a Windows service.
Install MongoDB Community Edition on Linux

On this page
• Recommended (page 23)
• Manual Installation (page 23)
1 http://blog.mongodb.org/post/137788967/32-bit-limitations

Chapter 2. Install MongoDB

MongoDB Documentation, Release 3.2.5

These documents provide instructions to install MongoDB Community Edition for various Linux systems.
Note: Starting in MongoDB 3.2, 32-bit binaries are deprecated and will be unavailable in future releases.

Recommended For the best installation experience, MongoDB provides packages for popular Linux distributions.
These packages, which support specific platforms and provide improved performance and TLS/SSL support, are the
preferred way to run MongoDB. The following guides detail the installation process for these systems:
Install on Red Hat (page 23) Install MongoDB Community Edition on Red Hat Enterprise and related Linux systems
using .rpm packages.
Install on SUSE (page 27) Install MongoDB Community Edition on SUSE Linux systems using .rpm packages.
Install on Amazon (page 30) Install MongoDB Community Edition on Amazon Linux AMI systems using .rpm
packages.
Install on Ubuntu (page 33) Install MongoDB Community Edition on Ubuntu Linux systems using .deb packages.
Install on Debian (page 36) Install MongoDB Community Edition on Debian systems using .deb packages.
For systems without supported packages, refer to the Manual Installation tutorial.
Manual Installation For Linux systems without supported packages, MongoDB provides a generic Linux release.
These versions of MongoDB don’t include TLS/SSL, and may not perform as well as the targeted packages, but are
compatible on most contemporary Linux systems. See the following guides for installation:
Install From Tarball (page 39) Install MongoDB Community Edition on other Linux systems from MongoDB
archives.

Install
MongoDB
On this page
•
•
•
•
•
•

Community

Edition

Red

Hat

Enterprise

CentOS

Linux

Overview (page 23)
Packages (page 23)
Init Scripts (page 24)
Install MongoDB Community Edition (page 24)
Run MongoDB Community Edition (page 25)
Uninstall MongoDB Community Edition (page 27)

Overview Use this tutorial to install MongoDB Community Edition on Red Hat Enterprise Linux or CentOS Linux
versions 6 and 7 using .rpm packages. While some of these distributions include their own MongoDB packages, the
official MongoDB Community Edition packages are generally more up to date.
Platform Support
This installation guide only supports 64-bit systems. See Platform Support (page 952) for details.
MongoDB 3.2 deprecates support for Red Hat Enterprise Linux 5.

Packages MongoDB provides officially supported packages in their own repository. This repository contains the
following packages:

2.3. Tutorials

MongoDB Documentation, Release 3.2.5

mongodb-org A metapackage that will automatically install the four component packages listed below.
mongodb-org-server
Contains the mongod daemon and associated configuration and init scripts.
mongodb-org-mongos
Contains the mongos daemon.
mongodb-org-shell
Contains the mongo shell.
mongodb-org-tools
Contains the following MongoDB tools: mongoimport bsondump, mongodump,
mongoexport, mongofiles, mongooplog, mongoperf, mongorestore,
mongostat, and mongotop.
The default /etc/mongod.conf configuration file supplied by the packages have bind_ip set to 127.0.0.1
by default. Modify this setting as needed for your environment before initializing a replica set.
Init Scripts The mongodb-org package includes various init scripts, including the init script
/etc/rc.d/init.d/mongod. You can use these scripts to stop, start, and restart daemon processes.
The package configures MongoDB using the /etc/mongod.conf file in conjunction with the init scripts. See the
Configuration File reference for documentation of settings available in the configuration file.
As of version 3.2.5, there are no init scripts for mongos. The mongos process is used only in sharding (page 739).
You can use the mongod init script to derive your own mongos init script for use in such environments. See the
mongos reference for configuration details.
The default /etc/mongod.conf configuration file supplied by the packages have bind_ip set to 127.0.0.1
by default. Modify this setting as needed for your environment before initializing a replica set.
Install MongoDB Community Edition
Note: To install a version of MongoDB prior to 3.2, please refer to that version’s documentation. For example, see
version 3.02 .
This installation guide only supports 64-bit systems. See Platform Support (page 952) for details.
Step
1:
Configure
the
package
management
system
(yum). Create
a
/etc/yum.repos.d/mongodb-org-3.2.repo file so that you can install MongoDB directly, using
yum.
Changed in version 3.0: MongoDB Linux packages are in a new repository beginning with 3.0.
For the latest stable release of MongoDB Use the following repository file:
[mongodb-org-3.2]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/3.2/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-3.2.asc

For versions of MongoDB earlier than 3.0 To install the packages from an earlier release series (page 1070), such
as 2.4 or 2.6, you can specify the release series in the repository configuration. For example, to restrict your system
to the 2.6 release series, create a /etc/yum.repos.d/mongodb-org-2.6.repo file to hold the following
configuration information for the MongoDB 2.6 repository:
[mongodb-org-2.6]
name=MongoDB 2.6 Repository
baseurl=http://downloads-distro.mongodb.org/repo/redhat/os/x86_64/
2 https://docs.mongodb.org/v3.0/tutorial/install-mongodb-on-red-hat/

Chapter 2. Install MongoDB

MongoDB Documentation, Release 3.2.5

gpgcheck=0
enabled=1

You can find .repo files for each release in the repository itself3 . Remember that odd-numbered minor release
versions (e.g. 2.5) are development versions and are unsuitable for production use.
Step 2: Install the MongoDB packages and associated tools. When you install the packages, you choose whether
to install the current release or a previous one. This step provides the commands for both.
To install the latest stable version of MongoDB, issue the following command:
sudo yum install -y mongodb-org

To install a specific release of MongoDB, specify each component package individually and append the version number
to the package name, as in the following example:

sudo yum install -y mongodb-org-3.2.5 mongodb-org-server-3.2.5 mongodb-org-shell-3.2.5 mongodb-org-mo

You can specify any available version of MongoDB. However yum will upgrade the packages when a newer version
becomes available. To prevent unintended upgrades, pin the package. To pin a package, add the following exclude
directive to your /etc/yum.conf file:
exclude=mongodb-org,mongodb-org-server,mongodb-org-shell,mongodb-org-mongos,mongodb-org-tools

Run MongoDB Community Edition
Prerequisites
Configure SELinux
Important: You must configure SELinux to allow MongoDB to start on Red Hat Linux-based systems (Red Hat
Enterprise Linux or CentOS Linux).
To configure SELinux, administrators have three options:
Note: All three options require root privileges. The first two options each requires a system reboot and may have
larger implications for your deployment.
• Disable SELinux entirely by changing the SELINUX setting to disabled in /etc/selinux/config.
SELINUX=disabled

• Set SELinux to permissive mode in /etc/selinux/config by changing the SELINUX setting to
permissive .
SELINUX=permissive

Note: You can use setenforce to change to permissive mode; this method does not require a reboot but is
not persistent.
• Enable access to the relevant ports (e.g.
27017) for SELinux if in enforcing mode.
See
https://docs.mongodb.org/manual/reference/default-mongodb-port for more information on MongoDB’s default ports. For default settings, this can be accomplished by running
3 https://repo.mongodb.org/yum/redhat/

2.3. Tutorials

MongoDB Documentation, Release 3.2.5

semanage port -a -t mongod_port_t -p tcp 27017

Warning: On RHEL 7.0, if you change the data path, the default SELinux policies will prevent mongod
from having write access on the new data path if you do not change the security context.
You may alternatively choose not to install the SELinux packages when you are installing your Linux operating system,
or choose to remove the relevant packages. This option is the most invasive and is not recommended.

Data Directories and Permissions

Warning: On RHEL 7.0, if you change the data path, the default SELinux policies will preve
having write access on the new data path if you do not change the security context.

The MongoDB instance stores its data files in /var/lib/mongo and its log files in /var/log/mongodb
by default, and runs using the mongod user account. You can specify alternate log and data file directories in
/etc/mongod.conf. See systemLog.path and storage.dbPath for additional information.
If you change the user that runs the MongoDB process, you must modify the access control rights to the
/var/lib/mongo and /var/log/mongodb directories to give this user access to these directories.
Procedure
Step 1: Start MongoDB. You can start the mongod process by issuing the following command:
sudo service mongod start

Step 2: Verify that MongoDB has started successfully You can verify that the mongod process has started successfully by checking the contents of the log file at /var/log/mongodb/mongod.log for a line reading
[initandlisten] waiting for connections on port

where is the port configured in /etc/mongod.conf, 27017 by default.
You can optionally ensure that MongoDB will start following a system reboot by issuing the following command:
sudo chkconfig mongod on

Step 3: Stop MongoDB. As needed, you can stop the mongod process by issuing the following command:
sudo service mongod stop

Step 4: Restart MongoDB. You can restart the mongod process by issuing the following command:
sudo service mongod restart

Chapter 2. Install MongoDB

MongoDB Documentation, Release 3.2.5

Uninstall MongoDB Community Edition To completely remove MongoDB from a system, you must remove the
MongoDB applications themselves, the configuration files, and any directories containing data and logs. The following
section guides you through the necessary steps.
Warning: This process will completely remove MongoDB, its configuration, and all databases. This process is
not reversible, so ensure that all of your configuration and data is backed up before proceeding.

Step 1: Stop MongoDB. Stop the mongod process by issuing the following command:
sudo service mongod stop

Step 2: Remove Packages. Remove any MongoDB packages that you had previously installed.
sudo yum erase $(rpm -qa | grep mongodb-org)

Step 3: Remove Data Directories. Remove MongoDB databases and log files.
sudo rm -r /var/log/mongodb
sudo rm -r /var/lib/mongo

On this page

Install MongoDB Community Edition on SUSE

•
•
•
•
•
•

Overview (page 27)
Packages (page 27)
Init Scripts (page 28)
Install MongoDB Community Edition (page 28)
Run MongoDB Community Edition (page 29)
Uninstall MongoDB Community Edition (page 30)

Overview Use this tutorial to install MongoDB Community Edition on SUSE Linux from .rpm packages. While
SUSE distributions include their own MongoDB Community Edition packages, the official MongoDB Community
Edition packages are generally more up to date.
Platform Support
This installation guide only supports 64-bit systems. See Platform Support (page 952) for details.

2.3. Tutorials

MongoDB Documentation, Release 3.2.5

These packages conflict with the mongodb, mongodb-server, and mongodb-clients packages provided by
Ubuntu.
The default /etc/mongod.conf configuration file supplied by the packages have bind_ip set to 127.0.0.1
by default. Modify this setting as needed for your environment before initializing a replica set.
Init Scripts The mongodb-org package includes various init scripts, including the init script
/etc/rc.d/init.d/mongod. You can use these scripts to stop, start, and restart daemon processes.
The package configures MongoDB using the /etc/mongod.conf file in conjunction with the init scripts. See the
Configuration File reference for documentation of settings available in the configuration file.
As of version 3.2.5, there are no init scripts for mongos. The mongos process is used only in sharding (page 739).
You can use the mongod init script to derive your own mongos init script for use in such environments. See the
mongos reference for configuration details.
Note: SUSE Linux Enterprise Server and potentially other SUSE distributions ship with virtual memory address
space limited to 8 GB by default. You must adjust this in order to prevent virtual memory allocation failures as the
database grows.
The SLES packages for MongoDB adjust these limits in the default scripts, but you will need to make this change
manually if you are using custom scripts and/or the tarball release rather than the SLES packages.

Install MongoDB Community Edition
Note: To install a version of MongoDB prior to 3.2, please refer to that version’s documentation. For example, see
version 3.04 .
This installation guide only supports 64-bit systems. See Platform Support (page 952) for details.
Step 1: Configure the package management system (zypper). Add the repository so that you can install MongoDB using zypper.
Changed in version 3.0: MongoDB Linux packages are in a new repository beginning with 3.0.
For the latest stable release of MongoDB Use the following command:

sudo zypper addrepo --no-gpgcheck https://repo.mongodb.org/zypper/suse/$(sed -rn 's/VERSION=.*([0-9]{

For versions of MongoDB earlier than 3.2 To install MongoDB packages from a previous release series
(page 1070), such as 3.0, you can specify the release series in the repository configuration. For example, to restrict
your SUSE 11 system to the 3.0 release series, use the following command:

sudo zypper addrepo --no-gpgcheck https://repo.mongodb.org/zypper/suse/11/mongodb-org/3.0/x86_64/ mon

Step 2: Install the MongoDB packages and associated tools. When you install the packages, you choose whether
to install the current release or a previous one. This step provides the commands for both.
To install the latest stable version of MongoDB, issue the following command:
sudo zypper -n install mongodb-org
4 https://docs.mongodb.org/v3.0/tutorial/install-mongodb-on-suse/

Chapter 2. Install MongoDB

MongoDB Documentation, Release 3.2.5

To install a specific release of MongoDB, specify each component package individually and append the version number
to the package name, as in the following example:

sudo zypper install mongodb-org-3.2.5 mongodb-org-server-3.2.5 mongodb-org-shell-3.2.5 mongodb-org-mo

You can specify any available version of MongoDB. However zypper will upgrade the packages when a newer
version becomes available. To prevent unintended upgrades, pin the packages by running the following command:

sudo zypper addlock mongodb-org-3.2.5 mongodb-org-server-3.2.5 mongodb-org-shell-3.2.5 mongodb-org-mo

Previous versions of MongoDB packages use a different repository location. Refer to the version of the documentation
appropriate for your MongoDB version.
Run MongoDB Community Edition
Prerequisites The MongoDB instance stores its data files in /var/lib/mongo and its log files in
/var/log/mongodb by default, and runs using the mongod user account. You can specify alternate log and
data file directories in /etc/mongod.conf. See systemLog.path and storage.dbPath for additional information.
If you change the user that runs the MongoDB process, you must modify the access control rights to the
/var/lib/mongo and /var/log/mongodb directories to give this user access to these directories.
Procedure
Step 1: Start MongoDB. You can start the mongod process by issuing the following command:
sudo service mongod start

Step 3: Stop MongoDB. As needed, you can stop the mongod process by issuing the following command:
sudo service mongod stop

Step 4: Restart MongoDB. You can restart the mongod process by issuing the following command:
sudo service mongod restart

You can follow the state of the process for errors or important messages by watching the output in the
/var/log/mongodb/mongod.log file.

2.3. Tutorials

MongoDB Documentation, Release 3.2.5

Step 5: Begin using MongoDB. To help you start using MongoDB, MongoDB provides Getting Started Guides in
various driver editions. See getting-started for the available editions.
Before deploying MongoDB in a production environment, consider the Production Notes (page 296) document.
Later, to stop MongoDB, press Control+C in the terminal where the mongod instance is running.
Uninstall MongoDB Community Edition To completely remove MongoDB from a system, you must remove the
MongoDB applications themselves, the configuration files, and any directories containing data and logs. The following
section guides you through the necessary steps.
Warning: This process will completely remove MongoDB, its configuration, and all databases. This process is
not reversible, so ensure that all of your configuration and data is backed up before proceeding.

Step 1: Stop MongoDB. Stop the mongod process by issuing the following command:
sudo service mongod stop

Step 2: Remove Packages. Remove any MongoDB packages that you had previously installed.
sudo zypper remove $(rpm -qa | grep mongodb-org)

Step 3: Remove Data Directories. Remove MongoDB databases and log files.
sudo rm -r /var/log/mongodb
sudo rm -r /var/lib/mongo

On this page

Install MongoDB Community Edition on Amazon Linux

•
•
•
•
•
•

Overview (page 30)
Packages (page 30)
Init Scripts (page 31)
Install MongoDB Community Edition (page 31)
Run MongoDB Community Edition (page 32)
Uninstall MongoDB Community Edition (page 33)

Overview Use this tutorial to install MongoDB Community Edition on Amazon Linux from .rpm packages.
This installation guide only supports 64-bit systems. See Platform Support (page 952) for details.
Packages MongoDB provides officially supported packages in their own repository. This repository contains the
following packages:
mongodb-org A metapackage that will automatically install the four component packages listed below.
mongodb-org-server
Contains the mongod daemon and associated configuration and init scripts.
mongodb-org-mongos
Contains the mongos daemon.
mongodb-org-shell
Contains the mongo shell.
mongodb-org-tools
Contains the following MongoDB tools: mongoimport bsondump, mongodump,
mongoexport, mongofiles, mongooplog, mongoperf, mongorestore,
mongostat, and mongotop.
30

Chapter 2. Install MongoDB

MongoDB Documentation, Release 3.2.5

The default /etc/mongod.conf configuration file supplied by the packages have bind_ip set to 127.0.0.1
by default. Modify this setting as needed for your environment before initializing a replica set.
Init Scripts The mongodb-org package includes various init scripts, including the init script
/etc/rc.d/init.d/mongod. You can use these scripts to stop, start, and restart daemon processes.
The package configures MongoDB using the /etc/mongod.conf file in conjunction with the init scripts. See the
Configuration File reference for documentation of settings available in the configuration file.
As of version 3.2.5, there are no init scripts for mongos. The mongos process is used only in sharding (page 739).
You can use the mongod init script to derive your own mongos init script for use in such environments. See the
mongos reference for configuration details.
Install MongoDB Community Edition
Note: To install a version of MongoDB prior to 3.2, please refer to that version’s documentation. For example, see
version 3.05 .
This installation guide only supports 64-bit systems. See Platform Support (page 952) for details.
Step
1:
Configure
the
package
management
system
(yum). Create
a
/etc/yum.repos.d/mongodb-org-3.2.repo file so that you can install MongoDB directly, using
yum.
Changed in version 3.0: MongoDB Linux packages are in a new repository beginning with 3.0.
For the latest stable release of MongoDB Use the following repository file:
[mongodb-org-3.2]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/amazon/2013.03/mongodb-org/3.2/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-3.2.asc

You can find .repo files for each release in the repository itself6 . Remember that odd-numbered minor release
versions (e.g. 2.5) are development versions and are unsuitable for production use.
5 https://docs.mongodb.org/v3.0/tutorial/install-mongodb-on-amazon/
6 https://repo.mongodb.org/yum/amazon/

2.3. Tutorials

MongoDB Documentation, Release 3.2.5

To install a specific release of MongoDB, specify each component package individually and append the version number
to the package name, as in the following example:

sudo yum install -y mongodb-org-3.2.5 mongodb-org-server-3.2.5 mongodb-org-shell-3.2.5 mongodb-org-mo

Run MongoDB Community Edition The MongoDB instance stores its data files in /var/lib/mongo and its
log files in /var/log/mongodb by default, and runs using the mongod user account. You can specify alternate log
and data file directories in /etc/mongod.conf. See systemLog.path and storage.dbPath for additional
information.
If you change the user that runs the MongoDB process, you must modify the access control rights to the
/var/lib/mongo and /var/log/mongodb directories to give this user access to these directories.
Step 1: Start MongoDB. You can start the mongod process by issuing the following command:
sudo service mongod start

Step 3: Stop MongoDB. As needed, you can stop the mongod process by issuing the following command:
sudo service mongod stop

Step 4: Restart MongoDB. You can restart the mongod process by issuing the following command:
sudo service mongod restart

You can follow the state of the process for errors or important messages by watching the output in the
/var/log/mongodb/mongod.log file.

Chapter 2. Install MongoDB

MongoDB Documentation, Release 3.2.5

Step 1: Stop MongoDB. Stop the mongod process by issuing the following command:
sudo service mongod stop

Step 2: Remove Packages. Remove any MongoDB packages that you had previously installed.
sudo yum erase $(rpm -qa | grep mongodb-org)

Step 3: Remove Data Directories. Remove MongoDB databases and log files.
sudo rm -r /var/log/mongodb
sudo rm -r /var/lib/mongo

On this page

Install MongoDB Community Edition on Ubuntu

•
•
•
•
•
•

Overview (page 33)
Packages (page 34)
Init Scripts (page 34)
Install MongoDB Community Edition (page 34)
Run MongoDB Community Edition (page 35)
Uninstall MongoDB Community Edition (page 36)

Overview Use this tutorial to install MongoDB Community Edition on LTS Ubuntu Linux systems from .deb
packages. While Ubuntu includes its own MongoDB packages, the official MongoDB Community Edition packages
are generally more up-to-date.
Platform Support
MongoDB only provides packages for 64-bit long-term support Ubuntu releases. Currently, this means 12.04 LTS
(Precise Pangolin) and 14.04 LTS (Trusty Tahr). While the packages may work with other Ubuntu releases, this is not
a supported configuration.

2.3. Tutorials

MongoDB Documentation, Release 3.2.5

Packages MongoDB provides officially supported packages in their own repository. This repository contains the
following packages:
mongodb-org A metapackage that will automatically install the four component packages listed below.
mongodb-org-server
Contains the mongod daemon and associated configuration and init scripts.
mongodb-org-mongos
Contains the mongos daemon.
mongodb-org-shell
Contains the mongo shell.
mongodb-org-tools
Contains the following MongoDB tools: mongoimport bsondump, mongodump,
mongoexport, mongofiles, mongooplog, mongoperf, mongorestore,
mongostat, and mongotop.
These packages conflict with the mongodb, mongodb-server, and mongodb-clients packages provided by
Ubuntu.
The default /etc/mongod.conf configuration file supplied by the packages have bind_ip set to 127.0.0.1
by default. Modify this setting as needed for your environment before initializing a replica set.
Init Scripts The mongodb-org package includes various init scripts, including the init script
/etc/init.d/mongod. You can use these scripts to stop, start, and restart daemon processes.
The package configures MongoDB using the /etc/mongod.conf file in conjunction with the init scripts. See the
Configuration File reference for documentation of settings available in the configuration file.
As of version 3.2.5, there are no init scripts for mongos. The mongos process is used only in sharding (page 739).
You can use the mongod init script to derive your own mongos init script for use in such environments. See the
mongos reference for configuration details.
Install MongoDB Community Edition
Note: To install a version of MongoDB prior to 3.2, please refer to that version’s documentation. For example, see
version 3.07 .
MongoDB only provides packages for 64-bit long-term support Ubuntu releases. Currently, this means 12.04 LTS
(Precise Pangolin) and 14.04 LTS (Trusty Tahr). While the packages may work with other Ubuntu releases, this is not
a supported configuration.
Step 1: Import the public key used by the package management system. The Ubuntu package management tools
(i.e. dpkg and apt) ensure package consistency and authenticity by requiring that distributors sign packages with
GPG keys. Issue the following command to import the MongoDB public GPG Key8 :
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv EA312927

Step 2: Create a list file for MongoDB. Create the /etc/apt/sources.list.d/mongodb-org-3.2.list
list file using the command appropriate for your version of Ubuntu:
Ubuntu 12.04

echo "deb http://repo.mongodb.org/apt/ubuntu precise/mongodb-org/3.2 multiverse" | sudo tee /etc/apt/

Ubuntu 14.04

echo "deb http://repo.mongodb.org/apt/ubuntu trusty/mongodb-org/3.2 multiverse" | sudo tee /etc/apt/s
7 https://docs.mongodb.org/v3.0/tutorial/install-mongodb-on-ubuntu/
8 https://www.mongodb.org/static/pgp/server-3.2.asc

Chapter 2. Install MongoDB

MongoDB Documentation, Release 3.2.5

Step 3: Reload local package database. Issue the following command to reload the local package database:
sudo apt-get update

Step 4: Install the MongoDB packages. You can install either the latest stable version of MongoDB or a specific
version of MongoDB.
Install the latest stable version of MongoDB. Issue the following command:
sudo apt-get install -y mongodb-org

Install a specific release of MongoDB. To install a specific release, you must specify each component package
individually along with the version number, as in the following example:

sudo apt-get install -y mongodb-org=3.2.5 mongodb-org-server=3.2.5 mongodb-org-shell=3.2.5 mongodb-or

If you only install mongodb-org=3.2.5 and do not include the component packages, the latest version of each
MongoDB package will be installed regardless of what version you specified.
Pin a specific version of MongoDB. Although you can specify any available version of MongoDB, apt-get will
upgrade the packages when a newer version becomes available. To prevent unintended upgrades, pin the package. To
pin the version of MongoDB at the currently installed version, issue the following command sequence:
echo
echo
echo
echo
echo

"mongodb-org hold" | sudo dpkg --set-selections
"mongodb-org-server hold" | sudo dpkg --set-selections
"mongodb-org-shell hold" | sudo dpkg --set-selections
"mongodb-org-mongos hold" | sudo dpkg --set-selections
"mongodb-org-tools hold" | sudo dpkg --set-selections

Run MongoDB Community Edition The MongoDB instance stores its data files in /var/lib/mongodb and
its log files in /var/log/mongodb by default, and runs using the mongodb user account. You can specify alternate log and data file directories in /etc/mongod.conf. See systemLog.path and storage.dbPath for
additional information.
If you change the user that runs the MongoDB process, you must modify the access control rights to the
/var/lib/mongodb and /var/log/mongodb directories to give this user access to these directories.
Step 1: Start MongoDB. Issue the following command to start mongod:
sudo service mongod start

Step 2: Verify that MongoDB has started successfully Verify that the mongod process has started successfully
by checking the contents of the log file at /var/log/mongodb/mongod.log for a line reading
[initandlisten] waiting for connections on port

where is the port configured in /etc/mongod.conf, 27017 by default.
Step 3: Stop MongoDB. As needed, you can stop the mongod process by issuing the following command:

2.3. Tutorials

MongoDB Documentation, Release 3.2.5

sudo service mongod stop

Step 4: Restart MongoDB. Issue the following command to restart mongod:
sudo service mongod restart

Step 1: Stop MongoDB. Stop the mongod process by issuing the following command:
sudo service mongod stop

Step 2: Remove Packages. Remove any MongoDB packages that you had previously installed.
sudo apt-get purge mongodb-org*

Step 3: Remove Data Directories. Remove MongoDB databases and log files.
sudo rm -r /var/log/mongodb
sudo rm -r /var/lib/mongodb

On this page

Install MongoDB Community Edition on Debian

•
•
•
•
•
•

Overview (page 36)
Packages (page 37)
Init Scripts (page 37)
Install MongoDB Community Edition (page 37)
Run MongoDB Community Edition (page 38)
Uninstall MongoDB Community Edition (page 39)

Overview Use this tutorial to install MongoDB Community Edition from .deb packages on Debian 7 “Wheezy”.
While Debian includes its own MongoDB packages, the official MongoDB Community Edition packages are more up
to date.
MongoDB only provides packages for 64-bit Debian “Wheezy”. These packages may work with other Debian releases,
but this is not a supported configuration.
36

Chapter 2. Install MongoDB

MongoDB Documentation, Release 3.2.5

Packages MongoDB provides officially supported packages in their own repository. This repository contains the
following packages:
mongodb-org A metapackage that will automatically install the four component packages listed below.
mongodb-org-server
Contains the mongod daemon and associated configuration and init scripts.
mongodb-org-mongos
Contains the mongos daemon.
mongodb-org-shell
Contains the mongo shell.
mongodb-org-tools
Contains the following MongoDB tools: mongoimport bsondump, mongodump,
mongoexport, mongofiles, mongooplog, mongoperf, mongorestore,
mongostat, and mongotop.
These packages conflict with the mongodb, mongodb-server, and mongodb-clients packages provided by
Debian.
The default /etc/mongod.conf configuration file supplied by the packages have bind_ip set to 127.0.0.1
by default. Modify this setting as needed for your environment before initializing a replica set.
Init Scripts The mongodb-org package includes various init scripts, including the init script
/etc/init.d/mongod. You can use these scripts to stop, start, and restart daemon processes.
The package configures MongoDB using the /etc/mongod.conf file in conjunction with the init scripts. See the
Configuration File reference for documentation of settings available in the configuration file.
As of version 3.2.5, there are no init scripts for mongos. The mongos process is used only in sharding (page 739).
You can use the mongod init script to derive your own mongos init script for use in such environments. See the
mongos reference for configuration details.
Install MongoDB Community Edition
Note: To install a version of MongoDB prior to 3.2, please refer to that version’s documentation. For example, see
version 3.09 .
This installation guide only supports 64-bit systems. See Platform Support (page 952) for details.
The Debian package management tools (i.e. dpkg and apt) ensure package consistency and authenticity by requiring
that distributors sign packages with GPG keys.
Step 1: Import the public key used by the package management system. The Ubuntu package management tools
(i.e. dpkg and apt) ensure package consistency and authenticity by requiring that distributors sign packages with
GPG keys. Issue the following command to import the MongoDB public GPG Key10 :
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv EA312927

Step 2: Create a /etc/apt/sources.list.d/mongodb-org-3.2.list file for MongoDB. Create the
list file using the following command:

echo "deb http://repo.mongodb.org/apt/debian wheezy/mongodb-org/3.2 main" | sudo tee /etc/apt/sources

Currently packages are only available for Debian 7 (Wheezy).
Step 3: Reload local package database. Issue the following command to reload the local package database:
9 https://docs.mongodb.org/v3.0/tutorial/install-mongodb-on-debian/
10 https://www.mongodb.org/static/pgp/server-3.2.asc

2.3. Tutorials

MongoDB Documentation, Release 3.2.5

sudo apt-get update

Install a specific release of MongoDB. To install a specific release, you must specify each component package
individually along with the version number, as in the following example:

sudo apt-get install -y mongodb-org=3.2.5 mongodb-org-server=3.2.5 mongodb-org-shell=3.2.5 mongodb-or

where is the port configured in /etc/mongod.conf, 27017 by default.
Step 3: Stop MongoDB. As needed, you can stop the mongod process by issuing the following command:
sudo service mongod stop

Chapter 2. Install MongoDB

MongoDB Documentation, Release 3.2.5

Step 4: Restart MongoDB. Issue the following command to restart mongod:
sudo service mongod restart

Step 1: Stop MongoDB. Stop the mongod process by issuing the following command:
sudo service mongod stop

Step 2: Remove Packages. Remove any MongoDB packages that you had previously installed.
sudo apt-get purge mongodb-org*

Step 3: Remove Data Directories. Remove MongoDB databases and log files.
sudo rm -r /var/log/mongodb
sudo rm -r /var/lib/mongodb

On this page
Install MongoDB Community Edition From Tarball

• Overview (page 39)
• Install MongoDB Community Edition (page 40)
• Run MongoDB Community Edition (page 41)

Overview Compiled versions of MongoDB Community Edition for Linux provide a simple option for installing
MongoDB Community Edition for other Linux systems without supported packages.
Note: Do not use this installation method unless you have a specific need that the available Linux Packages (page 23)
do not address.

2.3. Tutorials

MongoDB Documentation, Release 3.2.5

Install MongoDB Community Edition MongoDB provides archives for both 64-bit and 32-bit (deprecated) builds
of Linux. Follow the installation procedure appropriate for your system.
Note: To install a version of MongoDB prior to 3.2, please refer to that version’s documentation. For example, see
version 3.011 .

Install for 64-bit Linux
Step 1: Download the binary files for the desired release of MongoDB.
https://www.mongodb.org/downloads.

Download the binaries from

For example, to download the latest release through the shell, issue the following:
curl -O https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-3.2.5.tgz

Step 2: Extract the files from the downloaded archive. For example, from a system shell, you can extract through
the tar command:
tar -zxvf mongodb-linux-x86_64-3.2.5.tgz

Step 3: Copy the extracted archive to the target directory. Copy the extracted folder to the location from which
MongoDB will run.
mkdir -p mongodb
cp -R -n mongodb-linux-x86_64-3.2.5/ mongodb

Step 4: Ensure the location of the binaries is in the PATH variable. The MongoDB binaries are in the bin/
directory of the archive. To ensure that the binaries are in your PATH, you can modify your PATH.
For example, you can add the following line to your shell’s rc file (e.g. ~/.bashrc):
export PATH=/bin:$PATH

Replace with the path to the extracted MongoDB archive.
Install for 32-bit Linux
Note: Starting in MongoDB 3.2, 32-bit binaries are deprecated and will be unavailable in future releases.

Step 1: Download the binary files for the desired release of MongoDB.
https://www.mongodb.org/downloads.

Download the binaries from

For example, to download the latest release through the shell, issue the following:
curl -O https://fastdl.mongodb.org/linux/mongodb-linux-i686-3.2.5.tgz

Step 2: Extract the files from the downloaded archive. For example, from a system shell, you can extract through
the tar command:
11 https://docs.mongodb.org/v3.0/tutorial/install-mongodb-on-linux/

Chapter 2. Install MongoDB

MongoDB Documentation, Release 3.2.5

tar -zxvf mongodb-linux-i686-3.2.5.tgz

Step 3: Copy the extracted archive to the target directory. Copy the extracted folder to the location from which
MongoDB will run.
mkdir -p mongodb
cp -R -n mongodb-linux-i686-3.2.5/ mongodb

Replace with the path to the extracted MongoDB archive.
Run MongoDB Community Edition
Step 1: Create the data directory. Before you start MongoDB for the first time, create the directory to which
the mongod process will write data. By default, the mongod process uses the /data/db directory. If you create a
directory other than this one, you must specify that directory in the dbpath option when starting the mongod process
later in this procedure.
The following example command creates the default /data/db directory:
mkdir -p /data/db

Step 2: Set permissions for the data directory. Before running mongod for the first time, ensure that the user
account running mongod has read and write permissions for the directory.
Step 3: Run MongoDB. To run MongoDB, run the mongod process at the system prompt. If necessary, specify the
path of the mongod or the data directory. See the following examples.
Run without specifying paths If your system PATH variable includes the location of the mongod binary and if you
use the default data directory (i.e., /data/db), simply enter mongod at the system prompt:
mongod

Specify the path of the mongod If your PATH does not include the location of the mongod binary, enter the full
path to the mongod binary at the system prompt:
/mongod

Specify the path of the data directory If you do not use the default data directory (i.e., /data/db), specify the
path to the data directory using the --dbpath option:
mongod --dbpath

2.3. Tutorials

MongoDB Documentation, Release 3.2.5

On this page
• Overview (page 42)
• Install MongoDB Community Edition (page 42)
• Run MongoDB (page 43)

Overview Use this tutorial to install MongoDB Community Edition on OS X systems.
Platform Support
Starting in version 3.0, MongoDB only supports OS X versions 10.7 (Lion) and later on Intel x86-64.
MongoDB Community Edition is available through the popular OS X package manager Homebrew12 or through the
MongoDB Download site13 .
Install MongoDB Community Edition
Note: To install a version of MongoDB prior to 3.2, please refer to that version’s documentation. For example, see
version 3.014 .
You can install MongoDB Community Edition with Homebrew15 or manually. This section describes both methods.
Install MongoDB Community Edition with Homebrew Homebrew16 installs binary packages based on published
“formulae.” This section describes how to update brew to the latest packages and install MongoDB Community
Edition. Homebrew requires some initial setup and configuration, which is beyond the scope of this document.
Step 1: Update Homebrew’s package database. In a system shell, issue the following command:
brew update

Step 2: Install MongoDB. You can install MongoDB via brew with several different options. Use one of the
following operations:
Install the MongoDB Binaries To install the MongoDB binaries, issue the following command in a system shell:
brew install mongodb
12 http://brew.sh/
13 http://www.mongodb.org/downloads
14 https://docs.mongodb.org/v3.0/tutorial/install-mongodb-on-os-x/
15 http://brew.sh/
16 http://brew.sh/

Chapter 2. Install MongoDB

MongoDB Documentation, Release 3.2.5

Build MongoDB from Source with TLS/SSL Support To build MongoDB from the source files and include
TLS/SSL support, issue the following from a system shell:
brew install mongodb --with-openssl

Install the Latest Development Release of MongoDB To install the latest development release for use in testing
and development, issue the following command in a system shell:
brew install mongodb --devel

Install MongoDB Community Edition Manually
if you cannot use homebrew (page 42).

Only install MongoDB Community Edition using this procedure

Step 1: Download the binary files for the desired release of MongoDB.
https://www.mongodb.org/downloads.

Download the binaries from

For example, to download the latest release through the shell, issue the following:
curl -O https://fastdl.mongodb.org/osx/mongodb-osx-x86_64-3.2.5.tgz

Step 2: Extract the files from the downloaded archive. For example, from a system shell, you can extract through
the tar command:
tar -zxvf mongodb-osx-x86_64-3.2.5.tgz

Step 3: Copy the extracted archive to the target directory. Copy the extracted folder to the location from which
MongoDB will run.
mkdir -p mongodb
cp -R -n mongodb-osx-x86_64-3.2.5/ mongodb

Replace with the path to the extracted MongoDB archive.
Run MongoDB
Step 1: Create the data directory. Before you start MongoDB for the first time, create the directory to which
the mongod process will write data. By default, the mongod process uses the /data/db directory. If you create a
directory other than this one, you must specify that directory in the dbpath option when starting the mongod process
later in this procedure.
The following example command creates the default /data/db directory:
mkdir -p /data/db

2.3. Tutorials

MongoDB Documentation, Release 3.2.5

Specify the path of the mongod If your PATH does not include the location of the mongod binary, enter the full
path to the mongod binary at the system prompt:
/mongod

Specify the path of the data directory If you do not use the default data directory (i.e., /data/db), specify the
path to the data directory using the --dbpath option:
mongod --dbpath

On this page
•
•
•
•
•
•
•
•

Overview (page 44)
Requirements (page 45)
Get MongoDB Community Edition (page 45)
Install MongoDB Community Edition (page 45)
Run MongoDB Community Edition (page 46)
Configure a Windows Service for MongoDB Community Edition (page 47)
Manually Create a Windows Service for MongoDB Community Edition (page 48)
Additional Resources (page 49)

Overview Use this tutorial to install MongoDB Community Edition on Windows systems.
Platform Support
Starting in version 2.2, MongoDB does not support Windows XP. Please use a more recent version of Windows to use
more recent releases of MongoDB.
Important:
44

If you are running any edition of Windows Server 2008 R2 or Windows 7, please install a hotfix to
Chapter 2. Install MongoDB

MongoDB Documentation, Release 3.2.5

resolve an issue with memory mapped files on Windows17 .

Requirements MongoDB Community Edition requires Windows Server 2008 R2, Windows Vista, or later. The
.msi installer includes all other software dependencies and will automatically upgrade any older version of MongoDB
installed using an .msi file.
Get MongoDB Community Edition
Note: To install a version of MongoDB prior to 3.2, please refer to that version’s documentation. For example, see
version 3.018 .

Step 1: Determine which MongoDB build you need. The following MongoDB builds are available for Windows:
MongoDB for Windows 64-bit runs only on Windows Server 2008 R2, Windows 7 64-bit, and newer versions of
Windows. This build takes advantage of recent enhancements to the Windows Platform and cannot operate on older
versions of Windows.
MongoDB for Windows 64-bit Legacy runs on Windows Vista, and Windows Server 2008 and does not include
recent performance enhancements.
To find which version of Windows you are running, enter the following commands in the Command Prompt or Powershell:
wmic os get caption
wmic os get osarchitecture

Step 2: Download MongoDB for Windows. Download the latest production release of MongoDB from the MongoDB downloads page19 . Ensure you download the correct version of MongoDB for your Windows system. The
64-bit versions of MongoDB do not work with 32-bit Windows.
Install MongoDB Community Edition
Interactive Installation
Step 1: Install MongoDB for Windows. In Windows Explorer, locate the downloaded MongoDB .msi file, which
typically is located in the default Downloads folder. Double-click the .msi file. A set of screens will appear to
guide you through the installation process.
You may specify an installation directory if you choose the “Custom” installation option.
Note: These instructions assume that you have installed MongoDB to C:\mongodb.
MongoDB is self-contained and does not have any other system dependencies. You can run MongoDB from any folder
you choose. You may install MongoDB in any folder (e.g. D:\test\mongodb).
Unattended Installation
using msiexec.exe.

You may install MongoDB Community unattended on Windows from the command line

17 http://support.microsoft.com/kb/2731284
18 https://docs.mongodb.org/v3.0/tutorial/install-mongodb-on-windows/
19 http://www.mongodb.org/downloads

2.3. Tutorials

MongoDB Documentation, Release 3.2.5

Step 1: Open an Administrator command prompt. Press the Win key, type cmd.exe, and press Ctrl +
Shift + Enter to run the Command Prompt as Administrator.
Execute the remaining steps from the Administrator command prompt.
Step 2: Install MongoDB for Windows. Change to the directory containing the .msi installation binary of your
choice and invoke:
msiexec.exe /q /i mongodb-win32-x86_64-2008plus-ssl-3.2.5-signed.msi ^
INSTALLLOCATION="C:\mongodb" ^
ADDLOCAL="all"

You can specify the installation location for the executable by modifying the INSTALLLOCATION value.
By default, this method installs all MongoDB binaries. To install specific MongoDB component sets, you can specify
them in the ADDLOCAL argument using a comma-separated list including one or more of the following component
sets:
Component Set
Server
Router
Client
MonitoringTools
ImportExportTools

Binaries
mongod.exe
mongos.exe
mongo.exe
mongostat.exe, mongotop.exe
mongodump.exe, mongorestore.exe, mongoexport.exe,
mongoimport.exe
MiscellaneousTools bsondump.exe, mongofiles.exe, mongooplog.exe, mongoperf.exe
For instance, to install only the MongoDB utilities, invoke:
msiexec.exe /q /i mongodb-win32-x86_64-2008plus-ssl-3.2.5-signed.msi ^
INSTALLLOCATION="C:\mongodb" ^
ADDLOCAL="MonitoringTools,ImportExportTools,MiscellaneousTools"

Run MongoDB Community Edition

Warning: Do not make mongod.exe visible on public networks without running in “Sec
auth setting. MongoDB is designed to be run in trusted environments, and the database does
Mode” by default.

Step 1: Set up the MongoDB environment. MongoDB requires a data directory to store all data. MongoDB’s
default data directory path is \data\db. Create this folder using the following commands from a Command Prompt:
md \data\db

You can specify an alternate path for data files using the --dbpath option to mongod.exe, for example:
C:\mongodb\bin\mongod.exe --dbpath d:\test\mongodb\data

If your path includes spaces, enclose the entire path in double quotes, for example:
C:\mongodb\bin\mongod.exe --dbpath "d:\test\mongo db data"

You may also specify the dbpath in a configuration file.
Step 2: Start MongoDB. To start MongoDB, run mongod.exe. For example, from the Command Prompt:

Chapter 2. Install MongoDB

MongoDB Documentation, Release 3.2.5

C:\mongodb\bin\mongod.exe

This starts the main MongoDB database process. The waiting for connections message in the console
output indicates that the mongod.exe process is running successfully.
Depending on the security level of your system, Windows may pop up a Security Alert dialog box about blocking
“some features” of C:\mongodb\bin\mongod.exe from communicating on networks. All users should select
Private Networks, such as my home or work network and click Allow access. For additional
information on security and MongoDB, please see the Security Documentation (page 391).
Step 3: Connect to MongoDB.
Prompt.

To connect to MongoDB through the mongo.exe shell, open another Command

C:\mongodb\bin\mongo.exe

If you want to develop applications using .NET, see the documentation of C# and MongoDB20 for more information.
Step 4: Begin using MongoDB. To help you start using MongoDB, MongoDB provides Getting Started Guides in
various driver editions. See getting-started for the available editions.
Before deploying MongoDB in a production environment, consider the Production Notes (page 296) document.
Later, to stop MongoDB, press Control+C in the terminal where the mongod instance is running.
Configure a Windows Service for MongoDB Community Edition
Step 1: Open an Administrator command prompt. Press the Win key, type cmd.exe, and press Ctrl +
Shift + Enter to run the Command Prompt as Administrator.
Execute the remaining steps from the Administrator command prompt.
Step 2: Create directories. Create directories for your database and log files:
mkdir c:\data\db
mkdir c:\data\log

Step 3: Create a configuration file. Create a configuration file. The file must set systemLog.path. Include
additional configuration options as appropriate.
For example, create a file at C:\mongodb\mongod.cfg that specifies both systemLog.path and
storage.dbPath:
systemLog:
destination: file
path: c:\data\log\mongod.log
storage:
dbPath: c:\data\db
20 https://docs.mongodb.org/ecosystem/drivers/csharp

2.3. Tutorials

MongoDB Documentation, Release 3.2.5

Step 4: Install the MongoDB service.
Important: Run all of the following commands in Command Prompt with “Administrative Privileges”.
Install the MongoDB service by starting mongod.exe with the --install option and the -config option to
specify the previously created configuration file.
"C:\mongodb\bin\mongod.exe" --config "C:\mongodb\mongod.cfg" --install

To use an alternate dbpath, specify the path in the configuration file (e.g. C:\mongodb\mongod.cfg) or on the
command line with the --dbpath option.
If needed, you can install services for multiple instances of mongod.exe or mongos.exe. Install each service with
a unique --serviceName and --serviceDisplayName. Use multiple instances only when sufficient system
resources exist and your system design requires it.
Step 5: Start the MongoDB service.
net start MongoDB

Step 6: Stop or remove the MongoDB service as needed. To stop the MongoDB service use the following command:
net stop MongoDB

To remove the MongoDB service use the following command:
"C:\mongodb\bin\mongod.exe" --remove

Manually Create a Windows Service for MongoDB Community Edition You can set up the MongoDB server as
a Windows Service that starts automatically at boot time.
The following procedure assumes you have installed MongoDB Community using the .msi installer with the path
C:\mongodb\.
If you have installed in an alternative directory, you will need to adjust the paths as appropriate.
Step 1: Open an Administrator command prompt. Press the Win key, type cmd.exe, and press Ctrl +
Shift + Enter to run the Command Prompt as Administrator.
Execute the remaining steps from the Administrator command prompt.
Step 2: Create directories. Create directories for your database and log files:
mkdir c:\data\db
mkdir c:\data\log

Chapter 2. Install MongoDB

MongoDB Documentation, Release 3.2.5

systemLog:
destination: file
path: c:\data\log\mongod.log
storage:
dbPath: c:\data\db

Step 4: Create the MongoDB service. Create the MongoDB service.

sc.exe create MongoDB binPath= "C:\mongodb\bin\mongod.exe --service --config=\"C:\mongodb\mongod.cfg\

sc.exe requires a space between “=” and the configuration values (eg “binPath= ”), and a “\” to escape double
quotes.
If successfully created, the following log message will display:
[SC] CreateService SUCCESS

Step 5: Start the MongoDB service.
net start MongoDB

Step 6: Stop or remove the MongoDB service as needed. To stop the MongoDB service, use the following command:
net stop MongoDB

To remove the MongoDB service, first stop the service and then run the following command:
sc.exe delete MongoDB

Additional Resources
• MongoDB for Developers Free Course21
• MongoDB for .NET Developers Free Online Course22
• MongoDB Architecture Guide23
Install MongoDB Enterprise
These documents provide instructions to install MongoDB Enterprise.
MongoDB Enterprise is available for MongoDB Enterprise subscribers and includes several additional features including support for SNMP monitoring, LDAP authentication, Kerberos authentication, and System Event Auditing.
Install on Linux (page 50) Install the official builds of MongoDB Enterprise on Linux-based systems.
Install on OS X (page 68) Install the official build of MongoDB Enterprise on OS X
Install on Windows (page 69) Install MongoDB Enterprise on Windows using the .msi installer.
21 https://university.mongodb.com/courses/M101P/about?jmp=docs
22 https://university.mongodb.com/courses/M101N/about?jmp=docs
23 https://www.mongodb.com/lp/white-paper/architecture-guide?jmp=docs

2.3. Tutorials

MongoDB Documentation, Release 3.2.5

Install MongoDB Enterprise on Linux

Install on Red Hat (page 50) Install MongoDB Enterprise and required dependencies on Red Hat Enterprise or CentOS Systems using packages.
Install on Ubuntu (page 54) Install MongoDB Enterprise and required dependencies on Ubuntu Linux Systems using
packages.
Install on Debian (page 57) Install MongoDB Enterprise and required dependencies on Debian Linux Systems using
packages.
Install on SUSE (page 60) Install MongoDB Enterprise and required dependencies on SUSE Enterprise Linux.
Install on Amazon (page 63) Install MongoDB Enterprise and required dependencies on Amazon Linux AMI.
Install From Tarball (page 66) Install MongoDB Enterprise from a tarball.

On this page
Install MongoDB Enterprise on Red Hat Enterprise or CentOS

•
•
•
•
•

Overview (page 50)
Install MongoDB Enterprise (page 50)
Install MongoDB Enterprise From Tarball (page 51)
Run MongoDB Enterprise (page 52)
Uninstall MongoDB (page 53)

Overview Use this tutorial to install MongoDB Enterprise24 on Red Hat Enterprise Linux or CentOS Linux versions
6 and 7 from .rpm packages.
Platform Support
This installation guide only supports 64-bit systems. See Platform Support (page 952) for details.
MongoDB 3.2 deprecates support for Red Hat Enterprise Linux 5.
MongoDB provides officially supported Enterprise packages in their own repository. This repository contains the
following packages:
mongodb-enterprise
A metapackage that will automatically install the four component packages listed
below.
mongodb-enterprise-server
Contains the mongod daemon and associated configuration and init scripts.
mongodb-enterprise-mongos
Contains the mongos daemon.
mongodb-enterprise-shell
Contains the mongo shell.
mongodb-enterprise-tools
Contains the following MongoDB tools: mongoimport bsondump, mongodump,
mongoexport, mongofiles, mongooplog, mongoperf, mongorestore,
mongostat, and mongotop.
The default /etc/mongod.conf configuration file supplied by the packages have bind_ip set to 127.0.0.1
by default. Modify this setting as needed for your environment before initializing a replica set.
Install MongoDB Enterprise
Note: To install a version of MongoDB prior to 3.2, please refer to that version’s documentation. For example, see
version 3.025 .
24 https://www.mongodb.com/products/mongodb-enterprise-advanced?jmp=docs
25 https://docs.mongodb.org/v3.0/tutorial/install-mongodb-enterprise-on-red-hat/

Chapter 2. Install MongoDB

MongoDB Documentation, Release 3.2.5

Use the provided distribution packages as described in this page if possible. These packages will automatically install
all of MongoDB’s dependencies, and are the recommended installation method.
Step 1: Configure repository. Create an /etc/yum.repos.d/mongodb-enterprise.repo file so that
you can install MongoDB enterprise directly, using yum.
For the latest stable release of MongoDB Enterprise Use the following repository file:
[mongodb-enterprise]
name=MongoDB Enterprise Repository
baseurl=https://repo.mongodb.com/yum/redhat/$releasever/mongodb-enterprise/stable/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-3.2.asc

.repo files for each release can also be found in the repository itself26 . Remember that odd-numbered minor release
versions (e.g. 2.5) are development versions and are unsuitable for production deployment.
Step 2: Install the MongoDB Enterprise packages and associated tools. You can install either the latest stable
version of MongoDB Enterprise or a specific version of MongoDB Enterprise.
To install the latest stable version of MongoDB Enterprise, issue the following command:
sudo yum install -y mongodb-enterprise

Step 3: Optional: Manage Installed Version
Install a specific release of MongoDB Enterprise. Specify each component package individually and append the
version number to the package name, as in the following example that installs the 3.2.1 release of MongoDB:

sudo yum install -y mongodb-enterprise-3.2.1 mongodb-enterprise-server-3.2.1 mongodb-enterprise-shell

Pin a specific version of MongoDB Enterprise. Although you can specify any available version of MongoDB
Enterprise, yum will upgrade the packages when a newer version becomes available. To prevent unintended upgrades,
pin the package by adding the following exclude directive to your /etc/yum.conf file:

exclude=mongodb-enterprise,mongodb-enterprise-server,mongodb-enterprise-shell,mongodb-enterprise-mong

Previous versions of MongoDB packages use different naming conventions. See the 2.4 version of documentation for
more information27 .
Step 4: When the install completes, you can run MongoDB.
Install MongoDB Enterprise From Tarball While you should use the .rpm packages as previously described, you
may also manually install MongoDB using the tarballs.
First you must install any dependencies as appropriate:
Version 5
26 https://repo.mongodb.com/yum/redhat/
27 https://docs.mongodb.org/v2.4/tutorial/install-mongodb-on-linux

2.3. Tutorials

MongoDB Documentation, Release 3.2.5

yum install perl cyrus-sasl cyrus-sasl-plain cyrus-sasl-gssapi krb5-libs \
lm_sensors net-snmp openssl popt rpm-libs tcp_wrappers zlib

Version 6
yum install cyrus-sasl cyrus-sasl-plain cyrus-sasl-gssapi krb5-libs \
net-snmp openssl

Version 7
yum install cyrus-sasl cyrus-sasl-plain cyrus-sasl-gssapi krb5-libs \
lm_sensors-libs net-snmp-agent-libs net-snmp openssl rpm-libs \
tcp_wrappers-libs

To perform the installation, see Install MongoDB Enterprise From Tarball (page 66).
Run MongoDB Enterprise
Prerequisites
Configure SELinux
Important: You must configure SELinux to allow MongoDB to start on Red Hat Linux-based systems (Red Hat
Enterprise Linux or CentOS Linux).
To configure SELinux, administrators have three options:
Note: All three options require root privileges. The first two options each requires a system reboot and may have
larger implications for your deployment.
• Disable SELinux entirely by changing the SELINUX setting to disabled in /etc/selinux/config.
SELINUX=disabled

• Set SELinux to permissive mode in /etc/selinux/config by changing the SELINUX setting to
permissive .
SELINUX=permissive

Chapter 2. Install MongoDB

MongoDB Documentation, Release 3.2.5

Data Directories and Permissions

Warning: On RHEL 7.0, if you change the data path, the default SELinux policies will preve
having write access on the new data path if you do not change the security context.

Step 3: Stop MongoDB. As needed, you can stop the mongod process by issuing the following command:
sudo service mongod stop

Step 4: Restart MongoDB. You can restart the mongod process by issuing the following command:
sudo service mongod restart

You can follow the state of the process for errors or important messages by watching the output in the
/var/log/mongodb/mongod.log file.
Step 5: Begin using MongoDB. To help you start using MongoDB, MongoDB provides Getting Started Guides in
various driver editions. See getting-started for the available editions.
Before deploying MongoDB in a production environment, consider the Production Notes (page 296) document.
Later, to stop MongoDB, press Control+C in the terminal where the mongod instance is running.
Uninstall MongoDB To completely remove MongoDB from a system, you must remove the MongoDB applications
themselves, the configuration files, and any directories containing data and logs. The following section guides you
through the necessary steps.
Warning: This process will completely remove MongoDB, its configuration, and all databases. This process is
not reversible, so ensure that all of your configuration and data is backed up before proceeding.

2.3. Tutorials

MongoDB Documentation, Release 3.2.5

Step 1: Stop MongoDB. Stop the mongod process by issuing the following command:
sudo service mongod stop

Step 2: Remove Packages. Remove any MongoDB packages that you had previously installed.
sudo yum erase $(rpm -qa | grep mongodb-enterprise)

Step 3: Remove Data Directories. Remove MongoDB databases and log files.
sudo rm -r /var/log/mongodb
sudo rm -r /var/lib/mongo

On this page
Install MongoDB Enterprise on Ubuntu

•
•
•
•
•

Overview (page 54)
Install MongoDB Enterprise (page 54)
Install MongoDB Enterprise From Tarball (page 56)
Run MongoDB Enterprise (page 56)
Uninstall MongoDB (page 57)

Overview Use this tutorial to install MongoDB Enterprise28 on LTS Ubuntu Linux systems from .deb packages.
Platform Support
MongoDB only provides packages for 64-bit long-term support Ubuntu releases. Currently, this means 12.04 LTS
(Precise Pangolin) and 14.04 LTS (Trusty Tahr). While the packages may work with other Ubuntu releases, this is not
a supported configuration.
MongoDB provides officially supported Enterprise packages in their own repository. This repository contains the
following packages:
mongodb-enterprise
A metapackage that will automatically install the four component packages listed
below.
mongodb-enterprise-server
Contains the mongod daemon and associated configuration and init scripts.
mongodb-enterprise-mongos
Contains the mongos daemon.
mongodb-enterprise-shell
Contains the mongo shell.
mongodb-enterprise-tools
Contains the following MongoDB tools: mongoimport bsondump, mongodump,
mongoexport, mongofiles, mongooplog, mongoperf, mongorestore,
mongostat, and mongotop.
Install MongoDB Enterprise
Note: To install a version of MongoDB prior to 3.2, please refer to that version’s documentation. For example, see
version 3.029 .
MongoDB only provides packages for 64-bit long-term support Ubuntu releases. Currently, this means 12.04 LTS
(Precise Pangolin) and 14.04 LTS (Trusty Tahr). While the packages may work with other Ubuntu releases, this is not
a supported configuration.
28 https://www.mongodb.com/products/mongodb-enterprise-advanced?jmp=docs
29 https://docs.mongodb.org/v3.0/tutorial/install-mongodb-enterprise-on-ubuntu/

Chapter 2. Install MongoDB

MongoDB Documentation, Release 3.2.5

Use the provided distribution packages as described in this page if possible. These packages will automatically install
all of MongoDB’s dependencies, and are the recommended installation method.
Step 1: Import the public key used by the package management system. The Ubuntu package management tools
(i.e. dpkg and apt) ensure package consistency and authenticity by requiring that distributors sign packages with
GPG keys. Issue the following command to import the MongoDB public GPG Key30 :
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv EA312927

Step 2: Create a /etc/apt/sources.list.d/mongodb-enterprise.list file for MongoDB. Create
the list file using the command appropriate for your version of Ubuntu:
Ubuntu 12.04

echo "deb http://repo.mongodb.com/apt/ubuntu precise/mongodb-enterprise/stable multiverse" | sudo tee

Ubuntu 14.04
echo "deb http://repo.mongodb.com/apt/ubuntu trusty/mongodb-enterprise/stable multiverse" | sudo tee

If you’d like to install MongoDB Enterprise packages from a particular release series (page 1070), such as 2.4 or 2.6,
you can specify the release series in the repository configuration. For example, to restrict your system to the 2.6 release
series, add the following repository:
echo "deb http://repo.mongodb.com/apt/ubuntu "$(lsb_release -sc)"/mongodb-enterprise/2.6 multiverse"

Step 3: Reload local package database. Issue the following command to reload the local package database:
sudo apt-get update

Step 4: Install the MongoDB Enterprise packages.
a specific version of MongoDB.

You can install either the latest stable version of MongoDB or

Install the latest stable version of MongoDB Enterprise. Issue the following command:
sudo apt-get install -y mongodb-enterprise

Install a specific release of MongoDB Enterprise. To install a specific release, you must specify each component
package individually along with the version number, as in the following example:

sudo apt-get install -y mongodb-enterprise=3.2.5 mongodb-enterprise-server=3.2.5 mongodb-enterprise-s

If you only install mongodb-enterprise=3.2.5 and do not include the component packages, the latest version
of each MongoDB package will be installed regardless of what version you specified.
Pin a specific version of MongoDB Enterprise. Although you can specify any available version of MongoDB,
apt-get will upgrade the packages when a newer version becomes available. To prevent unintended upgrades, pin
the package. To pin the version of MongoDB at the currently installed version, issue the following command sequence:
30 https://www.mongodb.org/static/pgp/server-3.2.asc

2.3. Tutorials

MongoDB Documentation, Release 3.2.5

echo
echo
echo
echo
echo

"mongodb-enterprise hold" | sudo dpkg --set-selections
"mongodb-enterprise-server hold" | sudo dpkg --set-selections
"mongodb-enterprise-shell hold" | sudo dpkg --set-selections
"mongodb-enterprise-mongos hold" | sudo dpkg --set-selections
"mongodb-enterprise-tools hold" | sudo dpkg --set-selections

Versions of the MongoDB packages before 2.6 use a different repository location. Refer to the version of the documentation appropriate for your MongoDB version.
Install MongoDB Enterprise From Tarball While you should use the .deb packages as previously described, you
may also manually install MongoDB using the tarballs.
First you must install any dependencies as appropriate:
sudo apt-get install libgssapi-krb5-2 libsasl2-2 libssl1.0.0 libstdc++6 snmp

To perform the installation, see Install MongoDB Enterprise From Tarball (page 66).
Run MongoDB Enterprise The MongoDB instance stores its data files in /var/lib/mongodb and its log files
in /var/log/mongodb by default, and runs using the mongodb user account. You can specify alternate log
and data file directories in /etc/mongod.conf. See systemLog.path and storage.dbPath for additional
information.
If you change the user that runs the MongoDB process, you must modify the access control rights to the
/var/lib/mongodb and /var/log/mongodb directories to give this user access to these directories.
Step 1: Start MongoDB. Issue the following command to start mongod:
sudo service mongod start

where is the port configured in /etc/mongod.conf, 27017 by default.
Step 3: Stop MongoDB. As needed, you can stop the mongod process by issuing the following command:
sudo service mongod stop

Step 4: Restart MongoDB. Issue the following command to restart mongod:
sudo service mongod restart

Chapter 2. Install MongoDB

MongoDB Documentation, Release 3.2.5

Uninstall MongoDB To completely remove MongoDB from a system, you must remove the MongoDB applications
themselves, the configuration files, and any directories containing data and logs. The following section guides you
through the necessary steps.
Warning: This process will completely remove MongoDB, its configuration, and all databases. This process is
not reversible, so ensure that all of your configuration and data is backed up before proceeding.

Step 1: Stop MongoDB. Stop the mongod process by issuing the following command:
sudo service mongod stop

Step 2: Remove Packages. Remove any MongoDB packages that you had previously installed.
sudo apt-get purge mongodb-enterprise*

Step 3: Remove Data Directories. Remove MongoDB databases and log files.
sudo rm -r /var/log/mongodb
sudo rm -r /var/lib/mongodb

On this page
Install MongoDB Enterprise on Debian

•
•
•
•
•

Overview (page 57)
Install MongoDB Enterprise (page 58)
Install MongoDB Enterprise From Tarball (page 59)
Run MongoDB Enterprise (page 59)
Uninstall MongoDB (page 60)

Overview Use this tutorial to install MongoDB Enterprise31 from .deb packages on Debian 7 “Wheezy”.
Platform Support
This installation guide only supports 64-bit systems. See Platform Support (page 952) for details.
MongoDB provides officially supported Enterprise packages in their own repository. This repository contains the
following packages:
mongodb-enterprise
A metapackage that will automatically install the four component packages listed
below.
mongodb-enterprise-server
Contains the mongod daemon and associated configuration and init scripts.
mongodb-enterprise-mongos
Contains the mongos daemon.
mongodb-enterprise-shell
Contains the mongo shell.
mongodb-enterprise-tools
Contains the following MongoDB tools: mongoimport bsondump, mongodump,
mongoexport, mongofiles, mongooplog, mongoperf, mongorestore,
mongostat, and mongotop.
31 https://www.mongodb.com/products/mongodb-enterprise-advanced?jmp=docs

2.3. Tutorials

MongoDB Documentation, Release 3.2.5

Install MongoDB Enterprise
Note: To install a version of MongoDB prior to 3.2, please refer to that version’s documentation. For example, see
version 3.032 .
This installation guide only supports 64-bit systems. See Platform Support (page 952) for details.
Use the provided distribution packages as described in this page if possible. These packages will automatically install
all of MongoDB’s dependencies, and are the recommended installation method.
Step 1: Import the public key used by the package management system. The Ubuntu package management tools
(i.e. dpkg and apt) ensure package consistency and authenticity by requiring that distributors sign packages with
GPG keys. Issue the following command to import the MongoDB public GPG Key33 :
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv EA312927

Step 2: Create a /etc/apt/sources.list.d/mongodb-enterprise.list file for MongoDB. Create
the list file using the following command:

echo "deb http://repo.mongodb.com/apt/debian wheezy/mongodb-enterprise/stable main" | sudo tee /etc/a

If you’d like to install MongoDB Enterprise packages from a particular release series (page 1070), such as 2.6, you
can specify the release series in the repository configuration. For example, to restrict your system to the 2.6 release
series, add the following repository:

echo "deb http://repo.mongodb.com/apt/debian wheezy/mongodb-enterprise/2.6 main" | sudo tee /etc/apt/

Currently packages are only available for Debian 7 (Wheezy).
Step 3: Reload local package database. Issue the following command to reload the local package database:
sudo apt-get update

Step 4: Install the MongoDB Enterprise packages.
a specific version of MongoDB.

You can install either the latest stable version of MongoDB or

Install the latest stable version of MongoDB Enterprise. Issue the following command:
sudo apt-get install -y mongodb-enterprise

Install a specific release of MongoDB Enterprise. To install a specific release, you must specify each component
package individually along with the version number, as in the following example:

sudo apt-get install -y mongodb-enterprise=3.2.5 mongodb-enterprise-server=3.2.5 mongodb-enterprise-s

If you only install mongodb-enterprise=3.2.5 and do not include the component packages, the latest version
of each MongoDB package will be installed regardless of what version you specified.
32 https://docs.mongodb.org/v3.0/tutorial/install-mongodb-enterprise-on-debian/
33 https://www.mongodb.org/static/pgp/server-3.2.asc

Chapter 2. Install MongoDB

MongoDB Documentation, Release 3.2.5

Pin a specific version of MongoDB Enterprise. Although you can specify any available version of MongoDB,
apt-get will upgrade the packages when a newer version becomes available. To prevent unintended upgrades, pin
the package. To pin the version of MongoDB at the currently installed version, issue the following command sequence:
echo
echo
echo
echo
echo

where is the port configured in /etc/mongod.conf, 27017 by default.
Step 3: Stop MongoDB. As needed, you can stop the mongod process by issuing the following command:
sudo service mongod stop

Step 4: Restart MongoDB. Issue the following command to restart mongod:
sudo service mongod restart

2.3. Tutorials

MongoDB Documentation, Release 3.2.5

Step 5: Begin using MongoDB. To help you start using MongoDB, MongoDB provides Getting Started Guides in
various driver editions. See getting-started for the available editions.
Before deploying MongoDB in a production environment, consider the Production Notes (page 296) document.
Later, to stop MongoDB, press Control+C in the terminal where the mongod instance is running.
Uninstall MongoDB To completely remove MongoDB from a system, you must remove the MongoDB applications
themselves, the configuration files, and any directories containing data and logs. The following section guides you
through the necessary steps.
Warning: This process will completely remove MongoDB, its configuration, and all databases. This process is
not reversible, so ensure that all of your configuration and data is backed up before proceeding.

Step 1: Stop MongoDB. Stop the mongod process by issuing the following command:
sudo service mongod stop

Step 2: Remove Packages. Remove any MongoDB packages that you had previously installed.
sudo apt-get purge mongodb-enterprise*

Step 3: Remove Data Directories. Remove MongoDB databases and log files.
sudo rm -r /var/log/mongodb
sudo rm -r /var/lib/mongodb

On this page

Install MongoDB Enterprise on SUSE

•
•
•
•
•
•

Overview (page 60)
Considerations (page 61)
Install MongoDB Enterprise (page 61)
Install MongoDB Enterprise From Tarball (page 62)
Run MongoDB Enterprise (page 62)
Uninstall MongoDB (page 63)

Overview Use this tutorial to install MongoDB Enterprise34 on SUSE Linux. MongoDB Enterprise is available on
select platforms and contains support for several features related to security and monitoring.
Platform Support
This installation guide only supports 64-bit systems. See Platform Support (page 952) for details.
MongoDB provides officially supported Enterprise packages in their own repository. This repository contains the
following packages:
34 https://www.mongodb.com/products/mongodb-enterprise-advanced?jmp=docs

Chapter 2. Install MongoDB

MongoDB Documentation, Release 3.2.5

mongodb-enterprise
A metapackage that will automatically install the four component packages listed
below.
mongodb-enterprise-server
Contains the mongod daemon and associated configuration and init scripts.
mongodb-enterprise-mongos
Contains the mongos daemon.
mongodb-enterprise-shell
Contains the mongo shell.
mongodb-enterprise-tools
Contains the following MongoDB tools: mongoimport bsondump, mongodump,
mongoexport, mongofiles, mongooplog, mongoperf, mongorestore,
mongostat, and mongotop.
Considerations MongoDB only provides Enterprise packages for 64-bit builds of SUSE Enterprise Linux versions
11 and 12.
Use the provided distribution packages as described in this page if possible. These packages will automatically install
all of MongoDB’s dependencies, and are the recommended installation method.
Note: SUSE Linux Enterprise Server and potentially other SUSE distributions ship with virtual memory address
space limited to 8 GB by default. You must adjust this in order to prevent virtual memory allocation failures as the
database grows.
The SLES packages for MongoDB adjust these limits in the default scripts, but you will need to make this change
manually if you are using custom scripts and/or the tarball release rather than the SLES packages.

Install MongoDB Enterprise
Note: To install a version of MongoDB prior to 3.2, please refer to that version’s documentation. For example, see
version 3.035 .

Step 1: Configure the package management system (zypper). Add the repository so that you can install MongoDB using zypper.
Specify the latest stable release of MongoDB using the command appropriate for your version of SUSE:
SUSE 11

sudo zypper addrepo --no-gpgcheck "https://repo.mongodb.com/zypper/suse/11/mongodb-enterprise/stable/

SUSE 12

sudo zypper addrepo --no-gpgcheck "https://repo.mongodb.com/zypper/suse/12/mongodb-enterprise/stable/

If you’d like to install MongoDB packages from a previous release series (page 1070), such as 2.6, you can specify the
release series in the repository configuration. For example, to restrict your SUSE 11 system to the 2.6 release series,
use the following command:

sudo zypper addrepo --no-gpgcheck https://repo.mongodb.com/zypper/suse/11/mongodb-enterprise/2.6/x86_

Step 2: Install the MongoDB packages and associated tools. When you install the packages, you choose whether
to install the current release or a previous one. This step provides the commands for both.
To install the latest stable version of MongoDB, issue the following command:
sudo zypper -n install mongodb-enterprise
35 https://docs.mongodb.org/v3.0/tutorial/install-mongodb-enterprise-on-suse/

2.3. Tutorials

MongoDB Documentation, Release 3.2.5

To install a specific release of MongoDB, specify each component package individually and append the version number
to the package name, as in the following example:

sudo zypper install mongodb-enterprise-3.2.5 mongodb-enterprise-server-3.2.5 mongodb-enterprise-shell

sudo zypper addlock mongodb-enterprise-3.2.5 mongodb-enterprise-server-3.2.5 mongodb-enterprise-shell

Previous versions of MongoDB packages use a different repository location. Refer to the version of the documentation
appropriate for your MongoDB version.
Install MongoDB Enterprise From Tarball While you should use the .rpm packages as previously described, you
may also manually install MongoDB using the tarballs.
First you must install any dependencies as appropriate:
zypper install cyrus-sasl cyrus-sasl-plain cyrus-sasl-gssapi krb5 \
libopenssl0_9_8 net-snmp libstdc++46 zlib

To perform the installation, see Install MongoDB Enterprise From Tarball (page 66).
Run MongoDB Enterprise
Prerequisites The MongoDB instance stores its data files in /var/lib/mongo and its log files in
/var/log/mongodb by default, and runs using the mongod user account. You can specify alternate log and
data file directories in /etc/mongod.conf. See systemLog.path and storage.dbPath for additional information.
If you change the user that runs the MongoDB process, you must modify the access control rights to the
/var/lib/mongo and /var/log/mongodb directories to give this user access to these directories.
Procedure
Step 1: Start MongoDB. You can start the mongod process by issuing the following command:
sudo service mongod start

Step 3: Stop MongoDB. As needed, you can stop the mongod process by issuing the following command:
sudo service mongod stop

Chapter 2. Install MongoDB

MongoDB Documentation, Release 3.2.5

Step 4: Restart MongoDB. You can restart the mongod process by issuing the following command:
sudo service mongod restart

Step 1: Stop MongoDB. Stop the mongod process by issuing the following command:
sudo service mongod stop

Step 2: Remove Packages. Remove any MongoDB packages that you had previously installed.
sudo zypper remove $(rpm -qa | grep mongodb-enterprise)

Step 3: Remove Data Directories. Remove MongoDB databases and log files.
sudo rm -r /var/log/mongodb
sudo rm -r /var/lib/mongo

On this page
Install MongoDB Enterprise on Amazon Linux

•
•
•
•
•

Overview (page 63)
Install MongoDB Enterprise (page 64)
Install MongoDB Enterprise From Tarball (page 65)
Run MongoDB Enterprise (page 65)
Uninstall MongoDB (page 66)

Overview Use this tutorial to install MongoDB Enterprise36 on Amazon Linux AMI. MongoDB Enterprise is available on select platforms and contains support for several features related to security and monitoring.
This installation guide only supports 64-bit systems. See Platform Support (page 952) for details.
MongoDB provides officially supported Enterprise packages in their own repository. This repository contains the
following packages:
36 https://www.mongodb.com/products/mongodb-enterprise-advanced?jmp=docs

2.3. Tutorials

MongoDB Documentation, Release 3.2.5

Step 1: Configure repository. Create an /etc/yum.repos.d/mongodb-enterprise.repo file so that
you can install MongoDB enterprise directly, using yum.
For the latest stable release of MongoDB Enterprise Use the following repository file:
[mongodb-enterprise]
name=MongoDB Enterprise Repository
baseurl=https://repo.mongodb.com/yum/amazon/2013.03/mongodb-enterprise/stable/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-3.2.asc

.repo files for each release can also be found in the repository itself38 . Remember that odd-numbered minor release
versions (e.g. 2.5) are development versions and are unsuitable for production deployment.
Step 2: Install the MongoDB Enterprise packages and associated tools. You can install either the latest stable
version of MongoDB Enterprise or a specific version of MongoDB Enterprise.
To install the latest stable version of MongoDB Enterprise, issue the following command:
sudo yum install -y mongodb-enterprise

sudo yum install -y mongodb-enterprise-3.2.1 mongodb-enterprise-server-3.2.1 mongodb-enterprise-shell

exclude=mongodb-enterprise,mongodb-enterprise-server,mongodb-enterprise-shell,mongodb-enterprise-mong
37 https://docs.mongodb.org/v3.0/tutorial/install-mongodb-enterprise-on-amazon/
38 https://repo.mongodb.com/yum/amazon/

Chapter 2. Install MongoDB

MongoDB Documentation, Release 3.2.5

Previous versions of MongoDB packages use different naming conventions. See the 2.4 version of documentation for
more information39 .
Step 4: When the install completes, you can run MongoDB.
Install MongoDB Enterprise From Tarball While you should use the .rpm packages as previously described, you
may also manually install MongoDB using the tarballs.
First you must install any dependencies as appropriate:
yum install cyrus-sasl cyrus-sasl-plain cyrus-sasl-gssapi krb5-libs \
lm_sensors-libs net-snmp-agent-libs net-snmp openssl rpm-libs \
tcp_wrappers-libs

To perform the installation, see Install MongoDB Enterprise From Tarball (page 66).
Run MongoDB Enterprise The MongoDB instance stores its data files in /var/lib/mongo and its log files
in /var/log/mongodb by default, and runs using the mongod user account. You can specify alternate log and
data file directories in /etc/mongod.conf. See systemLog.path and storage.dbPath for additional
information.
If you change the user that runs the MongoDB process, you must modify the access control rights to the
/var/lib/mongo and /var/log/mongodb directories to give this user access to these directories.
Step 1: Start MongoDB. You can start the mongod process by issuing the following command:
sudo service mongod start

Step 3: Stop MongoDB. As needed, you can stop the mongod process by issuing the following command:
sudo service mongod stop

Step 4: Restart MongoDB. You can restart the mongod process by issuing the following command:
sudo service mongod restart

You can follow the state of the process for errors or important messages by watching the output in the
/var/log/mongodb/mongod.log file.
39 https://docs.mongodb.org/v2.4/tutorial/install-mongodb-on-linux

2.3. Tutorials

MongoDB Documentation, Release 3.2.5

Step 5: Begin using MongoDB. To help you start using MongoDB, MongoDB provides Getting Started Guides in
various driver editions. See getting-started for the available editions.
Before deploying MongoDB in a production environment, consider the Production Notes (page 296) document.
Later, to stop MongoDB, press Control+C in the terminal where the mongod instance is running.
Uninstall MongoDB To completely remove MongoDB from a system, you must remove the MongoDB applications
themselves, the configuration files, and any directories containing data and logs. The following section guides you
through the necessary steps.
Warning: This process will completely remove MongoDB, its configuration, and all databases. This process is
not reversible, so ensure that all of your configuration and data is backed up before proceeding.

Step 1: Stop MongoDB. Stop the mongod process by issuing the following command:
sudo service mongod stop

Step 2: Remove Packages. Remove any MongoDB packages that you had previously installed.
sudo yum erase $(rpm -qa | grep mongodb-enterprise)

Step 3: Remove Data Directories. Remove MongoDB databases and log files.
sudo rm -r /var/log/mongodb
sudo rm -r /var/lib/mongo

On this page
Install MongoDB Enterprise From Tarball

• Overview (page 66)
• Install MongoDB (page 66)
• Run MongoDB (page 67)

Overview Compiled versions of MongoDB Enterprise for Linux provide a simple option for installing MongoDB
for other Linux systems without supported packages.
Install MongoDB
Note: To install a version of MongoDB prior to 3.2, please refer to that version’s documentation. For example, see
version 3.040 .

Step 1: Install any missing dependencies. To manually install MongoDB Enterprise, first install any dependencies
as appropriate.
40 https://docs.mongodb.org/v3.0/tutorial/install-mongodb-enterprise-on-linux/

Chapter 2. Install MongoDB

MongoDB Documentation, Release 3.2.5

Step 2: Download and install the MongoDB Enterprise packages. After you have installed the required prerequisite packages, download and install the MongoDB Enterprise packages from https://mongodb.com/download/.
The MongoDB binaries are located in the bin/ directory of the archive. To download and install, use the following
sequence of commands.
Step 3: Ensure the location of the MongoDB binaries is included in the PATH variable. Once you have copied
the MongoDB binaries to their target location, ensure that the location is included in your PATH variable. If it is not,
either include it or create symbolic links from the binaries to a directory that is included.
Run MongoDB
Step 1: Create the data directory. Before you start MongoDB for the first time, create the directory to which
the mongod process will write data. By default, the mongod process uses the /data/db directory. If you create a
directory other than this one, you must specify that directory in the dbpath option when starting the mongod process
later in this procedure.
The following example command creates the default /data/db directory:
mkdir -p /data/db

Specify the path of the mongod If your PATH does not include the location of the mongod binary, enter the full
path to the mongod binary at the system prompt:
/mongod

Specify the path of the data directory If you do not use the default data directory (i.e., /data/db), specify the
path to the data directory using the --dbpath option:
mongod --dbpath

2.3. Tutorials

MongoDB Documentation, Release 3.2.5

Install MongoDB Enterprise on OS X

Overview Use this tutorial to install MongoDB Enterprise41 on OS X systems. MongoDB Enterprise is available on
select platforms and contains support for several features related to security and monitoring.
Platform Support
MongoDB only supports OS X versions 10.7 (Lion) and later on Intel x86-64. Versions of MongoDB Enterprise prior
to 3.2 did not support OS X.

Install MongoDB Enterprise
Step 1 Download the latest production release of MongoDB Enterprise42 .
Step 2: Extract the files from the downloaded archive. For example, from a system shell, you can extract through
the tar command:
tar -zxvf mongodb-osx-x86_64-enterprise-3.2.5.tgz

Step 3: Copy the extracted archive to the target directory. Copy the extracted folder to the location from which
MongoDB will run.
mkdir -p mongodb
cp -R -n mongodb-osx-x86_64-enterprise-3.2.5/ mongodb

Replace with the path to the extracted MongoDB archive.
Run MongoDB Enterprise
Step 1: Create the data directory. Before you start MongoDB for the first time, create the directory to which
the mongod process will write data. By default, the mongod process uses the /data/db directory. If you create a
directory other than this one, you must specify that directory in the dbpath option when starting the mongod process
later in this procedure.
The following example command creates the default /data/db directory:
mkdir -p /data/db

Step 2: Set permissions for the data directory. Before running mongod for the first time, ensure that the user
account running mongod has read and write permissions for the directory.
41 https://www.mongodb.com/products/mongodb-enterprise-advanced?jmp=docs
42 http://www.mongodb.com/products/mongodb-enterprise?jmp=docs

Chapter 2. Install MongoDB

MongoDB Documentation, Release 3.2.5

Step 3: Run MongoDB. To run MongoDB, run the mongod process at the system prompt. If necessary, specify the
path of the mongod or the data directory. See the following examples.
Run without specifying paths If your system PATH variable includes the location of the mongod binary and if you
use the default data directory (i.e., /data/db), simply enter mongod at the system prompt:
mongod

Specify the path of the mongod If your PATH does not include the location of the mongod binary, enter the full
path to the mongod binary at the system prompt:
/mongod

Specify the path of the data directory If you do not use the default data directory (i.e., /data/db), specify the
path to the data directory using the --dbpath option:
mongod --dbpath

On this page
•
•
•
•
•
•
•

Overview (page 69)
Prerequisites (page 69)
Get MongoDB Enterprise (page 70)
Install MongoDB Enterprise (page 70)
Run MongoDB Enterprise (page 71)
Configure a Windows Service for MongoDB Enterprise (page 72)
Manually Create a Windows Service for MongoDB Enterprise (page 73)

New in version 2.6.
Overview Use this tutorial to install MongoDB Enterprise43 on Windows systems. MongoDB Enterprise is available
on select platforms and contains support for several features related to security and monitoring.
Prerequisites MongoDB Enterprise Server for Windows requires Windows Server 2008 R2 or later. The .msi
installer includes all other software dependencies and will automatically upgrade any older version of MongoDB
installed using an .msi file.
43 https://www.mongodb.com/products/mongodb-enterprise-advanced?jmp=docs

2.3. Tutorials

MongoDB Documentation, Release 3.2.5

Get MongoDB Enterprise
Note: To install a version of MongoDB prior to 3.2, please refer to that version’s documentation. For example, see
version 3.044 .

Step 1: Download MongoDB Enterprise for Windows.
Enterprise45 .

Download the latest production release of MongoDB

To find which version of Windows you are running, enter the following commands in the Command Prompt or Powershell:
wmic os get caption
wmic os get osarchitecture

Install MongoDB Enterprise
Interactive Installation
Step 1: Install MongoDB Enterprise for Windows. In Windows Explorer, locate the downloaded MongoDB .msi
file, which typically is located in the default Downloads folder. Double-click the .msi file. A set of screens will
appear to guide you through the installation process.
You may specify an installation directory if you choose the “Custom” installation option.
Note: These instructions assume that you have installed MongoDB to C:\mongodb.
MongoDB is self-contained and does not have any other system dependencies. You can run MongoDB from any folder
you choose. You may install MongoDB in any folder (e.g. D:\test\mongodb).
Unattended Installation You may install MongoDB unattended on Windows from the command line using
msiexec.exe.
Step 1: Install MongoDB Enterprise for Windows. Change to the directory containing the .msi installation
binary of your choice and invoke:
msiexec.exe /q /i mongodb-win32-x86_64-2008plus-ssl-3.2.5-signed.msi ^
INSTALLLOCATION="C:\mongodb" ^
ADDLOCAL="all"

You can specify the installation location for the executable by modifying the INSTALLLOCATION value.
By default, this method installs all MongoDB binaries. To install specific MongoDB component sets, you can specify
them in the ADDLOCAL argument using a comma-separated list including one or more of the following component
sets:
44 https://docs.mongodb.org/v3.0/tutorial/install-mongodb-enterprise-on-windows/
45 http://www.mongodb.com/products/mongodb-enterprise?jmp=docs

Chapter 2. Install MongoDB

MongoDB Documentation, Release 3.2.5

Component Set
Server
Router
Client
MonitoringTools
ImportExportTools

Run MongoDB Enterprise

Warning: Do not make mongod.exe visible on public networks without running in “Secure Mode
auth setting. MongoDB is designed to be run in trusted environments, and the database does not enab
Mode” by default.

You can specify an alternate path for data files using the --dbpath option to mongod.exe, for example:
C:\mongodb\bin\mongod.exe --dbpath d:\test\mongodb\data

If your path includes spaces, enclose the entire path in double quotes, for example:
C:\mongodb\bin\mongod.exe --dbpath "d:\test\mongo db data"

You may also specify the dbpath in a configuration file.
Step 2: Start MongoDB. To start MongoDB, run mongod.exe. For example, from the Command Prompt:
C:\mongodb\bin\mongod.exe

To connect to MongoDB through the mongo.exe shell, open another Command

C:\mongodb\bin\mongo.exe

If you want to develop applications using .NET, see the documentation of C# and MongoDB46 for more information.
46 https://docs.mongodb.org/ecosystem/drivers/csharp

2.3. Tutorials

MongoDB Documentation, Release 3.2.5

Step 4: Begin using MongoDB. To help you start using MongoDB, MongoDB provides Getting Started Guides in
various driver editions. See getting-started for the available editions.
Before deploying MongoDB in a production environment, consider the Production Notes (page 296) document.
Later, to stop MongoDB, press Control+C in the terminal where the mongod instance is running.
Configure a Windows Service for MongoDB Enterprise
Step 1: Open an Administrator command prompt. Press the Win key, type cmd.exe, and press Ctrl +
Shift + Enter to run the Command Prompt as Administrator.
Execute the remaining steps from the Administrator command prompt.
Step 2: Create directories. Create directories for your database and log files:
mkdir c:\data\db
mkdir c:\data\log

Step 6: Stop or remove the MongoDB service as needed. To stop the MongoDB service use the following command:

Chapter 2. Install MongoDB

MongoDB Documentation, Release 3.2.5

net stop MongoDB

To remove the MongoDB service use the following command:
"C:\mongodb\bin\mongod.exe" --remove

Manually Create a Windows Service for MongoDB Enterprise You can set up the MongoDB server as a Windows
Service that starts automatically at boot time.
The following procedure assumes you have installed MongoDB using the .msi installer with the path
C:\mongodb\.
If you have installed in an alternative directory, you will need to adjust the paths as appropriate.
Step 1: Open an Administrator command prompt. Press the Win key, type cmd.exe, and press Ctrl +
Shift + Enter to run the Command Prompt as Administrator.
Execute the remaining steps from the Administrator command prompt.
Step 2: Create directories. Create directories for your database and log files:
mkdir c:\data\db
mkdir c:\data\log

Step 4: Create the MongoDB service. Create the MongoDB service.

sc.exe create MongoDB binPath= "C:\mongodb\bin\mongod.exe --service --config=\"C:\mongodb\mongod.cfg\

Step 5: Start the MongoDB service.
net start MongoDB

2.3. Tutorials

MongoDB Documentation, Release 3.2.5

Step 6: Stop or remove the MongoDB service as needed. To stop the MongoDB service, use the following command:
net stop MongoDB

To remove the MongoDB service, first stop the service and then run the following command:
sc.exe delete MongoDB

Verify Integrity of MongoDB Packages

On this page
• Overview (page 74)
• Procedures (page 74)

Overview

The MongoDB release team digitally signs all software packages to certify that a particular MongoDB package is a
valid and unaltered MongoDB release. Before installing MongoDB, you should validate the package using either the
provided PGP signature or SHA-256 checksum.
PGP signatures provide the strongest guarantees by checking both the authenticity and integrity of a file to prevent
tampering.
Cryptographic checksums only validate file integrity to prevent network transmission errors.
Procedures

Use PGP/GPG MongoDB signs each release branch with a different PGP key. The public key files for each release
branch since MongoDB 2.2 are available for download from the key server47 in both textual .asc and binary .pub
formats.
Step
1:
Download
the
MongoDB
installation
file. Download
https://www.mongodb.org/downloads based on your environment.

the

binaries

from

For example, to download the 3.0.5 release for OS X through the shell, type this command:
curl -LO https://fastdl.mongodb.org/osx/mongodb-osx-x86_64-3.0.5.tgz

Step 2: Download the public signature file.
curl -LO https://fastdl.mongodb.org/osx/mongodb-osx-x86_64-3.0.5.tgz.sig

Step 3: Download then import the key file. If you have not downloaded and imported the MongoDB 3.0 public
key, enter these commands:
curl -LO https://www.mongodb.org/static/pgp/server-3.0.asc
gpg --import server-3.0.asc
47 https://www.mongodb.org/static/pgp/

Chapter 2. Install MongoDB

MongoDB Documentation, Release 3.2.5

You should receive this message:
gpg: key 24F3C978: public key "MongoDB 3.0 Release Signing Key " imported
gpg: Total number processed: 1
gpg:
imported: 1

Step 4: Verify the MongoDB installation file. Type this command:
gpg --verify mongodb-osx-x86_64-3.0.5.tgz.sig mongodb-osx-x86_64-3.0.5.tgz

You should receive this message:
gpg: Signature made Mon 27 Jul 2015 07:51:53 PM EDT using RSA key ID 24F3C978
gpg: Good signature from "MongoDB 3.0 Release Signing Key " [unknown]

If you receive a message such as the following, confirm that you imported the correct public key:
gpg: Signature made Mon 27 Jul 2015 07:51:53 PM EDT using RSA key ID 24F3C978
gpg: Can't check signature: public key not found

gpg will return the following message if the package is properly signed, but you do not currently trust the signing
key in your local trustdb.
gpg: WARNING: This key is not certified with a trusted signature!
gpg:
There is no indication that the signature belongs to the owner.
Primary key fingerprint: 89AE C6ED 5423 0831 793F 1384 BE0E B6AA 24F3 C978

Use SHA-256
Step
1:
Download
the
MongoDB
installation
file. Download
https://www.mongodb.org/downloads based on your environment.

the

binaries

from

For example, to download the 3.0.5 release for OS X through the shell, type this command:
curl -LO https://fastdl.mongodb.org/osx/mongodb-osx-x86_64-3.0.5.tgz

Step 2: Download the SHA256 file.
curl -LO https://fastdl.mongodb.org/osx/mongodb-osx-x86_64-3.0.5.tgz.sha256

Step 3: Use the SHA-256 checksum to verify the MongoDB package file. Compute the checksum of the package
file:
shasum -c mongodb-osx-x86_64-3.0.5.tgz.sha256

which should return the following if the checksum matched the downloaded package:
mongodb-osx-x86_64-3.0.5.tgz: OK

2.4 Additional Resources
• Install MongoDB using MongoDB Cloud Manager48
48 https://docs.cloud.mongodb.com/tutorial/getting-started?jmp=docs

2.4. Additional Resources

MongoDB Documentation, Release 3.2.5

• Create a New MongoDB Deployment with Ops Manager49 : Ops Manager is an on-premise solution available in
MongoDB Enterprise Advanced50 .
• MongoDB CRUD Concepts (page 99)
• Data Models (page 247)

49 https://docs.opsmanager.mongodb.com/current/tutorial/nav/management
50 https://www.mongodb.com/products/mongodb-enterprise-advanced?jmp=docs

Chapter 2. Install MongoDB

CHAPTER 3

The mongo Shell

On this page
•
•
•
•
•

Introduction (page 77)
Start the mongo Shell (page 77)
Working with the mongo Shell (page 78)
Tab Completion and Other Keyboard Shortcuts (page 79)
Exit the Shell (page 80)

3.1 Introduction
The mongo shell is an interactive JavaScript interface to MongoDB. You can use the mongo shell to query and update
data as well as perform administrative operations.
The mongo shell is a component of the MongoDB distributions1 . Once you have installed and have started MongoDB
(page 21), connect the mongo shell to your running MongoDB instance.
Most examples in the MongoDB Manual use the mongo shell; however, many drivers provide similar interfaces
to MongoDB.

3.2 Start the mongo Shell
Important: Ensure that MongoDB is running before attempting to start the mongo shell.
To start the mongo shell and connect to your MongoDB instance running on localhost with default port:
1. At a prompt in a terminal window (or a command prompt for Windows), go to your :
cd

2. Type ./bin/mongo to start mongo:
./bin/mongo
1 http://www.mongodb.org/downloads

MongoDB Documentation, Release 3.2.5

If you have added the /bin to the PATH environment variable, you can
just type mongo instead of ./bin/mongo.

3.2.1 Options
When you run mongo without any arguments, the mongo shell will attempt to connect to the MongoDB instance
running on the localhost interface on port 27017. To specify a different host or port number, as well as other
options, see examples of starting up mongo and mongo reference which provides details on the available options.

3.2.2 .mongorc.js File
When starting, mongo checks the user’s HOME directory for a JavaScript file named .mongorc.js. If found, mongo
interprets the content of .mongorc.js before displaying the prompt for the first time. If you use the shell to
evaluate a JavaScript file or expression, either by using the --eval option on the command line or by specifying a .js
file to mongo, mongo will read the .mongorc.js file after the JavaScript has finished processing. You can prevent
.mongorc.js from being loaded by using the --norc option.

3.3 Working with the mongo Shell
To display the database you are using, type db:
db

The operation should return test, which is the default database. To switch databases, issue the use helper,
as in the following example:
use

To list the available databases, use the helper show dbs. See also db.getSiblingDB() method to access a
different database from the current database without switching your current database context (i.e. db).
You can switch to non-existing databases. When you first store data in the database, such as by creating a collection,
MongoDB creates the database. For example, the following creates both the database myNewDatabase and the
collection myCollection during the insert() operation:
use myNewDatabase
db.myCollection.insert( { x: 1 } );

The db.myCollection.insert() is one of the methods available in the mongo shell
• db refers to the current database.
• myCollection is the name of the collection.
If the mongo shell does not accept the name of the collection, for instance if the name contains a space, hyphen, or
starts with a number, you can use an alternate syntax to refer to the collection, as in the following:
db["3test"].find()
db.getCollection("3test").find()

For more documentation of basic MongoDB operations in the mongo shell, see:
• Getting Started Guide2
2 https://docs.mongodb.org/getting-started/shell

Chapter 3. The mongo Shell

MongoDB Documentation, Release 3.2.5

• Insert Documents (page 137)
• Query Documents (page 140)
• Modify Documents (page 148)
• Remove Documents (page 152)
• https://docs.mongodb.org/manual/reference/method

3.3.1 Format Printed Results
The db.collection.find() method returns a cursor to the results; however, in the mongo shell, if the returned
cursor is not assigned to a variable using the var keyword, then the cursor is automatically iterated up to 20 times to
print up to the first 20 documents that match the query. The mongo shell will prompt Type it to iterate another 20
times.
To format the printed result, you can add the .pretty() to the operation, as in the following:
db.myCollection.find().pretty()

In addition, you can use the following explicit print methods in the mongo shell:
• print() to print without formatting
• print(tojson()) to print with JSON formatting and equivalent to printjson()
• printjson() to print with JSON formatting and equivalent to print(tojson())
For more information and examples on cursor handling in the mongo shell, see Cursors (page 103). See also Cursor
Help (page 83) for list of cursor help in the mongo shell.

3.3.2 Multi-line Operations in the mongo Shell
If you end a line with an open parenthesis (’(’), an open brace (’{’), or an open bracket (’[’), then the subsequent
lines start with ellipsis ("...") until you enter the corresponding closing parenthesis (’)’), the closing brace (’}’)
or the closing bracket (’]’). The mongo shell waits for the closing parenthesis, closing brace, or the closing bracket
before evaluating the code, as in the following example:
> if ( x > 0 ) {
... count++;
... print (x);
... }

You can exit the line continuation mode if you enter two blank lines, as in the following example:
> if (x > 0
...
...
>

3.4 Tab Completion and Other Keyboard Shortcuts
The mongo shell supports keyboard shortcuts. For example,
• Use the up/down arrow keys to scroll through command history. See .dbshell documentation for more information on the .dbshell file.

3.4. Tab Completion and Other Keyboard Shortcuts

MongoDB Documentation, Release 3.2.5

• Use to autocomplete or to list the completion possibilities, as in the following example which uses
to complete the method name starting with the letter ’c’:
db.myCollection.c

Because there are many collection methods starting with the letter ’c’, the will list the various methods
that start with ’c’.
For a full list of the shortcuts, see Shell Keyboard Shortcuts

3.5 Exit the Shell
To exit the shell, type quit() or use the shortcut.
See also:
• Getting Started Guide3
• mongo Reference Page

3.5.1 Configure the mongo Shell
On this page
• Customize the Prompt (page 80)
• Use an External Editor in the mongo Shell (page 81)
• Change the mongo Shell Batch Size (page 82)

Customize the Prompt
You may modify the content of the prompt by setting the variable prompt in the mongo shell. The prompt variable
can hold strings as well as JavaScript code. If prompt holds a function that returns a string, mongo can display
dynamic information in each prompt.
You can add the logic for the prompt in the .mongorc.js file to set the prompt each time you start up the mongo shell.
Customize Prompt to Display Number of Operations

For example,to create a mongo shell prompt with the number of operations issued in the current session, define the
following variables in the mongo shell:
cmdCount = 1;
prompt = function() {
return (cmdCount++) + "> ";
}

The prompt would then resemble the following:
1>
2>
3>
3 https://docs.mongodb.org/getting-started/shell

Chapter 3. The mongo Shell

MongoDB Documentation, Release 3.2.5

Customize Prompt to Display Database and Hostname

To create a mongo shell prompt in the form of @$, define the following variables:
host = db.serverStatus().host;
prompt = function() {
return db+"@"+host+"$ ";
}

The prompt would then resemble the following:
test@myHost1$

Customize Prompt to Display Up Time and Document Count

To create a mongo shell prompt that contains the system up time and the number of documents in the current database,
define the following prompt variable in the mongo shell:
prompt = function() {
return "Uptime:"+db.serverStatus().uptime+" Documents:"+db.stats().objects+" > ";
}

The prompt would then resemble the following:
Uptime:5897 Documents:6 >

Use an External Editor in the mongo Shell
You can use your own editor in the mongo shell by setting the EDITOR environment variable before starting the
mongo shell.
export EDITOR=vim
mongo

Once in the mongo shell, you can edit with the specified editor by typing edit or edit
, as in the following example:
1. Define a function myFunction:
function myFunction () { }

2. Edit the function using your editor:
edit myFunction

The command should open the vim edit session. When finished with the edits, save and exit vim edit session.
3. In the mongo shell, type myFunction to see the function definition:
myFunction

The result should be the changes from your saved edit:
function myFunction() {
print("This was edited");
}

3.5. Exit the Shell

MongoDB Documentation, Release 3.2.5

Note: As mongo shell interprets code edited in an external editor, it may modify code in functions, depending on
the JavaScript compiler. For mongo may convert 1+1 to 2 or remove comments. The actual changes affect only the
appearance of the code and will vary based on the version of JavaScript used but will not affect the semantics of the
code.

Change the mongo Shell Batch Size
The db.collection.find() method is the JavaScript method to retrieve documents from a collection. The
db.collection.find() method returns a cursor to the results; however, in the mongo shell, if the returned
cursor is not assigned to a variable using the var keyword, then the cursor is automatically iterated up to 20 times to
print up to the first 20 documents that match the query. The mongo shell will prompt Type it to iterate another 20
times.
You can set the DBQuery.shellBatchSize attribute to change the number of documents from the default value
of 20, as in the following example which sets it to 10:
DBQuery.shellBatchSize = 10;

3.5.2 Access the mongo Shell Help
On this page
•
•
•
•
•
•

Command Line Help (page 82)
Shell Help (page 82)
Database Help (page 82)
Collection Help (page 83)
Cursor Help (page 83)
Wrapper Object Help (page 84)

In addition to the documentation in the MongoDB Manual, the mongo shell provides some additional information
in its “online” help system. This document provides an overview of accessing this help information.
Command Line Help
To see the list of options and help for starting the mongo shell, use the --help option from the command line:
mongo --help

Shell Help
To see the list of help, in the mongo shell, type help:
help

Database Help
In the mongo shell:
• To see the list of databases on the server, use the show dbs command:
82

Chapter 3. The mongo Shell

MongoDB Documentation, Release 3.2.5

show dbs

New in version 2.4: show databases is now an alias for show dbs
• To see the list of help for methods you can use on the db object, call the db.help() method:
db.help()

• To see the implementation of a method in the shell, type the db. without the parenthesis
(()), as in the following example which will return the implementation of the method db.updateUser():
db.updateUser

Collection Help
In the mongo shell:
• To see the list of collections in the current database, use the show collections command:
show collections

• To see the help for methods available on the collection objects (e.g.
db..help() method:

db.), use the

db.collection.help()

can be the name of a collection that exists, although you may specify a collection that doesn’t
exist.
• To see the collection method implementation, type the db.. name without the
parenthesis (()), as in the following example which will return the implementation of the save() method:
db.collection.save

Cursor Help
When you perform read operations (page 100) with the find() method in the mongo shell, you can use various
cursor methods to modify the find() behavior and various JavaScript methods to handle the cursor returned from
the find() method.
• To list the available modifier and cursor handling methods, use the db.collection.find().help()
command:
db.collection.find().help()

can be the name of a collection that exists, although you may specify a collection that doesn’t
exist.
• To see the implementation of the cursor method, type the db..find(). name
without the parenthesis (()), as in the following example which will return the implementation of the
toArray() method:
db.collection.find().toArray

Some useful methods for handling cursors are:
• hasNext() which checks whether the cursor has more documents to return.
• next() which returns the next document and advances the cursor position forward by one.

3.5. Exit the Shell

MongoDB Documentation, Release 3.2.5

• forEach() which iterates the whole cursor and applies the to each document
returned by the cursor. The expects a single argument which corresponds to the document from
each iteration.
For examples on iterating a cursor and retrieving the documents from the cursor, see cursor handling (page 103). See
also js-query-cursor-methods for all available cursor methods.
Wrapper Object Help
To get a list of the wrapper classes available in the mongo shell, such as BinData(), type help misc in the
mongo shell:
help misc

See also:
https://docs.mongodb.org/manual/reference/method

3.5.3 Write Scripts for the mongo Shell
On this page
• Opening New Connections (page 84)
• Differences Between Interactive and Scripted mongo (page 85)
• Scripting (page 86)
You can write scripts for the mongo shell in JavaScript that manipulate data in MongoDB or perform administrative
operation. For more information about the mongo shell, see the Running .js files via a mongo shell Instance on the
Server (page 384) section for more information about using these mongo script.
This tutorial provides an introduction to writing JavaScript that uses the mongo shell to access MongoDB.
Opening New Connections
From the mongo shell or from a JavaScript file, you can instantiate database connections using the Mongo() constructor:
new Mongo()
new Mongo()
new Mongo()

Consider the following example that instantiates a new connection to the MongoDB instance running on localhost on
the default port and sets the global db variable to myDatabase using the getDB() method:
conn = new Mongo();
db = conn.getDB("myDatabase");

If connecting to a MongoDB instance that has enforces access control, you can use the db.auth() method to
authenticate.
Additionally, you can use the connect() method to connect to the MongoDB instance. The following example
connects to the MongoDB instance that is running on localhost with the non-default port 27020 and set the
global db variable:

Chapter 3. The mongo Shell

MongoDB Documentation, Release 3.2.5

db = connect("localhost:27020/myDatabase");

See also:
https://docs.mongodb.org/manual/reference/method/
Differences Between Interactive and Scripted mongo
When writing scripts for the mongo shell, consider the following:
• To set the db global variable, use the getDB() method or the connect() method. You can assign the
database reference to a variable other than db.
• Write operations in the mongo shell use a write concern of { w: 1 } (page 180) by default. If performing bulk
operations, use the Bulk() methods. See Write Method Acknowledgements (page 1002) for more information.
Changed in version 2.6: Before MongoDB 2.6, call db.getLastError() explicitly to wait for the result of
write operations (page 114).
• You cannot use any shell helper (e.g. use , show dbs, etc.) inside the JavaScript file because
they are not valid JavaScript.
The following table maps the most common mongo shell helpers to their JavaScript equivalents.
Shell Helpers
show dbs, show databases
use
show collections
show users
show roles
show log
show logs
it

JavaScript Equivalents
db.adminCommand('listDatabases')
db = db.getSiblingDB('')
db.getCollectionNames()
db.getUsers()
db.getRoles({showBuiltinRoles: true})
db.adminCommand({ 'getLog' : '' })
db.adminCommand({ 'getLog' : '*' })
cursor = db.collection.find()
if ( cursor.hasNext() ){
cursor.next();
}

• In interactive mode, mongo prints the results of operations including the content of all cursors. In scripts, either
use the JavaScript print() function or the mongo specific printjson() function which returns formatted
JSON.
Example
To print all items in a result cursor in mongo shell scripts, use the following idiom:

3.5. Exit the Shell

MongoDB Documentation, Release 3.2.5

cursor = db.collection.find();
while ( cursor.hasNext() ) {
printjson( cursor.next() );
}

Scripting
From the system prompt, use mongo to evaluate JavaScript.
--eval option

Use the --eval option to mongo to pass the shell a JavaScript fragment, as in the following:
mongo test --eval "printjson(db.getCollectionNames())"

This returns the output of db.getCollectionNames() using the mongo shell connected to the mongod or
mongos instance running on port 27017 on the localhost interface.
Execute a JavaScript file

You can specify a .js file to the mongo shell, and mongo will execute the JavaScript directly. Consider the following
example:
mongo localhost:27017/test myjsfile.js

This operation executes the myjsfile.js script in a mongo shell that connects to the test database on the
mongod instance accessible via the localhost interface on port 27017.
Alternately, you can specify the mongodb connection parameters inside of the javascript file using the Mongo()
constructor. See Opening New Connections (page 84) for more information.
You can execute a .js file from within the mongo shell, using the load() function, as in the following:
load("myjstest.js")

This function loads and executes the myjstest.js file.
The load() method accepts relative and absolute paths. If the current working directory of the mongo shell is
/data/db, and the myjstest.js resides in the /data/db/scripts directory, then the following calls within
the mongo shell would be equivalent:
load("scripts/myjstest.js")
load("/data/db/scripts/myjstest.js")

Note: There is no search path for the load() function. If the desired script is not in the current working directory
or the full specified path, mongo will not be able to access the file.

3.5.4 Data Types in the mongo Shell

Chapter 3. The mongo Shell

MongoDB Documentation, Release 3.2.5

On this page
• Types (page 87)
• Check Types in the mongo Shell (page 89)
MongoDB BSON provides support for additional data types than JSON. Drivers provide native support for these
data types in host languages and the mongo shell also provides several helper classes to support the use of these data
types in the mongo JavaScript shell. See the Extended JSON (page 16) reference for additional information.
Types
Date

The mongo shell provides various methods to return the date, either as a string or as a Date object:
• Date() method which returns the current date as a string.
• new Date() constructor which returns a Date object using the ISODate() wrapper.
• ISODate() constructor which returns a Date object using the ISODate() wrapper.
Internally, Date (page 15) objects are stored as a 64 bit integer representing the number of milliseconds since the Unix
epoch (Jan 1, 1970), which results in a representable date range of about 290 millions years into the past and future.
Return Date as a String To return the date as a string, use the Date() method, as in the following example:
var myDateString = Date();

To print the value of the variable, type the variable name in the shell, as in the following:
myDateString

The result is the value of myDateString:
Wed Dec 19 2012 01:03:25 GMT-0500 (EST)

To verify the type, use the typeof operator, as in the following:
typeof myDateString

The operation returns string.
Return Date The mongo shell wraps objects of Date type with the ISODate helper; however, the objects remain
of type Date.
The following example uses both the new Date() constructor and the ISODate() constructor to return Date
objects.
var myDate = new Date();
var myDateInitUsingISODateWrapper = ISODate();

You can use the new operator with the ISODate() constructor as well.
To print the value of the variable, type the variable name in the shell, as in the following:
myDate

3.5. Exit the Shell

MongoDB Documentation, Release 3.2.5

The result is the Date value of myDate wrapped in the ISODate() helper:
ISODate("2012-12-19T06:01:17.171Z")

To verify the type, use the instanceof operator, as in the following:
myDate instanceof Date
myDateInitUsingISODateWrapper instanceof Date

The operation returns true for both.
ObjectId

The mongo shell provides the ObjectId() wrapper class around the ObjectId (page 14) data type. To generate a
new ObjectId, use the following operation in the mongo shell:
new ObjectId

See
ObjectId

NumberLong

By default, the mongo shell treats all numbers as floating-point values.
NumberLong() wrapper to handle 64-bit integers.

The mongo shell provides the

The NumberLong() wrapper accepts the long as a string:
NumberLong("2090845886852")

The following examples use the NumberLong() wrapper to write to the collection:
db.collection.insert( { _id: 10, calc: NumberLong("2090845886852") } )
db.collection.update( { _id: 10 },
{ $set: { calc: NumberLong("2555555000000") } } )
db.collection.update( { _id: 10 },
{ $inc: { calc: NumberLong(5) } } )

Retrieve the document to verify:
db.collection.findOne( { _id: 10 } )

In the returned document, the calc field contains a NumberLong object:
{ "_id" : 10, "calc" : NumberLong("2555555000005") }

If you use the $inc to increment the value of a field that contains a NumberLong object by a float, the data type
changes to a floating point value, as in the following example:
1. Use $inc to increment the calc field by 5, which the mongo shell treats as a float:
db.collection.update( { _id: 10 },
{ $inc: { calc: 5 } } )

2. Retrieve the updated document:

Chapter 3. The mongo Shell

MongoDB Documentation, Release 3.2.5

db.collection.findOne( { _id: 10 } )

In the updated document, the calc field contains a floating point value:
{ "_id" : 10, "calc" : 2555555000010 }

NumberInt

By default, the mongo shell treats all numbers as floating-point values. The mongo shell provides the NumberInt()
constructor to explicitly specify 32-bit integers.
Check Types in the mongo Shell
To determine the type of fields, the mongo shell provides the instanceof and typeof operators.
instanceof

instanceof returns a boolean to test if a value is an instance of some type.
For example, the following operation tests whether the _id field is an instance of type ObjectId:
mydoc._id instanceof ObjectId

The operation returns true.
typeof

typeof returns the type of a field.
For example, the following operation returns the type of the _id field:
typeof mydoc._id

In this case typeof will return the more generic object type rather than ObjectId type.

3.5.5 mongo Shell Quick Reference
On this page
•
•
•
•
•
•
•
•
•
•
•

mongo Shell Command History (page 90)
Command Line Options (page 90)
Command Helpers (page 90)
Basic Shell JavaScript Operations (page 90)
Keyboard Shortcuts (page 91)
Queries (page 92)
Error Checking Methods (page 94)
Administrative Command Helpers (page 94)
Opening Additional Connections (page 94)
Miscellaneous (page 94)
Additional Resources (page 95)

3.5. Exit the Shell

MongoDB Documentation, Release 3.2.5

mongo Shell Command History
You can retrieve previous commands issued in the mongo shell with the up and down arrow keys. Command history
is stored in ~/.dbshell file. See .dbshell for more information.
Command Line Options
The mongo shell can be started with numerous options. See mongo shell page for details on all available options.
The following table displays some common options for mongo:
OpDescription
tion
--help Show command line options
--nodb Start mongo shell without connecting to a database.
To connect later, see Opening New Connections (page 84).
--shellUsed in conjunction with a JavaScript file (i.e. ) to continue in the mongo shell after running
the JavaScript file.
See JavaScript file (page 86) for an example.
Command Helpers
The mongo shell provides various help. The following table displays some common help methods and commands:
Help Methods and
Description
Commands
help
Show help.
db.help()
Show help for database methods.
db..help()
Show help on collection methods. The can be the name of an existing
collection or a non-existing collection.
show dbs
Print a list of all databases on the server.
use
Switch current database to . The mongo shell variable db is set to the current
database.
show
Print a list of all collections for current database
collections
show users
Print a list of users for current database.
show roles
Print a list of all roles, both user-defined and built-in, for the current database.
show profile
Print the five most recent operations that took 1 millisecond or more. See documentation
on the database profiler (page 326) for more information.
show databases Print a list of all available databases.
load()
Execute a JavaScript file. See Write Scripts for the mongo Shell (page 84) for more
information.
Basic Shell JavaScript Operations
The mongo shell provides a JavaScript API for database operations.
In the mongo shell, db is the variable that references the current database. The variable is automatically set to the
default database test or is set when you use the use to switch current database.
The following table displays some common JavaScript operations:

Chapter 3. The mongo Shell

MongoDB Documentation, Release 3.2.5

JavaScript Database Operations
db.auth()
coll = db.

Description
If running in secure mode, authenticate the user.
Set a specific collection in the current database to a variable coll, as in the following example:
coll = db.myCollection;
You can perform operations on the myCollection
using the variable, as in the following example:
coll.find();

db.collection.find()

Find all documents in the collection and returns a cursor.
See the db.collection.find() and Query Documents (page 140) for more information and examples.
See Cursors (page 103) for additional information on
cursor handling in the mongo shell.
Insert a new document into the collection.
Update an existing document in the collection.
See Write Operations (page 114) for more information.
Insert either a new document or update an existing document in the collection.
See Write Operations (page 114) for more information.
Delete documents from the collection.
See Write Operations (page 114) for more information.
Drops or removes completely the collection.
Create a new index on the collection if the index does
not exist; otherwise, the operation has no effect.
Return a reference to another database using this same
connection without explicitly switching the current
database. This allows for cross database queries.

db.collection.insert()
db.collection.update()
db.collection.save()

db.collection.remove()
db.collection.drop()
db.collection.createIndex()
db.getSiblingDB()

For more information on performing operations in the shell, see:
• MongoDB CRUD Concepts (page 99)
• Read Operations (page 100)
• Write Operations (page 114)
• js-administrative-methods
Keyboard Shortcuts
The mongo shell provides most keyboard shortcuts similar to those found in the bash shell or in Emacs. For some
functions mongo provides multiple key bindings, to accommodate several familiar paradigms.
The following table enumerates the keystrokes supported by the mongo shell:
Keystroke
Up-arrow
Down-arrow
Home
End
Tab
Left-arrow
Right-arrow
Ctrl-left-arrow

3.5. Exit the Shell

Function
previous-history
next-history
beginning-of-line
end-of-line
autocomplete
backward-character
forward-character
backward-word
Continued on next page

MongoDB Documentation, Release 3.2.5

Table 3.1 – continued from previous page
Keystroke
Function
Ctrl-right-arrow
forward-word
Meta-left-arrow
backward-word
Meta-right-arrow
forward-word
Ctrl-A
beginning-of-line
Ctrl-B
backward-char
Ctrl-C
exit-shell
Ctrl-D
delete-char (or exit shell)
Ctrl-E
end-of-line
Ctrl-F
forward-char
Ctrl-G
abort
Ctrl-J
accept-line
Ctrl-K
kill-line
Ctrl-L
clear-screen
Ctrl-M
accept-line
Ctrl-N
next-history
Ctrl-P
previous-history
Ctrl-R
reverse-search-history
Ctrl-S
forward-search-history
Ctrl-T
transpose-chars
Ctrl-U
unix-line-discard
Ctrl-W
unix-word-rubout
Ctrl-Y
yank
Ctrl-Z
Suspend (job control works in linux)
Ctrl-H (i.e. Backspace) backward-delete-char
Ctrl-I (i.e. Tab)
complete
Meta-B
backward-word
Meta-C
capitalize-word
Meta-D
kill-word
Meta-F
forward-word
Meta-L
downcase-word
Meta-U
upcase-word
Meta-Y
yank-pop
Meta-[Backspace]
backward-kill-word
Meta-<
beginning-of-history
Meta->
end-of-history

Queries
In the mongo shell, perform read operations using the find() and findOne() methods.
The find() method returns a cursor object which the mongo shell iterates to print documents on screen. By default,
mongo prints the first 20. The mongo shell will prompt the user to “Type it” to continue iterating the next 20
results.
The following table provides some common read operations in the mongo shell:

Chapter 3. The mongo Shell

MongoDB Documentation, Release 3.2.5

Read Operations
db.collection.find()

db.collection.find(,
)

db.collection.find().sort()

db.collection.find().sort()
db.collection.find( ... ).limit(
)
db.collection.find( ... ).skip(
)
db.collection.count()
db.collection.find().count()

db.collection.findOne()

3.5. Exit the Shell

Description
Find the documents matching the criteria in
the collection. If the criteria is not specified
or is empty (i.e {} ), the read operation selects all documents in the collection.
The following example selects the documents in the
users collection with the name field equal to "Joe":
coll = db.users;
coll.find( { name: "Joe" } );
For more information on specifying the criteria, see Query Documents (page 140).
Find documents matching the criteria and return just specific fields in the .
The following example selects all documents from the
collection but returns only the name field and the _id
field. The _id is always returned unless explicitly specified to not return.
coll = db.users;
coll.find( { }, { name: true } );
For
more
information
on
specifying
the
, see Limit Fields to Return from
a Query (page 153).
Return results in the specified .
The following example selects all documents from the
collection and returns the results sorted by the name
field in ascending order (1). Use -1 for descending order:
coll = db.users;
coll.find().sort( { name: 1 } );
Return the documents matching the criteria
in the specified .
Limit result to rows. Highly recommended if you
need only a certain number of rows for best performance.
Skip results.
Returns total number of documents in the collection.
Returns the total number of documents that match the
query.
The count() ignores limit() and skip(). For
example, if 100 records match but the limit is 10,
count() will return 100. This will be faster than iterating yourself, but still take time.
Find and return a single document. Returns null if not
found.
The following example selects a single document in
the users collection with the name field matches to
"Joe":
coll = db.users;
coll.findOne( { name: "Joe" } );
Internally, the findOne() method is the find()
method with a limit(1).

MongoDB Documentation, Release 3.2.5

See Query Documents (page 140) and Read Operations (page 100) documentation for more information and examples. See https://docs.mongodb.org/manual/reference/operator/query to specify other query
operators.
Error Checking Methods
Changed in version 2.6.
The mongo shell write methods now integrates the Write Concern (page 179) directly into the method execution rather
than with a separate db.getLastError() method. As such, the write methods now return a WriteResult()
object that contains the results of the operation, including any write errors and write concern errors.
Previous versions used db.getLastError() and db.getLastErrorObj() methods to return error information.
Administrative Command Helpers
The following table lists some common methods to support database administration:
JavaScript Database
Description
Administration Methods
db.cloneDatabase()
Clone the current database from the specified. The database
instance must be in noauth mode.
db.copyDatabase(,Copy the database from the to the database on the
, )
current server.
The database instance must be in noauth mode.
db.fromColl.renameCollection()
Rename collection from fromColl to .
db.repairDatabase()
Repair and compact the current database. This operation can be very slow on
large databases.
db.getCollectionNames()Get the list of all collections in the current database.
db.dropDatabase()
Drops the current database.
See also administrative database methods for a full list of methods.
Opening Additional Connections
You can create new connections within the mongo shell.
The following table displays the methods to create the connections:
JavaScript Connection Create Methods
db = connect("<:port>/")
conn = new Mongo()
db = conn.getDB("dbname")

Description
Open a new database connection.
Open a connection to a new server using new
Mongo().
Use getDB() method of the connection to select a
database.

See also Opening New Connections (page 84) for more information on the opening new connections from the mongo
shell.
Miscellaneous
The following table displays some miscellaneous methods:

Chapter 3. The mongo Shell

MongoDB Documentation, Release 3.2.5

Method
Object.bsonsize()

Description
Prints the BSON size of a in bytes

See the MongoDB JavaScript API Documentation4 for a full list of JavaScript methods .
Additional Resources
Consider the following reference material that addresses the mongo shell and its interface:
• mongo
• js-administrative-methods
• database-commands
• Aggregation Reference (page 225)
• Getting Started Guide5
Additionally, the MongoDB source code repository includes a jstests directory6 which contains numerous mongo
shell scripts.

4 http://api.mongodb.org/js/index.html
5 https://docs.mongodb.org/getting-started/shell
6 https://github.com/mongodb/mongo/tree/master/jstests/

3.5. Exit the Shell

MongoDB Documentation, Release 3.2.5

Chapter 3. The mongo Shell

CHAPTER 4

MongoDB CRUD Operations

MongoDB provides rich semantics for reading and manipulating data. CRUD stands for create, read, update, and
delete. These terms are the foundation for all interactions with the database.
MongoDB CRUD Introduction (page 97) An introduction to the MongoDB data model as well as queries and data
manipulations.
MongoDB CRUD Concepts (page 99) The core documentation of query and data manipulation.
MongoDB CRUD Tutorials (page 136) Examples of basic query and data modification operations.
MongoDB CRUD Reference (page 178) Reference material for the query and data manipulation interfaces.

4.1 MongoDB CRUD Introduction
On this page
• Database Operations (page 98)
MongoDB stores data in the form of documents, which are JSON-like field and value pairs. Documents are analogous
to structures in programming languages that associate keys with values (e.g. dictionaries, hashes, maps, and associative
arrays). Formally, MongoDB documents are BSON documents. BSON is a binary representation of JSON with
additional type information. In the documents, the value of a field can be any of the BSON data types, including other
documents, arrays, and arrays of documents. For more information, see Documents (page 8).

MongoDB stores all documents in collections. A collection is a group of related documents that have a set of shared
common indexes. Collections are analogous to a table in relational databases.
97

MongoDB Documentation, Release 3.2.5

4.1.1 Database Operations
Query
In MongoDB a query targets a specific collection of documents. Queries specify criteria, or conditions, that identify
the documents that MongoDB returns to the clients. A query may include a projection that specifies the fields from
the matching documents to return. You can optionally modify queries to impose limits, skips, and sort orders.
In the following diagram, the query process specifies a query criteria and a sort modifier:

See Read Operations Overview (page 100) for more information.

Chapter 4. MongoDB CRUD Operations

MongoDB Documentation, Release 3.2.5

Data Modification
Data modification refers to operations that create, update, or delete data. In MongoDB, these operations modify the
data of a single collection. For the update and delete operations, you can specify the criteria to select the documents
to update or remove.
In the following diagram, the insert operation adds a new document to the users collection.

See Write Operations Overview (page 114) for more information.

4.2 MongoDB CRUD Concepts
The Read Operations (page 100) and Write Operations (page 114) documents introduce the behavior and operations
of read and write operations for MongoDB deployments.
Read Operations (page 100) Queries are the core operations that return data in MongoDB. Introduces queries, their
behavior, and performances.
Cursors (page 103) Queries return iterable objects, called cursors, that hold the full result set.
Query Optimization (page 105) Analyze and improve query performance.
Distributed Queries (page 110) Describes how sharded clusters and replica sets affect the performance of read
operations.
4.2. MongoDB CRUD Concepts

MongoDB Documentation, Release 3.2.5

Write Operations (page 114) Write operations insert, update, or remove documents in MongoDB. Introduces data
create and modify operations, their behavior, and performances.
Atomicity and Transactions (page 125) Describes write operation atomicity in MongoDB.
Distributed Write Operations (page 126) Describes how MongoDB directs write operations on sharded clusters and replica sets and the performance characteristics of these operations.
Continue reading from Write Operations (page 114) for additional background on the behavior of data modification operations in MongoDB.

4.2.1 Read Operations
The following documents describe read operations:
Read Operations Overview (page 100) A high level overview of queries and projections in MongoDB, including a
discussion of syntax and behavior.
Cursors (page 103) Queries return iterable objects, called cursors, that hold the full result set.
Query Optimization (page 105) Analyze and improve query performance.
Query Plans (page 108) MongoDB executes queries using optimal plans.
Distributed Queries (page 110) Describes how sharded clusters and replica sets affect the performance of read operations.
Read Operations Overview

On this page
•
•
•
•

Query Interface (page 100)
Query Behavior (page 101)
Query Statements (page 101)
Projections (page 102)

Read operations, or queries, retrieve data stored in the database. In MongoDB, queries select documents from a single
collection.
Queries specify criteria, or conditions, that identify the documents that MongoDB returns to the clients. A query may
include a projection that specifies the fields from the matching documents to return. The projection limits the amount
of data that MongoDB returns to the client over the network.
Query Interface

For query operations, MongoDB provides a db.collection.find() method. The method accepts both the query
criteria and projections and returns a cursor (page 103) to the matching documents. You can optionally modify the
query to impose limits, skips, and sort orders.
The following diagram highlights the components of a MongoDB query operation:
The next diagram shows the same query in SQL:
Example

100

Chapter 4. MongoDB CRUD Operations

MongoDB Documentation, Release 3.2.5

db.users.find( { age: { $gt: 18 } }, { name: 1, address: 1 } ).limit(5)

This query selects the documents in the users collection that match the condition age is greater than 18. To specify
the greater than condition, query criteria uses the greater than (i.e. $gt) query selection operator. The query returns
at most 5 matching documents (or more precisely, a cursor to those documents). The matching documents will return
with only the _id, name and address fields. See Projections (page 102) for details.
See
SQL to MongoDB Mapping Chart (page 183) for additional examples of MongoDB queries and the corresponding
SQL statements.

Query Behavior

MongoDB queries exhibit the following behavior:
• All queries in MongoDB address a single collection.
• You can modify the query to impose limits, skips, and sort orders.
• The order of documents returned by a query is not defined unless you specify a sort().
• Operations that modify existing documents (page 148) (i.e. updates) use the same query syntax as queries to
select documents to update.
• In aggregation pipeline (page 199), the $match pipeline stage provides access to MongoDB queries.
MongoDB provides a db.collection.findOne() method as a special case of find() that returns a single
document.
Query Statements

Consider the following diagram of the query process that specifies a query criteria and a sort modifier:
In the diagram, the query selects documents from the users collection. Using a query selection operator
to define the conditions for matching documents, the query selects documents that have age greater than (i.e. $gt)
18. Then the sort() modifier sorts the results by age in ascending order.

4.2. MongoDB CRUD Concepts

101

MongoDB Documentation, Release 3.2.5

For additional examples of queries, see Query Documents (page 140).
Projections

Queries in MongoDB return all fields in all matching documents by default. To limit the amount of data that MongoDB
sends to applications, include a projection in the queries. By projecting results with a subset of fields, applications
reduce their network overhead and processing requirements.
Projections, which are the second argument to the find() method, may either specify a list of fields to return or list
fields to exclude in the result documents.
Important:
projections.

Except for excluding the _id field in inclusive projections, you cannot mix exclusive and inclusive

Consider the following diagram of the query process that specifies a query criteria and a projection:
In the diagram, the query selects from the users collection. The criteria matches the documents that have age equal
to 18. Then the projection specifies that only the name field should return in the matching documents.
Projection Examples
Exclude One Field From a Result Set
db.records.find( { "user_id": { $lt: 42 } }, { "history": 0 } )

This query selects documents in the records collection that match the condition { "user_id": { $lt: 42
} }, and uses the projection { "history": 0 } to exclude the history field from the documents in the result
set.
Return Two fields and the _id Field

102

Chapter 4. MongoDB CRUD Operations

MongoDB Documentation, Release 3.2.5

db.records.find( { "user_id": { $lt: 42 } }, { "name": 1, "email": 1 } )

This query selects documents in the records collection that match the query { "user_id": { $lt: 42 }
} and uses the projection { "name": 1, "email": 1 } to return just the _id field (implicitly included),
name field, and the email field in the documents in the result set.
Return Two Fields and Exclude _id
db.records.find( { "user_id": { $lt: 42} }, { "_id": 0, "name": 1 , "email": 1 } )

This query selects documents in the records collection that match the query { "user_id":
}, and only returns the name and email fields in the documents in the result set.

{ $lt:

42}

See
Limit Fields to Return from a Query (page 153) for more examples of queries with projection statements.

Projection Behavior MongoDB projections have the following properties:
• By default, the _id field is included in the results. To suppress the _id field from the result set, specify _id:
0 in the projection document.
• For fields that contain arrays, MongoDB provides the following projection operators: $elemMatch, $slice,
and $.
• For related projection functionality in the aggregation pipeline (page 199) , use the $project pipeline stage.
Cursors

4.2. MongoDB CRUD Concepts

103

MongoDB Documentation, Release 3.2.5

On this page
• Cursor Behaviors (page 104)
• Cursor Information (page 105)
In the mongo shell, the primary method for the read operation is the db.collection.find() method. This
method queries a collection and returns a cursor to the returning documents.
To access the documents, you need to iterate the cursor. However, in the mongo shell, if the returned cursor is not
assigned to a variable using the var keyword, then the cursor is automatically iterated up to 20 times 1 to print up to
the first 20 documents in the results.
For example, in the mongo shell, the following read operation queries the inventory collection for documents that
have type equal to ’food’ and automatically print up to the first 20 matching documents:
db.inventory.find( { type: 'food' } );

To manually iterate the cursor to access the documents, see Iterate a Cursor in the mongo Shell (page 158).
Cursor Behaviors

Closure of Inactive Cursors By default, the server will automatically close the cursor after 10 minutes of inactivity, or if client has exhausted the cursor. To override this behavior in the mongo shell, you can use the
cursor.noCursorTimeout() method:
var myCursor = db.inventory.find().noCursorTimeout();

After setting the noCursorTimeout option, you must either close the cursor manually with cursor.close()
or by exhausting the cursor’s results.
See your driver documentation for information on setting the noCursorTimeout option.
Cursor Isolation As a cursor returns documents, other operations may interleave with the query. For the MMAPv1
(page 603) storage engine, intervening write operations on a document may result in a cursor that returns a document more than once if that document has changed. To handle this situation, see the information on snapshot mode
(page 135).
Cursor Batches The MongoDB server returns the query results in batches. Batch size will not exceed the maximum
BSON document size. For most queries, the first batch returns 101 documents or just enough documents to exceed 1
megabyte. Subsequent batch size is 4 megabytes. To override the default size of the batch, see batchSize() and
limit().
For queries that include a sort operation without an index, the server must load all the documents in memory to perform
the sort before returning any results.
As you iterate through the cursor and reach the end of the returned batch, if there are more results, cursor.next()
will perform a getmore operation to retrieve the next batch. To see how many documents remain in the batch
as you iterate the cursor, you can use the objsLeftInBatch() method, as in the following example:
var myCursor = db.inventory.find();
var myFirstDocument = myCursor.hasNext() ? myCursor.next() : null;
1 You can use the DBQuery.shellBatchSize to change the number of iteration from the default value 20. See Working with the mongo
Shell (page 78) for more information.

104

Chapter 4. MongoDB CRUD Operations

MongoDB Documentation, Release 3.2.5

myCursor.objsLeftInBatch();

Cursor Information

The db.serverStatus() method returns a document that includes a metrics field. The metrics field contains a metrics.cursor field with the following information:
• number of timed out cursors since the last server restart
• number of open cursors with the option DBQuery.Option.noTimeout set to prevent timeout after a period
of inactivity
• number of “pinned” open cursors
• total number of open cursors
Consider the following example which calls the db.serverStatus() method and accesses the metrics field
from the results and then the cursor field from the metrics field:
db.serverStatus().metrics.cursor

The result is the following document:
{
"timedOut" :
"open" : {
"noTimeout" : ,
"pinned" : ,
"total" :
}
}

See also:
db.serverStatus()
Query Optimization

On this page
• Create an Index to Support Read Operations (page 105)
• Query Selectivity (page 106)
• Covered Query (page 106)
Indexes improve the efficiency of read operations by reducing the amount of data that query operations need to process.
This simplifies the work associated with fulfilling queries within MongoDB.
Create an Index to Support Read Operations

If your application queries a collection on a particular field or set of fields, then an index on the queried field or a
compound index (page 522) on the set of fields can prevent the query from scanning the whole collection to find and
return the query results. For more information about indexes, see the complete documentation of indexes in MongoDB
(page 515).

4.2. MongoDB CRUD Concepts

105

MongoDB Documentation, Release 3.2.5

Example
An application queries the inventory collection on the type field. The value of the type field is user-driven.
var typeValue = ;
db.inventory.find( { type: typeValue } );

To improve the performance of this query, add an ascending or a descending index to the inventory collection
on the type field. 2 In the mongo shell, you can create indexes using the db.collection.createIndex()
method:
db.inventory.createIndex( { type: 1 } )

This index can prevent the above query on type from scanning the whole collection to return the results.
To analyze the performance of the query with an index, see Analyze Query Performance (page 159).
In addition to optimizing read operations, indexes can support sort operations and allow for a more efficient storage
utilization. See db.collection.createIndex() and Indexes (page 515) for more information about index
creation.
Query Selectivity

Query selectivity refers to how well the query predicate excludes or filters out documents in a collection. Query
selectivity can determine whether or not queries can use indexes effectively or even use indexes at all.
More selective queries match a smaller percentage of documents. For instance, an equality match on the unique _id
field is highly selective as it can match at most one document.
Less selective queries match a larger percentage of documents. Less selective queries cannot use indexes effectively
or even at all.
For instance, the inequality operators $nin and $ne are not very selective since they often match a large portion of
the index. As a result, in many cases, a $nin or $ne query with an index may perform no better than a $nin or $ne
query that must scan all documents in a collection.
The selectivity of regular expressions depends on the expressions themselves. For details, see regular expression and index use.
Covered Query

An index covers (page 106) a query when both of the following apply:
• all the fields in the query (page 140) are part of an index, and
• all the fields returned in the results are in the same index.
For example, a collection inventory has the following index on the type and item fields:
db.inventory.createIndex( { type: 1, item: 1 } )

This index will cover the following operation which queries on the type and item fields and returns only the item
field:
2 For single-field indexes, the selection between ascending and descending order is immaterial. For compound indexes, the selection is important.
See indexing order (page 524) for more details.

106

Chapter 4. MongoDB CRUD Operations

MongoDB Documentation, Release 3.2.5

db.inventory.find(
{ type: "food", item:/^c/ },
{ item: 1, _id: 0 }
)

For the specified index to cover the query, the projection document must explicitly specify _id:
_id field from the result since the index does not include the _id field.

0 to exclude the

Performance Because the index contains all fields required by the query, MongoDB can both match the query
conditions (page 140) and return the results using only the index.
Querying only the index can be much faster than querying documents outside of the index. Index keys are typically
smaller than the documents they catalog, and indexes are typically available in RAM or located sequentially on disk.
Limitations
Restrictions on Indexed Fields An index cannot cover a query if:
• any of the indexed fields in any of the documents in the collection includes an array. If an indexed field is an
array, the index becomes a multi-key index (page 525) and cannot support a covered query.
• any of the indexed fields in the query predicate or returned in the projection are fields in embedded documents.
3
For example, consider a collection users with documents of the following form:
{ _id: 1, user: { login: "tester" } }

The collection has the following index:
{ "user.login": 1 }

The { "user.login":

1 } index does not cover the following query:

db.users.find( { "user.login": "tester" }, { "user.login": 1, _id: 0 } )

However, the query can use the { "user.login":

1 } index to find matching documents.

Restrictions on Sharded Collection An index cannot cover a query on a sharded collection when run against a
mongos if the index does not contain the shard key, with the following exception for the _id index: If a query on a
sharded collection only specifies a condition on the _id field and returns only the _id field, the _id index can cover
the query when run against a mongos even if the _id field is not the shard key.
Changed in version 3.0: In previous versions, an index cannot cover (page 106) a query on a sharded collection when
run against a mongos.
explain To determine whether a query is a covered query, use the db.collection.explain() or the
explain() method and review the results.
db.collection.explain() provides information on the execution of other operations,
db.collection.update(). See db.collection.explain() for details.

such as

For more information see Measure Index Use (page 584).
3

To index fields in embedded documents, use dot notation.

4.2. MongoDB CRUD Concepts

107

MongoDB Documentation, Release 3.2.5

Query Plans

On this page
• Plan Cache Flushes (page 108)
• Index Filters (page 108)
The MongoDB query optimizer processes queries and chooses the most efficient query plan for a query given the
available indexes. The query system then uses this query plan each time the query runs.
The query optimizer only caches the plans for those query shapes that can have more than one viable plan.
For each query, the query planner searches the query plan cache for an entry that fits the query shape. If there are no
matching entries, the query planner generates candidate plans for evaluation over a trial period. The query planner
chooses a winning plan, creates a cache entry containing the winning plan, and uses it to generate the result documents.
If a matching entry exists, the query planner generates a plan based on that entry and evaluates its performance
through a replanning mechanism. This mechanism makes a pass/fail decision based on the plan performance
and either keeps or evicts the cache entry. On eviction, the query planner selects a new plan using the normal planning
process and caches it. The query planner executes the plan and returns the result documents for the query.
The following diagram illustrates the query planner logic:
See Plan Cache Flushes (page 108) for additional scenarios that trigger changes to the plan cache.
You can use the db.collection.explain() or the cursor.explain() method to view statistics about the
query plan for a given query. This information can help as you develop indexing strategies (page 586).
db.collection.explain() provides information on the execution of other operations,
db.collection.update(). See db.collection.explain() for details.

such as

Changed in version 2.6: explain() operations no longer read from or write to the query planner cache.
Plan Cache Flushes

Catalog operations like index or collection drops flush the plan cache.
The plan cache does not persist if a mongod restarts or shuts down.
New in version 2.6: MongoDB provides https://docs.mongodb.org/manual/reference/method/js-plan-cache
to view and modify the cached query plans. The PlanCache.clear() method flushes the entire plan cache.
Users can also clear particular plan cache entries using PlanCache.clearPlansByQuery().
Index Filters

New in version 2.6.
Index filters determine which indexes the optimizer evaluates for a query shape. A query shape consists of a combination of query, sort, and projection specifications. If an index filter exists for a given query shape, the optimizer only
considers those indexes specified in the filter.
When an index filter exists for the query shape, MongoDB ignores the hint(). To see whether MongoDB applied
an index filter for a query shape, check the indexFilterSet field of either the db.collection.explain()
or the cursor.explain() method.
Index filters only affects which indexes the optimizer evaluates; the optimizer may still select the collection scan as
the winning plan for a given query shape.

108

Chapter 4. MongoDB CRUD Operations

MongoDB Documentation, Release 3.2.5

4.2. MongoDB CRUD Concepts

109

MongoDB Documentation, Release 3.2.5

Index filters exist for the duration of the server process and do not persist after shutdown. MongoDB also provides a
command to manually remove filters.
Because index filters overrides the expected behavior of the optimizer as well as the hint() method, use index filters
sparingly.
See planCacheListFilters, planCacheClearFilters, and planCacheSetFilter.
Distributed Queries

On this page
• Read Operations to Sharded Clusters (page 110)
• Read Operations to Replica Sets (page 110)

Read Operations to Sharded Clusters

Sharded clusters allow you to partition a data set among a cluster of mongod instances in a way that is nearly transparent to the application. For an overview of sharded clusters, see the Sharding (page 733) section of this manual.
For a sharded cluster, applications issue operations to one of the mongos instances associated with the cluster.
Read operations on sharded clusters are most efficient when directed to a specific shard. Queries to sharded collections
should include the collection’s shard key (page 747). When a query includes a shard key, the mongos can use cluster
metadata from the config database (page 742) to route the queries to shards.
If a query does not include the shard key, the mongos must direct the query to all shards in the cluster. These scatter
gather queries can be inefficient. On larger clusters, scatter gather queries are unfeasible for routine operations.
For replica set shards, read operations from secondary members of replica sets may not reflect the current state of the
primary. Read preferences that direct read operations to different servers may result in non-monotonic reads.
For more information on read operations in sharded clusters, see the Sharded Cluster Query Routing (page 752) and
Shard Keys (page 747) sections.
Read Operations to Replica Sets

By default, clients reads from a replica set’s primary; however, clients can specify a read preference (page 651) to
direct read operations to other members. For example, clients can configure read preferences to read from secondaries
or from nearest member to:
• reduce latency in multi-data-center deployments,
• improve read throughput by distributing high read-volumes (relative to write volume),
• perform backup operations, and/or
• allow reads until a new primary is elected (page 644).
Read operations from secondary members of replica sets may not reflect the current state of the primary. Read preferences that direct read operations to different servers may result in non-monotonic reads.
You can configure the read preferece on a per-connection or per-operation basis. For more information on read preference or on the read preference modes, see Read Preference (page 651) and Read Preference Modes (page 728).

110

Chapter 4. MongoDB CRUD Operations

MongoDB Documentation, Release 3.2.5

4.2. MongoDB CRUD Concepts

111

MongoDB Documentation, Release 3.2.5

112

Chapter 4. MongoDB CRUD Operations

MongoDB Documentation, Release 3.2.5

4.2. MongoDB CRUD Concepts

113

MongoDB Documentation, Release 3.2.5

4.2.2 Write Operations
The following documents describe write operations:
Write Operations Overview (page 114) Provides an overview of MongoDB’s data insertion and modification operations, including aspects of the syntax, and behavior.
Atomicity and Transactions (page 125) Describes write operation atomicity in MongoDB.
Distributed Write Operations (page 126) Describes how MongoDB directs write operations on sharded clusters and
replica sets and the performance characteristics of these operations.
Write Operation Performance (page 129) Introduces the performance constraints and factors for writing data to
MongoDB deployments.
Bulk Write Operations (page 130) Provides an overview of MongoDB’s bulk write operations.
Write Operations Overview

On this page
•
•
•
•

Insert (page 115)
Update (page 118)
Delete (page 122)
Additional Methods (page 124)

A write operation is any operation that creates or modifies data in the MongoDB instance. In MongoDB, write
operations target a single collection. All write operations in MongoDB are atomic on the level of a single document.

114

Chapter 4. MongoDB CRUD Operations

MongoDB Documentation, Release 3.2.5

There are three classes of write operations in MongoDB: insert (page 115), update (page 118), and delete (page 122).
Insert operations add new documents to a collection. Update operations modify existing documents, and delete operations delete documents from a collection. No insert, update, or delete can affect more than one document atomically.
For the update and remove operations, you can specify criteria, or filters, that identify the documents to update or
remove. These operations use the same query syntax to specify the criteria as read operations (page 100).
MongoDB allows applications to determine the acceptable level of acknowledgement required of write operations.
See Write Concern (page 179) for more information.
Insert

MongoDB provides the following methods for inserting documents into a collection:
• db.collection.insertOne()
• db.collection.insertMany()
• db.collection.insert()
insertOne New in version 3.2.
db.collection.insertOne() inserts a single document
The following diagram highlights the components of the MongoDB insertOne() operation:

The following diagram shows the same query in SQL:

Example
The following operation inserts a new document into the users collection. The new document has three fields name,
age, and status. Since the document does not specify an _id field, MongoDB adds the _id field and a generated
value to the new document. See Insert Behavior (page 118).

4.2. MongoDB CRUD Concepts

115

MongoDB Documentation, Release 3.2.5

db.users.insertOne(
{
name: "sue",
age: 26,
status: "pending"
}
)

For more information and examples, see db.collection.insertOne().
insertMany New in version 3.2.
db.collection.insertMany() inserts multiple documents
The following diagram highlights the components of the MongoDB insertMany() operation:

The following diagram shows the same query in SQL:
116

Chapter 4. MongoDB CRUD Operations

MongoDB Documentation, Release 3.2.5

Example
The following operation inserts three new documents into the users collection. Each document has three fields
name, age, and status. Since the documents do not specify an _id field, MongoDB adds the _id field and a
generated value to each document. See Insert Behavior (page 118).
db.users.insertMany(
[
{ name: "sue", age: 26, status: "pending" },
{ name: "bob", age: 25, status: "enrolled" },
{ name: "ann", age: 28, status: "enrolled" }
]
)

For more information and examples, see db.collection.insertMany().
insert In MongoDB, the db.collection.insert() method adds new documents to a collection. It can take
either a single document or an array of documents to insert.
The following diagram highlights the components of a MongoDB insert operation:

The following diagram shows the same query in SQL:
Example
The following operation inserts a new document into the users collection. The new document has three fields name,
age, and status. Since the document does not specify an _id field, MongoDB adds the _id field and a generated
value to the new document. See Insert Behavior (page 118).

4.2. MongoDB CRUD Concepts

117

MongoDB Documentation, Release 3.2.5

db.users.insert(
{
name: "sue",
age: 26,
status: "A"
}
)

For more information and examples, see db.collection.insert().
Insert Behavior The _id field is required in every MongoDB document. The _id field is like the document’s
primary key.
If you add a new document without the _id field, the client library or the mongod instance adds an _id field and
populates the field with a unique ObjectId. If you pass in an _id value that already exists, an exception is thrown.
The _id field is uniquely indexed by default in every collection.
Other Methods to Add Documents The updateOne(), updateMany(), and replaceOne() operations
accept the upsert parameter. When upsert : true, if no document in the collection matches the filter, a new
document is created based on the information passed to the operation. See Update Behavior with the upsert Option
(page 122).
Update

MongoDB provides the following methods for updating documents in a collection:
• db.collection.updateOne()
• db.collection.updateMany()
• db.collection.replaceOne()
• db.collection.update()
updateOne New in version 3.2.
db.collection.updateOne() updates a single document.
The following diagram highlights the components of the MongoDB updateOne() operation:
The following diagram shows the same query in SQL:
Example
This update operation on the users collection sets the status field to reject for the first document that matches
the filter of age less than 18. See Update Behavior (page 121).
118

Chapter 4. MongoDB CRUD Operations

MongoDB Documentation, Release 3.2.5

db.users.updateOne(
{ age: { $lt: 18 } },
{ $set: { status: "reject" } }
)

For more information and examples, see db.collection.updateOne().
updateMany New in version 3.2.
db.collection.updateMany() updates multiple documents.
The following diagram highlights the components of the MongoDB updateMany() operation:

The following diagram shows the same query in SQL:
Example
This update operation on the users collection sets the status field to reject for all documents that match the
filter of age less than 18. See Update Behavior (page 121).
db.users.updateMany(
{ age: { $lt: 18 } },
{ $set: { status: "reject" } }
)

For more information and examples, see db.collection.updateMany().

4.2. MongoDB CRUD Concepts

119

MongoDB Documentation, Release 3.2.5

replaceOne New in version 3.2.
db.collection.replaceOne() replaces a single document.
The following diagram highlights the components of the MongoDB replaceOne() operation:

The following diagram shows the same query in SQL:

Example
This replace operation on the users collection replaces the first document that matches the filter of name is sue
with a new document. See Replace Behavior (page 122).
db.users.replaceOne(
{ name: "sue" },
{ name: "amy", age : 25, score: "enrolled" }
)

120

Chapter 4. MongoDB CRUD Operations

MongoDB Documentation, Release 3.2.5

For more information and examples, see db.collection.replaceOne().
update In MongoDB, the db.collection.update() method modifies existing documents in a collection. The
db.collection.update() method can accept query criteria to determine which documents to update as well as
an options document that affects its behavior, such as the multi option to update multiple documents.
Operations performed by an update are atomic within a single document. For example, you can safely use the $inc
and $mul operators to modify frequently-changed fields in concurrent applications.
The following diagram highlights the components of a MongoDB update operation:

The following diagram shows the same query in SQL:

Example
db.users.update(
{ age: { $gt: 18 } },
{ $set: { status: "A" } },
{ multi: true }
)

This update operation on the users collection sets the status field to A for the documents that match the criteria
of age greater than 18.
For more information, see db.collection.update() and update() Examples.

Update Behavior updateOne() and updateMany() use https://docs.mongodb.org/manual/reference/operat
such as $set, $unset, or $rename to modify existing documents.
updateOne()
will
update
the
first
document
that
is
returned
by
the
filter.
db.collection.findOneAndUpdate() offers sorting of the filter results, allowing a degree of control over which document is updated.
By default, the db.collection.update() method updates a single document. However, with the multi option,
update() can update all documents in a collection that match a query.

4.2. MongoDB CRUD Concepts

121

MongoDB Documentation, Release 3.2.5

The db.collection.update() method either updates specific fields in the existing document or replaces the
document. See db.collection.update() for details as well as examples.
When performing update operations that increase the document size beyond the allocated space for that document, the
update operation relocates the document on disk.
MongoDB preserves the order of the document fields following write operations except for the following cases:
• The _id field is always the first field in the document.
• Updates that include renaming of field names may result in the reordering of fields in the document.
Changed in version 2.6: Starting in version 2.6, MongoDB actively attempts to preserve the field order in a document.
Before version 2.6, MongoDB did not actively preserve the order of the fields in a document.

Replace Behavior replaceOne() cannot use https://docs.mongodb.org/manual/reference/operator/update
in the replacement document. The replacement document must consist of only : assignments.
replaceOne()
will
replace
the
first
document
that
matches
the
filter.
db.collection.findOneAndReplace() offers sorting of the filter results, allowing a degree of
control over which document is replaced.
You cannot replace the _id field.
Update Behavior with the upsert Option If update(), updateOne(), updateMany(), or
replaceOne() include upsert : true and no documents match the filter portion of the operation, then the
operation creates a new document and inserts it. If there are matching documents, then the operation modifies the
matching document or documents.
Delete

MongoDB provides the following methods for deleting documents from a collection:
• db.collection.deleteOne()
• db.collection.deleteMany()
• db.collection.remove()
deleteOne New in version 3.2.
db.collection.deleteOne() deletes a single document.
The following diagram highlights the components of the MongoDB deleteOne() operation:

The following diagram shows the same query in SQL:
Example

122

Chapter 4. MongoDB CRUD Operations

MongoDB Documentation, Release 3.2.5

This delete operation on the users collection deletes the first document where name is sue. See Delete Behavior
(page 124).
db.users.deleteOne(
{ status: "reject" }
)

For more information and examples, see db.collection.deleteOne().
deleteMany New in version 3.2.
db.collection.deleteMany() deletes multiple documents.
The following diagram highlights the components of the MongoDB deleteMany() operation:

The following diagram shows the same query in SQL:

Example
This delete operation on the users collection deletes all documents where status is reject. See Delete Behavior
(page 124).
db.users.deleteMany(
{ status: "reject" }
)

For more information and examples, see db.collection.deleteMany().
remove In MongoDB, the db.collection.remove() method deletes documents from a collection. The
db.collection.remove() method accepts query criteria to determine which documents to remove as well as
an options document that affects its behavior, such as the justOne option to remove only a single document.
The following diagram highlights the components of a MongoDB remove operation:

4.2. MongoDB CRUD Concepts

123

MongoDB Documentation, Release 3.2.5

The following diagram shows the same query in SQL:

Example
db.users.remove(
{ status: "D" }
)

This delete operation on the users collection removes all documents that match the criteria of status equal to D.
For more information, see db.collection.remove() method and Remove Documents (page 152).
Delete Behavior deleteOne() will delete the first document that matches the filter.
db.collection.findOneAndDelete() offers sorting of the filter results, allowing a degree of control over which document is deleted.
Remove Behavior By default, db.collection.remove() method removes all documents that match its query.
If the optional justOne parameter is set to true, remove() will limit the delete operation to a single document.
Additional Methods

The db.collection.save() method can either update an existing document or insert a document if the document cannot be found by the _id field. See db.collection.save() for more information and examples.
Bulk Write MongoDB provides the db.collection.bulkWrite() method for executing multiple write operations in a group. Each write operation is still atomic on the level of a single document.
Example
The following bulkWrite() inserts several documents, performs an update, and then deletes several documents.
db.collection.bulkWrite(
[
{ insertOne : { "document"
{ insertOne : { "document"
{ insertOne : { "document"
{ insertOne : { "document"

124

:
:
:
:

{
{
{
{

name
name
name
name

:
:
:
:

"sue",
"joe",
"ann",
"bob",

age
age
age
age

:
:
:
:

26
24
25
27

}
}
}
}

},
},
},
},

Chapter 4. MongoDB CRUD Operations

MongoDB Documentation, Release 3.2.5

{ updateMany: {
"filter" : { age : { $gt : 25} },
"update" : { $set : { "status" : "enrolled" } }
}
},
{ deleteMany : { "filter" : { "status" : { $exists : true } } } }
]
)

Atomicity and Transactions

On this page
• $isolated Operator (page 125)
• Transaction-Like Semantics (page 125)
• Concurrency Control (page 126)
In MongoDB, a write operation is atomic on the level of a single document, even if the operation modifies multiple
embedded documents within a single document.
When a single write operation modifies multiple documents, the modification of each document is atomic, but the
operation as a whole is not atomic and other operations may interleave. However, you can isolate a single write
operation that affects multiple documents using the $isolated operator.
$isolated Operator

Using the $isolated operator, a write operation that affects multiple documents can prevent other processes from
interleaving once the write operation modifies the first document. This ensures that no client sees the changes until the
write operation completes or errors out.
$isolated does not work with sharded clusters.
An isolated write operation does not provide “all-or-nothing” atomicity. That is, an error during the write operation
does not roll back all its changes that preceded the error.
Note: $isolated operator causes write operations to acquire an exclusive lock on the collection, even for
document-level locking storage engines such as WiredTiger. That is, $isolated operator will make WiredTiger
single-threaded for the duration of the operation.
The $isolated operator does not work on sharded clusters.
For an example of an update operation that uses the $isolated operator, see $isolated. For an example of a
remove operation that uses the $isolated operator, see isolate-remove-operations.
Transaction-Like Semantics

Since a single document can contain multiple embedded documents, single-document atomicity is sufficient for many
practical use cases. For cases where a sequence of write operations must operate as if in a single transaction, you can
implement a two-phase commit (page 164) in your application.
However, two-phase commits can only offer transaction-like semantics. Using two-phase commit ensures data consistency, but it is possible for applications to return intermediate data during the two-phase commit or rollback.
4.2. MongoDB CRUD Concepts

125

MongoDB Documentation, Release 3.2.5

For more information on two-phase commit and rollback, see Perform Two Phase Commits (page 164).
Concurrency Control

Concurrency control allows multiple applications to run concurrently without causing data inconsistency or conflicts.
One approach is to create a unique index (page 568) on a field that can only have unique values. This prevents
insertions or updates from creating duplicate data. Create a unique index on multiple fields to force uniqueness on
that combination of field values. For examples of use cases, see update() and Unique Index and findAndModify() and
Unique Index.
Another approach is to specify the expected current value of a field in the query predicate for the write operations. For
an example, see Update if Current (page 170).
The two-phase commit pattern provides a variation where the query predicate includes the application identifier
(page 168) as well as the expected state of the data in the write operation.
See also:
Read Isolation, Consistency, and Recency (page 133)
Distributed Write Operations

On this page
• Write Operations on Sharded Clusters (page 126)
• Write Operations on Replica Sets (page 126)

Write Operations on Sharded Clusters

For sharded collections in a sharded cluster, the mongos directs write operations from applications to the shards that
are responsible for the specific portion of the data set. The mongos uses the cluster metadata from the config database
(page 742) to route the write operation to the appropriate shards.
MongoDB partitions data in a sharded collection into ranges based on the values of the shard key. Then, MongoDB
distributes these chunks to shards. The shard key determines the distribution of chunks to shards. This can affect the
performance of write operations in the cluster.
Important: Update operations that affect a single document must include the shard key or the _id field. Updates
that affect multiple documents are more efficient in some situations if they have the shard key, but can be broadcast to
all shards.
If the value of the shard key increases or decreases with every insert, all insert operations target a single shard. As a
result, the capacity of a single shard becomes the limit for the insert capacity of the sharded cluster.
For more information, see Sharded Cluster Tutorials (page 764) and Bulk Write Operations (page 130).
Write Operations on Replica Sets

In replica sets, all write operations go to the set’s primary. The primary applies the write operation and records the
operations on the primary’s operation log or oplog. The oplog is a reproducible sequence of operations to the data

126

Chapter 4. MongoDB CRUD Operations

MongoDB Documentation, Release 3.2.5

4.2. MongoDB CRUD Concepts

127

MongoDB Documentation, Release 3.2.5

128

Chapter 4. MongoDB CRUD Operations

MongoDB Documentation, Release 3.2.5

set. Secondary members of the set continuously replicate the oplog and apply the operations to themselves in an
asynchronous process.
For more information on replica sets and write operations, see Replication Introduction (page 623) and Write Concern
(page 179).
Write Operation Performance

On this page
•
•
•
•

Indexes (page 129)
Document Growth and the MMAPv1 Storage Engine (page 129)
Storage Performance (page 130)
Additional Resources (page 130)

Indexes

After every insert, update, or delete operation, MongoDB must update every index associated with the collection in
addition to the data itself. Therefore, every index on a collection adds some amount of overhead for the performance
of write operations. 4
In general, the performance gains that indexes provide for read operations are worth the insertion penalty. However,
in order to optimize write performance when possible, be careful when creating new indexes and evaluate the existing
indexes to ensure that your queries actually use these indexes.
For indexes and queries, see Query Optimization (page 105). For more information on indexes, see Indexes (page 515)
and Indexing Strategies (page 586).
Document Growth and the MMAPv1 Storage Engine

Some update operations can increase the size of the document; for instance, if an update adds a new field to the
document.
For the MMAPv1 storage engine, if an update operation causes a document to exceed the currently allocated record
size, MongoDB relocates the document on disk with enough contiguous space to hold the document. Updates that
require relocations take longer than updates that do not, particularly if the collection has indexes. If a collection has
indexes, MongoDB must update all index entries. Thus, for a collection with many indexes, the move will impact the
write throughput.
Changed in version 3.0.0: By default, MongoDB uses Power of 2 Sized Allocations (page 604) to add padding automatically (page 604) for the MMAPv1 storage engine. The Power of 2 Sized Allocations (page 604) ensures that
MongoDB allocates document space in sizes that are powers of 2, which helps ensure that MongoDB can efficiently
reuse free space created by document deletion or relocation as well as reduce the occurrences of reallocations in many
cases.
Although Power of 2 Sized Allocations (page 604) minimizes the occurrence of re-allocation, it does not eliminate
document re-allocation.
See MMAPv1 Storage Engine (page 603) for more information.
4 For inserts and updates to un-indexed fields, the overhead for sparse indexes (page 574) is less than for non-sparse indexes. Also for non-sparse
indexes, updates that do not change the record size have less indexing overhead.

4.2. MongoDB CRUD Concepts

129

MongoDB Documentation, Release 3.2.5

Storage Performance

Hardware The capability of the storage system creates some important physical limits for the performance of MongoDB’s write operations. Many unique factors related to the storage system of the drive affect write performance,
including random access patterns, disk caches, disk readahead and RAID configurations.
Solid state drives (SSDs) can outperform spinning hard disks (HDDs) by 100 times or more for random workloads.
See
Production Notes (page 296) for recommendations regarding additional hardware and configuration options.

Journaling To provide durability in the event of a crash, MongoDB uses write ahead logging to an on-disk journal.
MongoDB writes the in-memory changes first to the on-disk journal files. If MongoDB should terminate or encounter
an error before committing the changes to the data files, MongoDB can use the journal files to apply the write operation
to the data files.
While the durability assurance provided by the journal typically outweigh the performance costs of the additional write
operations, consider the following interactions between the journal and performance:
• If the journal and the data file reside on the same block device, the data files and the journal may have to contend
for a finite number of available I/O resources. Moving the journal to a separate device may increase the capacity
for write operations.
• If applications specify write concerns (page 179) that include the j option (page 181), mongod will decrease
the duration between journal writes, which can increase the overall write load.
• The duration between journal writes is configurable using the commitIntervalMs run-time option. Decreasing the period between journal commits will increase the number of write operations, which can limit
MongoDB’s capacity for write operations. Increasing the amount of time between journal commits may decrease the total number of write operation, but also increases the chance that the journal will not record a write
operation in the event of a failure.
For additional information on journaling, see Journaling (page 606).
Additional Resources

• MongoDB Performance Evaluation and Tuning Consulting Package5
Bulk Write Operations

On this page
•
•
•
•

Overview (page 131)
Ordered vs Unordered Operations (page 131)
bulkWrite() Methods (page 131)
Strategies for Bulk Inserts to a Sharded Collection (page 133)

5 https://www.mongodb.com/products/consulting?jmp=docs#performance_evaluation

130

Chapter 4. MongoDB CRUD Operations

MongoDB Documentation, Release 3.2.5

Overview

MongoDB provides clients the ability to perform write operations in bulk. Bulk write operations affect a single
collection. MongoDB allows applications to determine the acceptable level of acknowledgement required for bulk
write operations.
New in version 3.2.
The db.collection.bulkWrite() method provides the ability to perform bulk insert, update, and remove
operations. MongoDB also supports bulk insert through the db.collection.insertMany().
Ordered vs Unordered Operations

Bulk write operations can be either ordered or unordered.
With an ordered list of operations, MongoDB executes the operations serially. If an error occurs during the processing
of one of the write operations, MongoDB will return without processing any remaining write operations in the list.
See ordered Bulk Write
With an unordered list of operations, MongoDB can execute the operations in parallel, but this behavior is not guaranteed. If an error occurs during the processing of one of the write operations, MongoDB will continue to process
remaining write operations in the list. See bulkwrite-example-unordered-bulk-write.
Executing an ordered list of operations on a sharded collection will generally be slower than executing an unordered
list since with an ordered list, each operation must wait for the previous operation to finish.
By default, bulkWrite() performs ordered operations. To specify unordered write operations, set ordered
: false in the options document.
See bulkwrite-write-operations-executionofoperations
bulkWrite() Methods

bulkWrite() supports the following write operations:
• bulkwrite-write-operations-insertOne
• updateOne
• updateMany
• bulkwrite-write-operations-replaceOne
• deleteOne
• deleteMany
Each write operation is passed to bulkWrite() as a document in an array.
For example, the following performs multiple write operations:
The characters collection contains the following documents:
{ "_id" : 1, "char" : "Brisbane", "class" : "monk", "lvl" : 4 },
{ "_id" : 2, "char" : "Eldon", "class" : "alchemist", "lvl" : 3 },
{ "_id" : 3, "char" : "Meldane", "class" : "ranger", "lvl" : 3 }

The following bulkWrite() performs multiple operations on the collection:

4.2. MongoDB CRUD Concepts

131

MongoDB Documentation, Release 3.2.5

try {
db.characters.bulkWrite(
[
{ insertOne :
{
"document" :
{
"_id" : 4, "char" : "Dithras", "class" : "barbarian", "lvl" : 4
}
}
},
{ insertOne :
{
"document" :
{
"_id" : 5, "char" : "Taeln", "class" : "fighter", "lvl" : 3
}
}
},
{ updateOne :
{
"filter" : { "char" : "Eldon" },
"update" : { $set : { "status" : "Critical Injury" } }
}
},
{ deleteOne :
{ "filter" : { "char" : "Brisbane"} }
},
{ replaceOne :
{
"filter" : { "char" : "Meldane" },
"replacement" : { "char" : "Tanys", "class" : "oracle", "lvl" : 4 }
}
}
]
);
}
catch (e) {
print(e);
}

The operation returns the following:
{
"acknowledged" : true,
"deletedCount" : 1,
"insertedCount" : 2,
"matchedCount" : 2,
"upsertedCount" : 0,
"insertedIds" : {
"0" : 4,
"1" : 5
},
"upsertedIds" : {
}
}

For more examples, see bulkWrite() Examples
132

Chapter 4. MongoDB CRUD Operations

MongoDB Documentation, Release 3.2.5

Strategies for Bulk Inserts to a Sharded Collection

Large bulk insert operations, including initial data inserts or routine data import, can affect sharded cluster performance. For bulk inserts, consider the following strategies:
Pre-Split the Collection If the sharded collection is empty, then the collection has only one initial chunk, which
resides on a single shard. MongoDB must then take time to receive data, create splits, and distribute the split chunks
to the available shards. To avoid this performance cost, you can pre-split the collection, as described in Split Chunks
in a Sharded Cluster (page 808).
Unordered Writes to mongos To improve write performance to sharded clusters, use bulkWrite() with the
optional parameter ordered set to false. mongos can attempt to send the writes to multiple shards simultaneously.
For empty collections, first pre-split the collection as described in Split Chunks in a Sharded Cluster (page 808).
Avoid Monotonic Throttling If your shard key increases monotonically during an insert, then all inserted data goes
to the last chunk in the collection, which will always end up on a single shard. Therefore, the insert capacity of the
cluster will never exceed the insert capacity of that single shard.
If your insert volume is larger than what a single shard can process, and if you cannot avoid a monotonically increasing
shard key, then consider the following modifications to your application:
• Reverse the binary bits of the shard key. This preserves the information and avoids correlating insertion order
with increasing sequence of values.
• Swap the first and last 16-bit words to “shuffle” the inserts.
Example
The following example, in C++, swaps the leading and trailing 16-bit word of BSON ObjectIds generated so they are
no longer monotonically increasing.
using namespace mongo;
OID make_an_id() {
OID x = OID::gen();
const unsigned char *p = x.getData();
swap( (unsigned short&) p[0], (unsigned short&) p[10] );
return x;
}
void foo() {
// create an object
BSONObj o = BSON( "_id" << make_an_id() << "x" << 3 << "name" << "jane" );
// now we may insert o into a sharded collection
}

See also:
Shard Keys (page 747) for information on choosing a sharded key. Also see Shard Key Internals (page 747) (in
particular, Choosing a Shard Key (page 771)).

4.2.3 Read Isolation, Consistency, and Recency

4.2. MongoDB CRUD Concepts

133

MongoDB Documentation, Release 3.2.5

On this page
• Isolation Guarantees (page 134)
• Consistency Guarantees (page 135)
• Recency (page 136)

Isolation Guarantees
Read Uncommitted

In MongoDB, clients can see the results of writes before the writes are durable:
• Regardless of write concern (page 179), other clients using "local" (page 182) (i.e. the default) readConcern
can see the result of a write operation before the write operation is acknowledged to the issuing client.
• Clients using "local" (page 182) (i.e. the default) readConcern can read data which may be subsequently
rolled back (page 647).
Read uncommitted is the default isolation level and applies to mongod standalone instances as well as to replica sets
and sharded clusters.
Read Uncommitted And Single Document Atomicity

Write operations are atomic with respect to a single document; i.e. if a write is updating multiple fields in the document,
a reader will never see the document with only some of the fields updated.
With a standalone mongod instance, a set of read and write operations to a single document is serializable. With a
replica set, a set of read and write operations to a single document is serializable only in the absence of a rollback.
However, although the readers may not see a partially updated document, read uncommitted means that concurrent
readers may still see the updated document before the changes are durable.
Read Uncommitted And Multiple Document Write

When a single write operation modifies multiple documents, the modification of each document is atomic, but the
operation as a whole is not atomic and other operations may interleave. However, you can isolate a single write
operation that affects multiple documents using the $isolated operator.
Without isolating the multi-document write operations, MongoDB exhibits the following behavior:
1. Non-point-in-time read operations. Suppose a read operation begins at time t1 and starts reading documents. A
write operation then commits an update to one of the documents at some later time t2 . The reader may see the
updated version of the document, and therefore does not see a point-in-time snapshot of the data.
2. Non-serializable operations. Suppose a read operation reads a document d1 at time t1 and a write operation
updates d1 at some later time t3 . This introduces a read-write dependency such that, if the operations were to be
serialized, the read operation must precede the write operation. But also suppose that the write operation updates
document d2 at time t2 and the read operation subsequently reads d2 at some later time t4 . This introduces a
write-read dependency which would instead require the read operation to come after the write operation in a
serializable schedule. There is a dependency cycle which makes serializability impossible.
3. Reads may miss matching documents that are updated during the course of the read operation.

134

Chapter 4. MongoDB CRUD Operations

MongoDB Documentation, Release 3.2.5

Using the $isolated operator, a write operation that affects multiple documents can prevent other processes from
interleaving once the write operation modifies the first document. This ensures that no client sees the changes until the
write operation completes or errors out.
$isolated does not work with sharded clusters.
An isolated write operation does not provide “all-or-nothing” atomicity. That is, an error during the write operation
does not roll back all its changes that preceded the error.
Note: $isolated operator causes write operations to acquire an exclusive lock on the collection, even for
document-level locking storage engines such as WiredTiger. That is, $isolated operator will make WiredTiger
single-threaded for the duration of the operation.
See also:
Atomicity and Transactions (page 125)
Cursor Snapshot

MongoDB cursors can return the same document more than once in some situations. As a cursor returns documents
other operations may interleave with the query. If some of these operations are updates (page 114) that cause the
document to move (in the case of MMAPv1, caused by document growth) or that change the indexed field on the
index used by the query; then the cursor will return the same document more than once.
In very specific cases, you can isolate the cursor from returning the same document more than once by using the
cursor.snapshot() method. snapshot() guarantees that the query will return each document no more than
once.
Warning:
• The snapshot() does not guarantee that the data returned by the query will reflect a single moment in
time nor does it provide isolation from insert or delete operations.
• You cannot use snapshot() with sharded collections.
• You cannot use snapshot() with the sort() or hint() cursor methods.
As an alternative, if your collection has a field or fields that are never modified, you can use a unique index on this
field or these fields to achieve a similar result as the snapshot(). Query with hint() to explicitly force the query
to use that index.
Consistency Guarantees
Monotonic Reads

MongoDB provides monotonic reads from a standalone mongod instance. Suppose an application performs a sequence of operations that consists of a read operation R1 followed later in the sequence by another read operation R2 .
If the application performs the sequence on a standalone mongod instance, the later read R2 never returns results that
reflect an earlier state than that returned from R1 ; i.e. R2 returns data that is monotonically increasing in recency from
R1 .
Changed in version 3.2: For replica sets and sharded clusters, MongoDB provides monotonic reads if read operations
specify Read Concern (page 181) "majority" and read preference primary (page 728).
In previous versions, MongoDB cannot make monotonic read guarantees from replica sets and sharded clusters.

4.2. MongoDB CRUD Concepts

135

MongoDB Documentation, Release 3.2.5

Monotonic Writes

MongoDB provides monotonic write guarantees for standalone mongod instances, replica sets, and sharded clusters.
Suppose an application performs a sequence of operations that consists of a write operation W 1 followed later in the
sequence by a write operation W 2 . MongoDB guarantees that W 1 operation precedes W 2 .
Recency
In MongoDB, in a replica set with one primary member 6 ,
• With "local" (page 182) readConcern, reads from the primary reflect the latest writes in absence of a
failover;
• With "majority" (page 182) readConcern, read operations from the primary or the secondaries have
eventual consistency.

4.3 MongoDB CRUD Tutorials
The following tutorials provide instructions for querying and modifying data. For a higher-level overview of these
operations, see MongoDB CRUD Operations (page 97).
Insert Documents (page 137) Insert new documents into a collection.
Query Documents (page 140) Find documents in a collection using search criteria.
Modify Documents (page 148) Modify documents in a collection
Remove Documents (page 152) Remove documents from a collection.
Limit Fields to Return from a Query (page 153) Limit which fields are returned by a query.
Limit Number of Elements in an Array after an Update (page 156) Use $push with modifiers to sort and maintain
an array of fixed size.
Iterate a Cursor in the mongo Shell (page 158) Access documents returned by a find query by iterating the cursor,
either manually or using the iterator index.
Analyze Query Performance (page 159) Use query introspection (i.e. explain) to analyze the efficiency of queries
and determine how a query uses available indexes.
Perform Two Phase Commits (page 164) Use two-phase commits when writing data to multiple documents.
Update Document if Current (page 170) Update a document only if it has not changed since it was last read.
Create Tailable Cursor (page 172) Create tailable cursors for use in capped collections with high numbers of write
operations for which an index would be too expensive.
Create an Auto-Incrementing Sequence Field (page 173) Describes how to create an incrementing sequence number for the _id field using a Counters Collection or an Optimistic Loop.
Perform Quorum Reads on Replica Sets (page 176) Perform quorum reads using findAndModify.
6 In some circumstances (page 729), two nodes in a replica set may transiently believe that they are the primary, but at most, one of them
will be able to complete writes with { w: "majority" } (page 180) write concern. The node that can complete { w: "majority" }
(page 180) writes is the current primary, and the other node is a former primary that has not yet recognized its demotion, typically due to a network
partition. When this occurs, clients that connect to the former primary may observe stale data despite having requested read preference primary
(page 728), and new writes to the former primary will eventually roll back.

136

Chapter 4. MongoDB CRUD Operations

MongoDB Documentation, Release 3.2.5

4.3.1 Insert Documents
On this page
•
•
•
•

Insert a Document (page 137)
Insert an Array of Documents (page 138)
Insert Multiple Documents with Bulk (page 139)
Additional Examples and Methods (page 140)

In MongoDB, the db.collection.insert() method adds new documents into a collection.
Insert a Document
Step 1: Insert a document into a collection.

Insert a document into a collection named inventory. The operation will create the collection if the collection does
not currently exist.
db.inventory.insert(
{
item: "ABC1",
details: {
model: "14Q3",
manufacturer: "XYZ Company"
},
stock: [ { size: "S", qty: 25 }, { size: "M", qty: 50 } ],
category: "clothing"
}
)

The operation returns a WriteResult object with the status of the operation. A successful insert of the document
returns the following object:
WriteResult({ "nInserted" : 1 })

The nInserted field specifies the number of documents inserted. If the operation encounters an error, the
WriteResult object will contain the error information.
Step 2: Review the inserted document.

If the insert operation is successful, verify the insertion by querying the collection.
db.inventory.find()

The document you inserted should return.

{ "_id" : ObjectId("53d98f133bb604791249ca99"), "item" : "ABC1", "details" : { "model" : "14Q3", "man

The returned document shows that MongoDB added an _id field to the document. If a client inserts a document that
does not contain the _id field, MongoDB adds the field with the value set to a generated ObjectId7 . The ObjectId8
values in your documents will differ from the ones shown.
7 https://docs.mongodb.org/manual/reference/method/ObjectId
8 https://docs.mongodb.org/manual/reference/method/ObjectId

4.3. MongoDB CRUD Tutorials

137

MongoDB Documentation, Release 3.2.5

Insert an Array of Documents
You can pass an array of documents to the db.collection.insert() method to insert multiple documents.
Step 1: Create an array of documents.

Define a variable mydocuments that holds an array of documents to insert.
var mydocuments =
[
{
item: "ABC2",
details: { model: "14Q3", manufacturer:
stock: [ { size: "M", qty: 50 } ],
category: "clothing"
},
{
item: "MNO2",
details: { model: "14Q3", manufacturer:
stock: [ { size: "S", qty: 5 }, { size:
category: "clothing"
},
{
item: "IJK2",
details: { model: "14Q2", manufacturer:
stock: [ { size: "S", qty: 5 }, { size:
category: "houseware"
}
];

"M1 Corporation" },

"ABC Company" },
"M", qty: 5 }, { size: "L", qty: 1 } ],

"M5 Corporation" },
"L", qty: 1 } ],

Step 2: Insert the documents.

Pass the mydocuments array to the db.collection.insert() to perform a bulk insert.
db.inventory.insert( mydocuments );

The method returns a BulkWriteResult object with the status of the operation. A successful insert of the documents returns the following object:
BulkWriteResult({
"writeErrors" : [ ],
"writeConcernErrors" : [ ],
"nInserted" : 3,
"nUpserted" : 0,
"nMatched" : 0,
"nModified" : 0,
"nRemoved" : 0,
"upserted" : [ ]
})

138

Chapter 4. MongoDB CRUD Operations

MongoDB Documentation, Release 3.2.5

Insert Multiple Documents with Bulk
New in version 2.6.
MongoDB provides a Bulk() API that you can use to perform multiple write operations in bulk. The following
sequence of operations describes how you would use the Bulk() API to insert a group of documents into a MongoDB
collection.
Step 1: Initialize a Bulk operations builder.

Initialize a Bulk operations builder for the collection inventory.
var bulk = db.inventory.initializeUnorderedBulkOp();

The operation returns an unordered operations builder which maintains a list of operations to perform. Unordered
operations means that MongoDB can execute in parallel as well as in nondeterministic order. If an error occurs during
the processing of one of the write operations, MongoDB will continue to process remaining write operations in the
list.
You can also initialize an ordered operations builder; see db.collection.initializeOrderedBulkOp()
for details.
Step 2: Add insert operations to the bulk object.

Add two insert operations to the bulk object using the Bulk.insert() method.
bulk.insert(
{
item: "BE10",
details: { model: "14Q2", manufacturer: "XYZ Company" },
stock: [ { size: "L", qty: 5 } ],
category: "clothing"
}
);
bulk.insert(
{
item: "ZYT1",
details: { model: "14Q1", manufacturer: "ABC Company" },
stock: [ { size: "S", qty: 5 }, { size: "M", qty: 5 } ],
category: "houseware"
}
);

Step 3: Execute the bulk operation.

Call the execute() method on the bulk object to execute the operations in its list.
bulk.execute();

4.3. MongoDB CRUD Tutorials

139

MongoDB Documentation, Release 3.2.5

"nInserted" : 2,
"nUpserted" : 0,
"nMatched" : 0,
"nModified" : 0,
"nRemoved" : 0,
"upserted" : [ ]
})

The nInserted field specifies the number of documents inserted. If the operation encounters an error, the
BulkWriteResult object will contain information regarding the error.
Additional Examples and Methods
For more examples, see db.collection.insert().
The db.collection.update() method, the db.collection.findAndModify(), and the
db.collection.save() method can also add new documents. See the individual reference pages for the
methods for more information and examples.

4.3.2 Query Documents
On this page
•
•
•
•
•
•
•
•
•

Select All Documents in a Collection (page 140)
Specify Equality Condition (page 141)
Specify Conditions Using Query Operators (page 141)
Specify AND Conditions (page 141)
Specify OR Conditions (page 141)
Specify AND as well as OR Conditions (page 142)
Embedded Documents (page 142)
Arrays (page 143)
Null or Missing Fields (page 147)

In MongoDB, the db.collection.find() method retrieves documents from a collection.
db.collection.find() method returns a cursor (page 103) to the retrieved documents.

The

This tutorial provides examples of read operations using the db.collection.find() method in the mongo
shell. In these examples, the retrieved documents contain all their fields. To restrict the fields to return in the retrieved
documents, see Limit Fields to Return from a Query (page 153).
Select All Documents in a Collection
An empty query document ({}) selects all documents in the collection:
db.inventory.find( {} )

Not specifying a query document to the find() is equivalent to specifying an empty query document. Therefore the
following operation is equivalent to the previous operation:
9 The db.collection.findOne() method also performs a read operation to return a single document.
db.collection.findOne() method is the db.collection.find() method with a limit of 1.

140

Internally, the

Chapter 4. MongoDB CRUD Operations

MongoDB Documentation, Release 3.2.5

db.inventory.find()

Specify Equality Condition
To specify equality condition, use the query document { :
contain the with the specified .

} to select all documents that

The following example retrieves from the inventory collection all documents where the type field has the value
snacks:
db.inventory.find( { type: "snacks" } )

Specify Conditions Using Query Operators
A query document can use the query operators to specify conditions in a MongoDB query.
The following example selects all documents in the inventory collection where the value of the type field is either
’food’ or ’snacks’:
db.inventory.find( { type: { $in: [ 'food', 'snacks' ] } } )

Although you can express this query using the $or operator, use the $in operator rather than the $or operator when
performing equality checks on the same field.
Refer to the https://docs.mongodb.org/manual/reference/operator/query document for the
complete list of query operators.
Specify AND Conditions
A compound query can specify conditions for more than one field in the collection’s documents. Implicitly, a logical
AND conjunction connects the clauses of a compound query so that the query selects the documents in the collection
that match all the conditions.
In the following example, the query document specifies an equality match on the field type and a less than ($lt)
comparison match on the field price:
db.inventory.find( { type: 'food', price: { $lt: 9.95 } } )

This query selects all documents where the type field has the value ’food’ and the value of the price field is less
than 9.95. See comparison operators for other comparison operators.
Specify OR Conditions
Using the $or operator, you can specify a compound query that joins each clause with a logical OR conjunction so
that the query selects the documents in the collection that match at least one condition.
In the following example, the query document selects all documents in the collection where the field qty has a value
greater than ($gt) 100 or the value of the price field is less than ($lt) 9.95:
db.inventory.find(
{
$or: [ { qty: { $gt: 100 } }, { price: { $lt: 9.95 } } ]
}
)

4.3. MongoDB CRUD Tutorials

141

MongoDB Documentation, Release 3.2.5

Note: Queries which use comparison operators are subject to type-bracketing.

Specify AND as well as OR Conditions
With additional clauses, you can specify precise conditions for matching documents.
In the following example, the compound query document selects all documents in the collection where the value of
the type field is ’food’ and either the qty has a value greater than ($gt) 100 or the value of the price field is
less than ($lt) 9.95:
db.inventory.find(
{
type: 'food',
$or: [ { qty: { $gt: 100 } }, { price: { $lt: 9.95 } } ]
}
)

Embedded Documents
When the field holds an embedded document, a query can either specify an exact match on the embedded document
or specify a match by individual fields in the embedded document using the dot notation.
Exact Match on the Embedded Document

To specify an equality match on the whole embedded document, use the query document { :
} where is the document to match. Equality matches on an embedded document require an exact match of
the specified , including the field order.
In the following example, the query matches all documents where the value of the field producer is an embedded
document that contains only the field company with the value ’ABC123’ and the field address with the value
’123 Street’, in the exact order:
db.inventory.find(
{
producer:
{
company: 'ABC123',
address: '123 Street'
}
}
)

Equality Match on Fields within an Embedded Document

Use the dot notation to match by specific fields in an embedded document. Equality matches for specific fields in
an embedded document will select documents in the collection where the embedded document contains the specified
fields with the specified values. The embedded document can contain additional fields.
In the following example, the query uses the dot notation to match all documents where the value of the field
producer is an embedded document that contains a field company with the value ’ABC123’ and may contain
other fields:

142

Chapter 4. MongoDB CRUD Operations

MongoDB Documentation, Release 3.2.5

db.inventory.find( { 'producer.company': 'ABC123' } )

Arrays
When the field holds an array, you can query for an exact array match or for specific values in the array. If the array
holds embedded documents, you can query for specific fields in the embedded documents using dot notation.
If you specify multiple conditions using the $elemMatch operator, the array must contain at least one element that
satisfies all the conditions. See Single Element Satisfies the Criteria (page 144).
If you specify multiple conditions without using the $elemMatch operator, then some combination of the array
elements, not necessarily a single element, must satisfy all the conditions; i.e. different elements in the array can
satisfy different parts of the conditions. See Combination of Elements Satisfies the Criteria (page 144).
Consider an inventory collection that contains the following documents:
{ _id: 5, type: "food", item: "aaa", ratings: [ 5, 8, 9 ] }
{ _id: 6, type: "food", item: "bbb", ratings: [ 5, 9 ] }
{ _id: 7, type: "food", item: "ccc", ratings: [ 9, 5, 8 ] }

Exact Match on an Array

To specify equality match on an array, use the query document { : } where is
the array to match. Equality matches on the array require that the array field match exactly the specified ,
including the element order.
The following example queries for all documents where the field ratings is an array that holds exactly three elements, 5, 8, and 9, in this order:
db.inventory.find( { ratings: [ 5, 8, 9 ] } )

The operation returns the following document:
{ "_id" : 5, "type" : "food", "item" : "aaa", "ratings" : [ 5, 8, 9 ] }

Match an Array Element

Equality matches can specify a single element in the array to match. These specifications match if the array contains
at least one element with the specified value.
The following example queries for all documents where ratings is an array that contains 5 as one of its elements:
db.inventory.find( { ratings: 5 } )

The operation returns the following documents:
{ "_id" : 5, "type" : "food", "item" : "aaa", "ratings" : [ 5, 8, 9 ] }
{ "_id" : 6, "type" : "food", "item" : "bbb", "ratings" : [ 5, 9 ] }
{ "_id" : 7, "type" : "food", "item" : "ccc", "ratings" : [ 9, 5, 8 ] }

Match a Specific Element of an Array

Equality matches can specify equality matches for an element at a particular index or position of the array using the
dot notation.

4.3. MongoDB CRUD Tutorials

143

MongoDB Documentation, Release 3.2.5

In the following example, the query uses the dot notation to match all documents where the ratings array contains
5 as the first element:
db.inventory.find( { 'ratings.0': 5 } )

The operation returns the following documents:
{ "_id" : 5, "type" : "food", "item" : "aaa", "ratings" : [ 5, 8, 9 ] }
{ "_id" : 6, "type" : "food", "item" : "bbb", "ratings" : [ 5, 9 ] }

Specify Multiple Criteria for Array Elements

Single Element Satisfies the Criteria Use $elemMatch operator to specify multiple criteria on the elements of
an array such that at least one array element satisfies all the specified criteria.
The following example queries for documents where the ratings array contains at least one element that is greater
than ($gt) 5 and less than ($lt) 9:
db.inventory.find( { ratings: { $elemMatch: { $gt: 5, $lt: 9 } } } )

The operation returns the following documents, whose ratings array contains the element 8 which meets the criteria:
{ "_id" : 5, "type" : "food", "item" : "aaa", "ratings" : [ 5, 8, 9 ] }
{ "_id" : 7, "type" : "food", "item" : "ccc", "ratings" : [ 9, 5, 8 ] }

Combination of Elements Satisfies the Criteria The following example queries for documents where the
ratings array contains elements that in some combination satisfy the query conditions; e.g., one element can satisfy
the greater than 5 condition and another element can satisfy the less than 9 condition, or a single element can satisfy
both:
db.inventory.find( { ratings: { $gt: 5, $lt: 9 } } )

The document with the "ratings" : [ 5, 9 ] matches the query since the element 9 is greater than 5 (the
first condition) and the element 5 is less than 9 (the second condition).
Array of Embedded Documents

Consider that the inventory collection includes the following documents:
{
_id: 100,
type: "food",
item: "xyz",
qty: 25,
price: 2.5,
ratings: [ 5, 8, 9 ],
memos: [ { memo: "on time", by: "shipping" }, { memo: "approved", by: "billing" } ]
}

144

Chapter 4. MongoDB CRUD Operations

MongoDB Documentation, Release 3.2.5

{
_id: 101,
type: "fruit",
item: "jkl",
qty: 10,
price: 4.25,
ratings: [ 5, 9 ],
memos: [ { memo: "on time", by: "payment" }, { memo: "delayed", by: "shipping" } ]
}

Match a Field in the Embedded Document Using the Array Index If you know the array index of the embedded
document, you can specify the document using the embedded document’s position using the dot notation.
The following example selects all documents where the memos contains an array whose first element (i.e. index is 0)
is a document that contains the field by whose value is ’shipping’:
db.inventory.find( { 'memos.0.by': 'shipping' } )

The operation returns the following document:
{
_id: 100,
type: "food",
item: "xyz",
qty: 25,
price: 2.5,
ratings: [ 5, 8, 9 ],
memos: [ { memo: "on time", by: "shipping" }, { memo: "approved", by: "billing" } ]
}

Match a Field Without Specifying Array Index If you do not know the index position of the document in the array,
concatenate the name of the field that contains the array, with a dot (.) and the name of the field in the embedded
document.
The following example selects all documents where the memos field contains an array that contains at least one
embedded document that contains the field by with the value ’shipping’:
db.inventory.find( { 'memos.by': 'shipping' } )

The operation returns the following documents:
{
_id: 100,
type: "food",
item: "xyz",
qty: 25,
price: 2.5,
ratings: [ 5, 8, 9 ],
memos: [ { memo: "on time", by: "shipping" }, { memo: "approved", by: "billing" } ]
}
{
_id: 101,
type: "fruit",
item: "jkl",
qty: 10,
price: 4.25,
ratings: [ 5, 9 ],

4.3. MongoDB CRUD Tutorials

145

MongoDB Documentation, Release 3.2.5

memos: [ { memo: "on time", by: "payment" }, { memo: "delayed", by: "shipping" } ]
}

Specify Multiple Criteria for Array of Documents

Single Element Satisfies the Criteria Use $elemMatch operator to specify multiple criteria on an array of embedded documents such that at least one embedded document satisfies all the specified criteria.
The following example queries for documents where the memos array has at least one embedded document that
contains both the field memo equal to ’on time’ and the field by equal to ’shipping’:
db.inventory.find(
{
memos:
{
$elemMatch:
{
memo: 'on time',
by: 'shipping'
}
}
}
)

Combination of Elements Satisfies the Criteria The following example queries for documents where the memos
array contains elements that in some combination satisfy the query conditions; e.g. one element satisfies the field
memo equal to ’on time’ condition and another element satisfies the field by equal to ’shipping’ condition, or
a single element can satisfy both criteria:
db.inventory.find(
{
'memos.memo': 'on time',
'memos.by': 'shipping'
}
)

The query returns the following documents:
{
_id: 100,
type: "food",
item: "xyz",
qty: 25,
price: 2.5,

146

Chapter 4. MongoDB CRUD Operations

MongoDB Documentation, Release 3.2.5

ratings: [ 5, 8, 9 ],
memos: [ { memo: "on time", by: "shipping" }, { memo: "approved", by: "billing" } ]
}
{
_id: 101,
type: "fruit",
item: "jkl",
qty: 10,
price: 4.25,
ratings: [ 5, 9 ],
memos: [ { memo: "on time", by: "payment" }, { memo: "delayed", by: "shipping" } ]
}

See also:
Limit Fields to Return from a Query (page 153)
Null or Missing Fields
Different query operators in MongoDB treat null values differently.
Given the collection inventory with the following documents:
{ "_id" : 900, "item" : null }
{ "_id" : 901 }

Equality Filter

The { item : null } query matches documents that either contain the item field whose value is null or that
do not contain the item field.
Given the following query:
db.inventory.find( { item: null } )

The query returns both documents:
{ "_id" : 900, "item" : null }
{ "_id" : 901 }

If the query uses an index that is sparse (page 574), however, then the query will only match null values, not missing
fields.
Changed in version 2.6: If using the sparse index results in an incomplete result, MongoDB will not use the index
unless a hint() explicitly specifies the index. See Sparse Indexes (page 574) for more information.
Type Check

The { item : { $type: 10 } } query matches documents that contains the item field whose value is
null only; i.e. the value of the item field is of BSON Type Null (i.e. 10) :
db.inventory.find( { item : { $type: 10 } } )

The query returns only the document where the item field has a null value:

4.3. MongoDB CRUD Tutorials

147

MongoDB Documentation, Release 3.2.5

{ "_id" : 900, "item" : null }

Existence Check

The { item :

{ $exists:

false } } query matches documents that do not contain the item field:

db.inventory.find( { item : { $exists: false } } )

The query returns only the document that does not contain the item field:
{ "_id" : 901 }

See also:
The reference documentation for the $type and $exists operators.

4.3.3 Modify Documents
On this page
•
•
•
•

Update Specific Fields in a Document (page 148)
Replace the Document (page 150)
upsert Option (page 150)
Additional Examples and Methods (page 152)

MongoDB provides the update() method to update the documents of a collection. The method accepts as its
parameters:
• an query filter document to determine which documents to update,
• an update document to specify the modification to perform or a replacement document that wholly replaces the
matching documents except for the _id field, and
• an options document.
By default, update() updates a single document. To update multiple documents, use the multi option.
Update Specific Fields in a Document
To change a field value, MongoDB provides update operators10 , such as $set to modify values.
To specify the modification to perform using update operators, use an update document of the form:
{
: { : , ... },
: { : , ... },
...
}

Some update operators, such as $set, will create the field if the field does not exist. See the individual update
operator11 reference.
10 https://docs.mongodb.org/manual/reference/operator/update
11 https://docs.mongodb.org/manual/reference/operator/update

148

Chapter 4. MongoDB CRUD Operations

MongoDB Documentation, Release 3.2.5

Step 1: Use update operators to change field values.

For the document with item equal to "MNO2", use the $set operator to update the category field and the
details field to the specified values and the $currentDate operator to update the field lastModified with
the current date.
db.inventory.update(
{ item: "MNO2" },
{
$set: {
category: "apparel",
details: { model: "14Q3", manufacturer: "XYZ Company" }
},
$currentDate: { lastModified: true }
}
)

The update operation returns a WriteResult object which contains the status of the operation. A successful update
of the document returns the following object:
WriteResult({ "nMatched" : 1, "nUpserted" : 0, "nModified" : 1 })

The nMatched field specifies the number of existing documents matched for the update, and nModified specifies
the number of existing documents modified.
Step 2: Update an embedded field.

To update a field within an embedded document, use the dot notation. When using the dot notation, enclose the whole
dotted field name in quotes.
The following updates the model field within the embedded details document.
db.inventory.update(
{ item: "ABC1" },
{ $set: { "details.model": "14Q2" } }
)

Step 3: Update multiple documents.

By default, the update() method updates a single document. To update multiple documents, use the multi option
in the update() method.
Update the category field to "apparel" and update the lastModified field to the current date for all documents that have category field equal to "clothing".
db.inventory.update(
{ category: "clothing" },
{
$set: { category: "apparel" },
$currentDate: { lastModified: true }
},

4.3. MongoDB CRUD Tutorials

149

MongoDB Documentation, Release 3.2.5

{ multi: true }
)

Replace the Document
To replace the entire content of a document except for the _id field, pass an entirely new document as the second
argument to update().
The replacement document can have different fields from the original document. In the replacement document, you
can omit the _id field since the _id field is immutable. If you do include the _id field, it must be the same value as
the existing value.
Step 1: Replace a document.

The following operation replaces the document with item equal to "BE10". The newly replaced document will only
contain the _id field and the fields in the replacement document.
db.inventory.update(
{ item: "BE10" },
{
item: "BE05",
stock: [ { size: "S", qty: 20 }, { size: "M", qty: 5 } ],
category: "apparel"
}
)

upsert Option
By default, if no document matches the update query, the update() method does nothing.
However, by specifying upsert: true, the update() method either updates matching document or documents, or
inserts a new document using the update specification if no matching document exists.
Step 1: Specify upsert:

true for the update replacement operation.

When you specify upsert: true for an update operation to replace a document and no matching documents
are found, MongoDB creates a new document using the equality conditions in the update conditions document, and
replaces this document, except for the _id field if specified, with the update document.
The following operation either updates a matching document by replacing it with a new document or adds a new
document if no matching document exists.

150

Chapter 4. MongoDB CRUD Operations

MongoDB Documentation, Release 3.2.5

db.inventory.update(
{ item: "TBD1" },
{
item: "TBD1",
details: { "model" : "14Q4", "manufacturer" : "ABC Company" },
stock: [ { "size" : "S", "qty" : 25 } ],
category: "houseware"
},
{ upsert: true }
)

The update operation returns a WriteResult object which contains the status of the operation, including whether
the db.collection.update() method modified an existing document or added a new document.
WriteResult({
"nMatched" : 0,
"nUpserted" : 1,
"nModified" : 0,
"_id" : ObjectId("53dbd684babeaec6342ed6c7")
})

true for the update specific fields operation.

When you specify upsert: true for an update operation that modifies specific fields and no matching documents
are found, MongoDB creates a new document using the equality conditions in the update conditions document, and
applies the modification as specified in the update document.
The following update operation either updates specific fields of a matching document or adds a new document if no
matching document exists.
db.inventory.update(
{ item: "TBD2" },
{
$set: {
details: { "model" : "14Q3", "manufacturer" : "IJK Co." },
category: "houseware"
}
},
{ upsert: true }
)

4.3. MongoDB CRUD Tutorials

151

MongoDB Documentation, Release 3.2.5

The nMatched field shows that the operation matched 0 documents.
The nUpserted of 1 shows that the update added a document.
The nModified of 0 specifies that no existing documents were updated.
The information above indicates that the operation has created one new document. The _id field shows the generated
_id field for the added document; you can perform a query to confirm the result:
db.inventory.findOne( { _id: ObjectId("53dbd7c8babeaec6342ed6c8") } )

The result matches the document specified in the update():
{
"_id" : ObjectId("56a12ec8242ae5d73c07b15e"),
"item" : "TBD2",
"details" : {
"model" : "14Q3",
"manufacturer" : "IJK Co."
},
"category" : "houseware"
}

Additional Examples and Methods
For more examples, see Update examples in the db.collection.update() reference page.
The db.collection.findAndModify() and the db.collection.save() method can also modify existing documents or insert a new one. See the individual reference pages for the methods for more information and
examples.

4.3.4 Remove Documents
On this page
• Remove All Documents (page 152)
• Remove Documents that Match a Condition (page 153)
• Remove a Single Document that Matches a Condition (page 153)
In MongoDB, the db.collection.remove() method removes documents from a collection. You can remove
all documents from a collection, remove all documents that match a condition, or limit the operation to remove just a
single document.
This tutorial provides examples of remove operations using the db.collection.remove() method in the mongo
shell.
Remove All Documents
To remove all documents from a collection, pass an empty query document {} to the remove() method. The
remove() method does not remove the indexes.
The following example removes all documents from the inventory collection:
db.inventory.remove({})

152

Chapter 4. MongoDB CRUD Operations

MongoDB Documentation, Release 3.2.5

To remove all documents from a collection, it may be more efficient to use the drop() method to drop the entire
collection, including the indexes, and then recreate the collection and rebuild the indexes.
Remove Documents that Match a Condition
To remove the documents that match a deletion criteria, call the remove() method with the parameter.
The following example removes all documents from the inventory collection where the type field equals food:
db.inventory.remove( { type : "food" } )

For large deletion operations, it may be more efficient to copy the documents that you want to keep to a new collection
and then use drop() on the original collection.
Remove a Single Document that Matches a Condition
To remove a single document, call the remove() method with the justOne parameter set to true or 1.
The following example removes one document from the inventory collection where the type field equals food:
db.inventory.remove( { type : "food" }, 1 )

To delete a single document sorted by some specified order, use the findAndModify() method.

4.3.5 Limit Fields to Return from a Query
On this page
•
•
•
•
•
•
•

Return All Fields in Matching Documents (page 154)
Return the Specified Fields and the _id Field Only (page 154)
Return Specified Fields Only (page 154)
Return All But the Excluded Field (page 154)
Return Specific Fields in Embedded Documents (page 154)
Suppress Specific Fields in Embedded Documents (page 155)
Projection for Array Fields (page 156)

The projection document limits the fields to return for all matching documents. The projection document can specify
the inclusion of fields or the exclusion of fields.
The specifications have the following forms:
Syntax
:
:

<1 or true>
<0 or false>

Description
Specify the inclusion of a field.
Specify the suppression of the field.

Important: The _id field is, by default, included in the result set. To suppress the _id field from the result set,
specify _id: 0 in the projection document.
You cannot combine inclusion and exclusion semantics in a single projection with the exception of the _id field.
This tutorial offers various query examples that limit the fields to return for all matching documents. The examples in
this tutorial use a collection inventory and use the db.collection.find() method in the mongo shell. The
db.collection.find() method returns a cursor (page 103) to the retrieved documents. For examples on query
selection criteria, see Query Documents (page 140).

4.3. MongoDB CRUD Tutorials

153

MongoDB Documentation, Release 3.2.5

Return All Fields in Matching Documents
If you specify no projection, the find() method returns all fields of all documents that match the query.
db.inventory.find( { type: 'food' } )

This operation will return all documents in the inventory collection where the value of the type field is ’food’.
The returned documents contain all fields.
Return the Specified Fields and the _id Field Only
A projection can explicitly include several fields. In the following operation, the find() method returns all documents that match the query. In the result set, only the item and qty fields and, by default, the _id field return in the
matching documents.
db.inventory.find( { type: 'food' }, { item: 1, qty: 1 } )

Return Specified Fields Only
You can remove the _id field from the results by specifying its exclusion in the projection, as in the following
example:
db.inventory.find( { type: 'food' }, { item: 1, qty: 1, _id:0 } )

This operation returns all documents that match the query. In the result set, only the item and qty fields return in
the matching documents.
Return All But the Excluded Field
To exclude a single field or group of fields you can use a projection in the following form:
db.inventory.find( { type: 'food' }, { type:0 } )

This operation returns all documents where the value of the type field is food. In the result set, the type field does
not return in the matching documents.
With the exception of the _id field you cannot combine inclusion and exclusion statements in projection documents.
Return Specific Fields in Embedded Documents
Use the dot notation (page 9) to return specific fields inside an embedded document. For example, the inventory
collection contains the following document:
{
"_id" : 3,
"type" : "food",
"item" : "aaa",
"classification": { dept: "grocery", category: "chocolate"

}

The following operation returns all documents that match the query. The specified projection returns only
the category field in the classification document. The returned category field remains inside the
classification document.

154

Chapter 4. MongoDB CRUD Operations

MongoDB Documentation, Release 3.2.5

db.inventory.find(
{ type: 'food', _id: 3 },
{ "classification.category": 1, _id: 0 }
)

The operation returns the following document:
{ "classification" : { "category" : "chocolate" } }

Suppress Specific Fields in Embedded Documents
Use dot notation (page 9) to suppress specific fields inside an embedded document using a 0 instead of 1. For example,
the inventory collection contains the following document:
{
"_id" : 3,
"type" : "food",
"item" : "Super Dark Chocolate",
"classification" : { "dept" : "grocery", "category" : "chocolate"},
"vendor" : {
"primary" : {
"name" : "Marsupial Vending Co",
"address" : "Wallaby Rd",
"delivery" : ["M","W","F"]
},
"secondary":{
"name" : "Intl. Chocolatiers",
"address" : "Cocoa Plaza",
"delivery" : ["Sa"]
}
}
}

The following operation returns all documents where the value of the type field is food and the _id field is 3. The
projection suppresses only the category field in the classification document. The dept field remains inside
the classification document.
db.inventory.find(
{ type: 'food', _id: 3 },
{ "classification.category": 0}
)

The operation returns the following document:
{
"_id" : 3,
"type" : "food",
"item" : "Super Dark Chocolate",
"classification" : { "dept" : "grocery"},
"vendor" : {
"primary" : {
"name" : "Bobs Vending",
"address" : "Wallaby Rd",
"delivery" : ["M","W","F"]
},
"secondary":{
"name" : "Intl. Chocolatiers",
"address" : "Cocoa Plaza",

4.3. MongoDB CRUD Tutorials

155

MongoDB Documentation, Release 3.2.5

"delivery" : ["Sa"]
}
}
}

You can suppress nested subdocuments at any depth using dot notation (page 9). The following specifies a projection
to suppress the delivery array only for the secondary document.
db.inventory.find(
{ "type" : "food" },
{ "vendor.secondary.delivery" : 0 }
)

This returns all documents except the delivery array in the secondary document
{
"_id" : 3,
"type" : "food",
"item" : "Super Dark Chocolate",
"classification" : { "dept" : "grocery", "category" : "chocolate"},
"vendor" : {
"primary" : {
"name" : "Bobs Vending",
"address" : "Wallaby Rd",
"delivery" : ["M","W","F"]
},
"secondary":{
"name" : "Intl. Chocolatiers",
"address" : "Cocoa Plaza"
}
}
}

Projection for Array Fields
For fields that contain arrays, MongoDB provides the following projection operators: $elemMatch, $slice, and
$.
For example, the inventory collection contains the following document:
{ "_id" : 5, "type" : "food", "item" : "aaa", "ratings" : [ 5, 8, 9 ] }

Then the following operation uses the $slice projection operator to return just the first two elements in the ratings
array.
db.inventory.find( { _id: 5 }, { ratings: { $slice: 2 } } )

$elemMatch, $slice, and $ are the only way to project portions of an array. For instance, you cannot project a
portion of an array using the array index; e.g. { "ratings.0": 1 } projection will not project the array with
the first element.
See also:
Query Documents (page 140)

4.3.6 Limit Number of Elements in an Array after an Update

156

Chapter 4. MongoDB CRUD Operations

MongoDB Documentation, Release 3.2.5

On this page
• Synopsis (page 157)
• Pattern (page 157)
New in version 2.4.
Synopsis
Consider an application where users may submit many scores (e.g. for a test), but the application only needs to track
the top three test scores.
This pattern uses the $push operator with the $each, $sort, and $slice modifiers to sort and maintain an array
of fixed size.
Pattern
Consider the following document in the collection students:
{
_id: 1,
scores: [
{ attempt: 1, score: 10 },
{ attempt: 2 , score:8 }
]
}

The following update uses the $push operator with:
• the $each modifier to append to the array 2 new elements,
• the $sort modifier to order the elements by ascending (1) score, and
• the $slice modifier to keep the last 3 elements of the ordered array.
db.students.update(
{ _id: 1 },
{
$push: {
scores: {
$each: [ { attempt: 3, score: 7 }, { attempt: 4, score: 4 } ],
$sort: { score: 1 },
$slice: -3
}
}
}
)

Note: When using the $sort modifier on the array element, access the field in the embedded document element
directly instead of using the dot notation on the array field.
After the operation, the document contains only the top 3 scores in the scores array:
{
"_id" : 1,
"scores" : [

4.3. MongoDB CRUD Tutorials

157

MongoDB Documentation, Release 3.2.5

{ "attempt" : 3, "score" : 7 },
{ "attempt" : 2, "score" : 8 },
{ "attempt" : 1, "score" : 10 }
]
}

See also:
• $push operator,
• $each modifier,
• $sort modifier, and
• $slice modifier.

4.3.7 Iterate a Cursor in the mongo Shell
On this page
• Manually Iterate the Cursor (page 158)
• Iterator Index (page 159)
The db.collection.find() method returns a cursor. To access the documents, you need to iterate the cursor.
However, in the mongo shell, if the returned cursor is not assigned to a variable using the var keyword, then the
cursor is automatically iterated up to 20 times to print up to the first 20 documents in the results. The following
describes ways to manually iterate the cursor to access the documents or to use the iterator index.
Manually Iterate the Cursor
In the mongo shell, when you assign the cursor returned from the find() method to a variable using the var
keyword, the cursor does not automatically iterate.
You can call the cursor variable in the shell to iterate up to 20 times
following example:

and print the matching documents, as in the

var myCursor = db.inventory.find( { type: 'food' } );
myCursor

You can also use the cursor method next() to access the documents, as in the following example:
var myCursor = db.inventory.find( { type: 'food' } );
while (myCursor.hasNext()) {
print(tojson(myCursor.next()));
}

As an alternative print operation, consider the printjson() helper method to replace print(tojson()):
var myCursor = db.inventory.find( { type: 'food' } );
while (myCursor.hasNext()) {
12 You can use the DBQuery.shellBatchSize to change the number of iteration from the default value 20. See Working with the mongo
Shell (page 78) for more information.

158

Chapter 4. MongoDB CRUD Operations

MongoDB Documentation, Release 3.2.5

printjson(myCursor.next());
}

You can use the cursor method forEach() to iterate the cursor and access the documents, as in the following
example:
var myCursor =

db.inventory.find( { type: 'food' } );

myCursor.forEach(printjson);

See JavaScript cursor methods and your driver documentation for more information on cursor methods.
Iterator Index
In the mongo shell, you can use the toArray() method to iterate the cursor and return the documents in an array,
as in the following:
var myCursor = db.inventory.find( { type: 'food' } );
var documentArray = myCursor.toArray();
var myDocument = documentArray[3];

The toArray() method loads into RAM all documents returned by the cursor; the toArray() method exhausts
the cursor.
Additionally, some drivers provide access to the documents by using an index on the cursor (i.e.
cursor[index]). This is a shortcut for first calling the toArray() method and then using an index on the
resulting array.
Consider the following example:
var myCursor = db.inventory.find( { type: 'food' } );
var myDocument = myCursor[3];

The myCursor[3] is equivalent to the following example:
myCursor.toArray() [3];

4.3.8 Analyze Query Performance
On this page
• Evaluate the Performance of a Query (page 160)
• Compare Performance of Indexes (page 162)
• Additional Resources (page 164)
The cursor.explain("executionStats") and the db.collection.explain("executionStats")
methods provide statistics about the performance of a query. This data output can be useful in measuring if and how a
query uses an index.
db.collection.explain() provides information on the execution of other operations,
db.collection.update(). See db.collection.explain() for details.

4.3. MongoDB CRUD Tutorials

such as

159

MongoDB Documentation, Release 3.2.5

Evaluate the Performance of a Query
Consider a collection inventory with the following documents:
{
{
{
{
{
{
{
{
{
{

"_id"
"_id"
"_id"
"_id"
"_id"
"_id"
"_id"
"_id"
"_id"
"_id"

:
:
:
:
:
:
:
:
:
:

1, "item" : "f1", type: "food", quantity: 500 }
2, "item" : "f2", type: "food", quantity: 100 }
3, "item" : "p1", type: "paper", quantity: 200 }
4, "item" : "p2", type: "paper", quantity: 150 }
5, "item" : "f3", type: "food", quantity: 300 }
6, "item" : "t1", type: "toys", quantity: 500 }
7, "item" : "a1", type: "apparel", quantity: 250 }
8, "item" : "a2", type: "apparel", quantity: 400 }
9, "item" : "t2", type: "toys", quantity: 50 }
10, "item" : "f4", type: "food", quantity: 75 }

Query with No Index

The following query retrieves documents where the quantity field has a value between 100 and 200, inclusive:
db.inventory.find( { quantity: { $gte: 100, $lte: 200 } } )

The query returns the following documents:
{ "_id" : 2, "item" : "f2", "type" : "food", "quantity" : 100 }
{ "_id" : 3, "item" : "p1", "type" : "paper", "quantity" : 200 }
{ "_id" : 4, "item" : "p2", "type" : "paper", "quantity" : 150 }

To view the query plan selected, use the explain("executionStats") method:
db.inventory.find(
{ quantity: { $gte: 100, $lte: 200 } }
).explain("executionStats")

explain() returns the following results:
{
"queryPlanner" : {
"plannerVersion" : 1,
...
"winningPlan" : {
"stage" : "COLLSCAN",
...
}
},
"executionStats" : {
"executionSuccess" : true,
"nReturned" : 3,
"executionTimeMillis" : 0,
"totalKeysExamined" : 0,
"totalDocsExamined" : 10,
"executionStages" : {
"stage" : "COLLSCAN",
...
},
...
},
...
}

160

Chapter 4. MongoDB CRUD Operations

MongoDB Documentation, Release 3.2.5

• queryPlanner.winningPlan.stage displays COLLSCAN to indicate a collection scan.
• executionStats.nReturned displays 3 to indicate that the query matches and returns three documents.
• executionStats.totalDocsExamined display 10 to indicate that MongoDB had to scan ten documents (i.e. all documents in the collection) to find the three matching documents.
The difference between the number of matching documents and the number of examined documents may suggest that,
to improve efficiency, the query might benefit from the use of an index.
Query with Index

To support the query on the quantity field, add an index on the quantity field:
db.inventory.createIndex( { quantity: 1 } )

To view the query plan statistics, use the explain("executionStats") method:
db.inventory.find(
{ quantity: { $gte: 100, $lte: 200 } }
).explain("executionStats")

The explain() method returns the following results:
{
"queryPlanner" : {
"plannerVersion" : 1,
...
"winningPlan" : {
"stage" : "FETCH",
"inputStage" : {
"stage" : "IXSCAN",
"keyPattern" : {
"quantity" : 1
},
...
}
},
"rejectedPlans" : [ ]
},
"executionStats" : {
"executionSuccess" : true,
"nReturned" : 3,
"executionTimeMillis" : 0,
"totalKeysExamined" : 3,
"totalDocsExamined" : 3,
"executionStages" : {
...
},
...
},
...
}

• queryPlanner.winningPlan.inputStage.stage displays IXSCAN to indicate index use.
• executionStats.nReturned displays 3 to indicate that the query matches and returns three documents.
• executionStats.totalKeysExamined display 3 to indicate that MongoDB scanned three index entries.
4.3. MongoDB CRUD Tutorials

161

MongoDB Documentation, Release 3.2.5

• executionStats.totalDocsExamined display 3 to indicate that MongoDB scanned three documents.
When run with an index, the query scanned 3 index entries and 3 documents to return 3 matching documents. Without
the index, to return the 3 matching documents, the query had to scan the whole collection, scanning 10 documents.
Compare Performance of Indexes
To manually compare the performance of a query using more than one index, you can use the hint() method in
conjunction with the explain() method.
Consider the following query:
db.inventory.find( { quantity: { $gte: 100, $lte: 300 }, type: "food" } )

The query returns the following documents:
{ "_id" : 2, "item" : "f2", "type" : "food", "quantity" : 100 }
{ "_id" : 5, "item" : "f3", "type" : "food", "quantity" : 300 }

To support the query, add a compound index (page 522). With compound indexes (page 522), the order of the fields
matter.
For example, add the following two compound indexes. The first index orders by quantity field first, and then the
type field. The second index orders by type first, and then the quantity field.
db.inventory.createIndex( { quantity: 1, type: 1 } )
db.inventory.createIndex( { type: 1, quantity: 1 } )

Evaluate the effect of the first index on the query:
db.inventory.find(
{ quantity: { $gte: 100, $lte: 300 }, type: "food" }
).hint({ quantity: 1, type: 1 }).explain("executionStats")

The explain() method returns the following output:
{
"queryPlanner" : {
...
"winningPlan" : {
"stage" : "FETCH",
"inputStage" : {
"stage" : "IXSCAN",
"keyPattern" : {
"quantity" : 1,
"type" : 1
},
...
}
}
},
"rejectedPlans" : [ ]
},
"executionStats" : {
"executionSuccess" : true,
"nReturned" : 2,
"executionTimeMillis" : 0,
"totalKeysExamined" : 5,
"totalDocsExamined" : 2,
"executionStages" : {

162

Chapter 4. MongoDB CRUD Operations

MongoDB Documentation, Release 3.2.5

...
}
},
...
}

MongoDB scanned 5 index keys (executionStats.totalKeysExamined) to return 2 matching documents
(executionStats.nReturned).
Evaluate the effect of the second index on the query:
db.inventory.find(
{ quantity: { $gte: 100, $lte: 300 }, type: "food" }
).hint({ type: 1, quantity: 1 }).explain("executionStats")

The explain() method returns the following output:
{
"queryPlanner" : {
...
"winningPlan" : {
"stage" : "FETCH",
"inputStage" : {
"stage" : "IXSCAN",
"keyPattern" : {
"type" : 1,
"quantity" : 1
},
...
}
},
"rejectedPlans" : [ ]
},
"executionStats" : {
"executionSuccess" : true,
"nReturned" : 2,
"executionTimeMillis" : 0,
"totalKeysExamined" : 2,
"totalDocsExamined" : 2,
"executionStages" : {
...
}
},
...
}

MongoDB scanned 2 index keys (executionStats.totalKeysExamined) to return 2 matching documents
(executionStats.nReturned).
For this example query, the compound index { type:
pound index { quantity: 1, type: 1 }.

1, quantity:

1 } is more efficient than the com-

See also:
Query Optimization (page 105), Query Plans (page 108), Optimize Query Performance (page 314), Indexing Strategies
(page 586)

4.3. MongoDB CRUD Tutorials

163

MongoDB Documentation, Release 3.2.5

Additional Resources
• MongoDB Performance Evaluation and Tuning Consulting Package13

4.3.9 Perform Two Phase Commits
On this page
•
•
•
•
•
•

Synopsis (page 164)
Background (page 164)
Pattern (page 165)
Recovering from Failure Scenarios (page 167)
Multiple Applications (page 169)
Using Two-Phase Commits in Production Applications (page 170)

Synopsis
This document provides a pattern for doing multi-document updates or “multi-document transactions” using a twophase commit approach for writing data to multiple documents. Additionally, you can extend this process to provide
a rollback-like (page 168) functionality.
Background
Operations on a single document are always atomic with MongoDB databases; however, operations that involve multiple documents, which are often referred to as “multi-document transactions”, are not atomic. Since documents can be
fairly complex and contain multiple “nested” documents, single-document atomicity provides the necessary support
for many practical use cases.
Despite the power of single-document atomic operations, there are cases that require multi-document transactions.
When executing a transaction composed of sequential operations, certain issues arise, such as:
• Atomicity: if one operation fails, the previous operation within the transaction must “rollback” to the previous
state (i.e. the “nothing,” in “all or nothing”).
• Consistency: if a major failure (i.e. network, hardware) interrupts the transaction, the database must be able to
recover a consistent state.
For situations that require multi-document transactions, you can implement two-phase commit in your application to
provide support for these kinds of multi-document updates. Using two-phase commit ensures that data is consistent
and, in case of an error, the state that preceded the transaction is recoverable (page 168). During the procedure,
however, documents can represent pending data and states.
Note: Because only single-document operations are atomic with MongoDB, two-phase commits can only offer
transaction-like semantics. It is possible for applications to return intermediate data at intermediate points during the
two-phase commit or rollback.
13 https://www.mongodb.com/products/consulting?jmp=docs#performance_evaluation

164

Chapter 4. MongoDB CRUD Operations

MongoDB Documentation, Release 3.2.5

Pattern
Overview

Consider a scenario where you want to transfer funds from account A to account B. In a relational database system,
you can subtract the funds from A and add the funds to B in a single multi-statement transaction. In MongoDB, you
can emulate a two-phase commit to achieve a comparable result.
The examples in this tutorial use the following two collections:
1. A collection named accounts to store account information.
2. A collection named transactions to store information on the fund transfer transactions.
Initialize Source and Destination Accounts

Insert into the accounts collection a document for account A and a document for account B.
db.accounts.insert(
[
{ _id: "A", balance: 1000, pendingTransactions: [] },
{ _id: "B", balance: 1000, pendingTransactions: [] }
]
)

The operation returns a BulkWriteResult() object with the status of the operation. Upon successful insert, the
BulkWriteResult() has nInserted set to 2 .
Initialize Transfer Record

For each fund transfer to perform, insert into the transactions collection a document with the transfer information.
The document contains the following fields:
• source and destination fields, which refer to the _id fields from the accounts collection,
• value field, which specifies the amount of transfer affecting the balance of the source and
destination accounts,
• state field, which reflects the current state of the transfer. The state field can have the value of initial,
pending, applied, done, canceling, and canceled.
• lastModified field, which reflects last modification date.
To initialize the transfer of 100 from account A to account B, insert into the transactions collection a document
with the transfer information, the transaction state of "initial", and the lastModified field set to the current
date:

db.transactions.insert(
{ _id: 1, source: "A", destination: "B", value: 100, state: "initial", lastModified: new Date() }
)

The operation returns a WriteResult() object with the status of the operation. Upon successful insert, the
WriteResult() object has nInserted set to 1.

4.3. MongoDB CRUD Tutorials

165

MongoDB Documentation, Release 3.2.5

Transfer Funds Between Accounts Using Two-Phase Commit

Step 1: Retrieve the transaction to start. From the transactions collection, find a transaction in the initial
state. Currently the transactions collection has only one document, namely the one added in the Initialize
Transfer Record (page 165) step. If the collection contains additional documents, the query will return any transaction
with an initial state unless you specify additional query conditions.
var t = db.transactions.findOne( { state: "initial" } )

Type the variable t in the mongo shell to print the contents of the variable. The operation should print a document
similar to the following except the lastModified field should reflect date of your insert operation:
{ "_id" : 1, "source" : "A", "destination" : "B", "value" : 100, "state" : "initial", "lastModified"

Step 2: Update transaction state to pending. Set the transaction state from initial to pending and use the
$currentDate operator to set the lastModified field to the current date.
db.transactions.update(
{ _id: t._id, state: "initial" },
{
$set: { state: "pending" },
$currentDate: { lastModified: true }
}
)

The operation returns a WriteResult() object with the status of the operation. Upon successful update, the
nMatched and nModified displays 1.
In the update statement, the state: "initial" condition ensures that no other process has already updated this
record. If nMatched and nModified is 0, go back to the first step to get a different transaction and restart the
procedure.
Step 3: Apply the transaction to both accounts. Apply the transaction t to both accounts using the update()
method if the transaction has not been applied to the accounts. In the update condition, include the condition
pendingTransactions: { $ne: t._id } in order to avoid re-applying the transaction if the step is run
more than once.
To apply the transaction to the account, update both the balance field and the pendingTransactions field.
Update the source account, subtracting from its balance the transaction value and adding to its
pendingTransactions array the transaction _id.
db.accounts.update(
{ _id: t.source, pendingTransactions: { $ne: t._id } },
{ $inc: { balance: -t.value }, $push: { pendingTransactions: t._id } }
)

Upon successful update, the method returns a WriteResult() object with nMatched and nModified set to 1.
Update the destination account, adding to its balance the transaction value and adding to its
pendingTransactions array the transaction _id .
db.accounts.update(
{ _id: t.destination, pendingTransactions: { $ne: t._id } },
{ $inc: { balance: t.value }, $push: { pendingTransactions: t._id } }
)

Upon successful update, the method returns a WriteResult() object with nMatched and nModified set to 1.
166

Chapter 4. MongoDB CRUD Operations

MongoDB Documentation, Release 3.2.5

Step 4: Update transaction state to applied. Use the following update() operation to set the transaction’s
state to applied and update the lastModified field:
db.transactions.update(
{ _id: t._id, state: "pending" },
{
$set: { state: "applied" },
$currentDate: { lastModified: true }
}
)

Upon successful update, the method returns a WriteResult() object with nMatched and nModified set to 1.
Step 5: Update both accounts’ list of pending transactions. Remove the applied transaction _id from the
pendingTransactions array for both accounts.
Update the source account.
db.accounts.update(
{ _id: t.source, pendingTransactions: t._id },
{ $pull: { pendingTransactions: t._id } }
)

Upon successful update, the method returns a WriteResult() object with nMatched and nModified set to 1.
Update the destination account.
db.accounts.update(
{ _id: t.destination, pendingTransactions: t._id },
{ $pull: { pendingTransactions: t._id } }
)

Upon successful update, the method returns a WriteResult() object with nMatched and nModified set to 1.
Step 6: Update transaction state to done. Complete the transaction by setting the state of the transaction to
done and updating the lastModified field:
db.transactions.update(
{ _id: t._id, state: "applied" },
{
$set: { state: "done" },
$currentDate: { lastModified: true }
}
)

Upon successful update, the method returns a WriteResult() object with nMatched and nModified set to 1.
Recovering from Failure Scenarios
The most important part of the transaction procedure is not the prototypical example above, but rather the possibility
for recovering from the various failure scenarios when transactions do not complete successfully. This section presents
an overview of possible failures and provides steps to recover from these kinds of events.

4.3. MongoDB CRUD Tutorials

167

MongoDB Documentation, Release 3.2.5

Recovery Operations

The two-phase commit pattern allows applications running the sequence to resume the transaction and arrive at a
consistent state. Run the recovery operations at application startup, and possibly at regular intervals, to catch any
unfinished transactions.
The time required to reach a consistent state depends on how long the application needs to recover each transaction.
The following recovery procedures uses the lastModified date as an indicator of whether the pending transaction
requires recovery; specifically, if the pending or applied transaction has not been updated in the last 30 minutes,
the procedures determine that these transactions require recovery. You can use different conditions to make this
determination.
Transactions in Pending State To recover from failures that occur after step “Update transaction state to pending.
(page ??)” but before “Update transaction state to applied. (page ??)” step, retrieve from the transactions
collection a pending transaction for recovery:
var dateThreshold = new Date();
dateThreshold.setMinutes(dateThreshold.getMinutes() - 30);
var t = db.transactions.findOne( { state: "pending", lastModified: { $lt: dateThreshold } } );

And resume from step “Apply the transaction to both accounts. (page ??)“
Transactions in Applied State To recover from failures that occur after step “Update transaction state to applied.
(page ??)” but before “Update transaction state to done. (page ??)” step, retrieve from the transactions collection
an applied transaction for recovery:
var dateThreshold = new Date();
dateThreshold.setMinutes(dateThreshold.getMinutes() - 30);
var t = db.transactions.findOne( { state: "applied", lastModified: { $lt: dateThreshold } } );

And resume from “Update both accounts’ list of pending transactions. (page ??)“
Rollback Operations

In some cases, you may need to “roll back” or undo a transaction; e.g., if the application needs to “cancel” the
transaction or if one of the accounts does not exist or stops existing during the transaction.
Transactions in Applied State After the “Update transaction state to applied. (page ??)” step, you should not
roll back the transaction. Instead, complete that transaction and create a new transaction (page 165) to reverse the
transaction by switching the values in the source and the destination fields.
Transactions in Pending State After the “Update transaction state to pending. (page ??)” step, but before the
“Update transaction state to applied. (page ??)” step, you can rollback the transaction using the following procedure:
Step 1: Update transaction state to canceling. Update the transaction state from pending to canceling.
db.transactions.update(
{ _id: t._id, state: "pending" },
{
$set: { state: "canceling" },

168

Chapter 4. MongoDB CRUD Operations

MongoDB Documentation, Release 3.2.5

$currentDate: { lastModified: true }
}
)

Upon successful update, the method returns a WriteResult() object with nMatched and nModified set to 1.
Step 2: Undo the transaction on both accounts. To undo the transaction on both accounts, reverse the transaction
t if the transaction has been applied. In the update condition, include the condition pendingTransactions:
t._id in order to update the account only if the pending transaction has been applied.
Update the destination account, subtracting from its balance the transaction value and removing the transaction
_id from the pendingTransactions array.
db.accounts.update(
{ _id: t.destination, pendingTransactions: t._id },
{
$inc: { balance: -t.value },
$pull: { pendingTransactions: t._id }
}
)

Upon successful update, the method returns a WriteResult() object with nMatched and nModified set to
1. If the pending transaction has not been previously applied to this account, no document will match the update
condition and nMatched and nModified will be 0.
Update the source account, adding to its balance the transaction value and removing the transaction _id from
the pendingTransactions array.
db.accounts.update(
{ _id: t.source, pendingTransactions: t._id },
{
$inc: { balance: t.value},
$pull: { pendingTransactions: t._id }
}
)

Upon successful update, the method returns a WriteResult() object with nMatched and nModified set to
1. If the pending transaction has not been previously applied to this account, no document will match the update
condition and nMatched and nModified will be 0.
Step 3: Update transaction state to canceled. To finish the rollback, update the transaction state from
canceling to cancelled.
db.transactions.update(
{ _id: t._id, state: "canceling" },
{
$set: { state: "cancelled" },
$currentDate: { lastModified: true }
}
)

Upon successful update, the method returns a WriteResult() object with nMatched and nModified set to 1.
Multiple Applications
Transactions exist, in part, so that multiple applications can create and run operations concurrently without causing
data inconsistency or conflicts. In our procedure, to update or retrieve the transaction document, the update conditions
4.3. MongoDB CRUD Tutorials

169

MongoDB Documentation, Release 3.2.5

include a condition on the state field to prevent reapplication of the transaction by multiple applications.
For example, applications App1 and App2 both grab the same transaction, which is in the initial state. App1
applies the whole transaction before App2 starts. When App2 attempts to perform the “Update transaction state to
pending. (page ??)” step, the update condition, which includes the state: "initial" criterion, will not match
any document, and the nMatched and nModified will be 0. This should signal to App2 to go back to the first step
to restart the procedure with a different transaction.
When multiple applications are running, it is crucial that only one application can handle a given transaction at any
point in time. As such, in addition including the expected state of the transaction in the update condition, you can
also create a marker in the transaction document itself to identify the application that is handling the transaction. Use
findAndModify() method to modify the transaction and get it back in one step:
t = db.transactions.findAndModify(
{
query: { state: "initial", application: { $exists: false } },
update:
{
$set: { state: "pending", application: "App1" },
$currentDate: { lastModified: true }
},
new: true
}
)

Amend the transaction operations to ensure that only applications that match the identifier in the application field
apply the transaction.
If the application App1 fails during transaction execution, you can use the recovery procedures (page 167), but applications should ensure that they “own” the transaction before applying the transaction. For example to find and resume
the pending job, use a query that resembles the following:
var dateThreshold = new Date();
dateThreshold.setMinutes(dateThreshold.getMinutes() - 30);
db.transactions.find(
{
application: "App1",
state: "pending",
lastModified: { $lt: dateThreshold }
}
)

Using Two-Phase Commits in Production Applications
The example transaction above is intentionally simple. For example, it assumes that it is always possible to roll back
operations to an account and that account balances can hold negative values.
Production implementations would likely be more complex. Typically, accounts need information about current balance, pending credits, and pending debits.
For all transactions, ensure that you use the appropriate level of write concern (page 179) for your deployment.

4.3.10 Update Document if Current

170

Chapter 4. MongoDB CRUD Operations

MongoDB Documentation, Release 3.2.5

On this page
•
•
•
•

Overview (page 171)
Pattern (page 171)
Example (page 171)
Modifications to the Pattern (page 172)

Overview
The Update if Current pattern is an approach to concurrency control (page 126) when multiple applications have
access to the data.
Pattern
The pattern queries for the document to update. Then, for each field to modify, the pattern includes the field and its
value in the returned document in the query predicate for the update operation. This way, the update only modifies the
document fields if the fields have not changed since the query.
Example
Consider the following example in the mongo shell. The example updates the quantity and the reordered fields
of a document only if the fields have not changed since the query.
Changed in version 2.6: The db.collection.update() method now returns a WriteResult() object that
contains the status of the operation. Previous versions required an extra db.getLastErrorObj() method call.
var myDocument = db.products.findOne( { sku: "abc123" } );
if ( myDocument ) {
var oldQuantity = myDocument.quantity;
var oldReordered = myDocument.reordered;
var results = db.products.update(
{
_id: myDocument._id,
quantity: oldQuantity,
reordered: oldReordered
},
{
$inc: { quantity: 50 },
$set: { reordered: true }
}
)
if ( results.hasWriteError() ) {
print( "unexpected error updating document: " + tojson(results) );
}
else if ( results.nMatched === 0 ) {
print( "No matching document for " +
"{ _id: "+ myDocument._id.toString() +
", quantity: " + oldQuantity +
", reordered: " + oldReordered
+ " } "

4.3. MongoDB CRUD Tutorials

171

MongoDB Documentation, Release 3.2.5

);
}
}

Modifications to the Pattern
Another approach is to add a version field to the documents. Applications increment this field upon each update
operation to the documents. You must be able to ensure that all clients that connect to your database include the
version field in the query predicate. To associate increasing numbers with documents in a collection, you can use
one of the methods described in Create an Auto-Incrementing Sequence Field (page 173).
For more approaches, see Concurrency Control (page 126).

4.3.11 Create Tailable Cursor
On this page
• Overview (page 172)

Overview
By default, MongoDB will automatically close a cursor when the client has exhausted all results in the cursor. However, for capped collections (page 6) you may use a Tailable Cursor that remains open after the client exhausts the
results in the initial cursor. Tailable cursors are conceptually equivalent to the tail Unix command with the -f
option (i.e. with “follow” mode). After clients insert new additional documents into a capped collection, the tailable
cursor will continue to retrieve documents.
Use tailable cursors on capped collections that have high write volumes where indexes aren’t practical. For instance,
MongoDB replication (page 623) uses tailable cursors to tail the primary’s oplog.
Note: If your query is on an indexed field, do not use tailable cursors, but instead, use a regular cursor. Keep track of
the last value of the indexed field returned by the query. To retrieve the newly added documents, query the collection
again using the last value of the indexed field in the query criteria, as in the following example:
db..find( { indexedField: { $gt: } } )

Consider the following behaviors related to tailable cursors:
• Tailable cursors do not use indexes and return documents in natural order.
• Because tailable cursors do not use indexes, the initial scan for the query may be expensive; but, after initially
exhausting the cursor, subsequent retrievals of the newly added documents are inexpensive.
• Tailable cursors may become dead, or invalid, if either:
– the query returns no match.
– the cursor returns the document at the “end” of the collection and then the application deletes that document.
A dead cursor has an id of 0.
See your driver documentation for the driver-specific method to specify the tailable cursor.

172

Chapter 4. MongoDB CRUD Operations

MongoDB Documentation, Release 3.2.5

4.3.12 Create an Auto-Incrementing Sequence Field
On this page
• Synopsis (page 173)
• Considerations (page 173)
• Procedures (page 173)

Synopsis
MongoDB reserves the _id field in the top level of all documents as a primary key. _id must be unique, and always
has an index with a unique constraint (page 568). However, except for the unique constraint you can use any value for
the _id field in your collections. This tutorial describes two methods for creating an incrementing sequence number
for the _id field using the following:
• Use Counters Collection (page 173)
• Optimistic Loop (page 175)
Considerations
Generally in MongoDB, you would not use an auto-increment pattern for the _id field, or any field, because it does
not scale for databases with large numbers of documents. Typically the default value ObjectId is more ideal for the
_id.
Procedures
Use Counters Collection

Counter Collection Implementation Use a separate counters collection to track the last number sequence used.
The _id field contains the sequence name and the seq field contains the last value of the sequence.
1. Insert into the counters collection, the initial value for the userid:
db.counters.insert(
{
_id: "userid",
seq: 0
}
)

2. Create a getNextSequence function that accepts a name of the sequence. The function uses the
findAndModify() method to atomically increment the seq value and return this new value:
function getNextSequence(name) {
var ret = db.counters.findAndModify(
{
query: { _id: name },
update: { $inc: { seq: 1 } },
new: true
}
);

4.3. MongoDB CRUD Tutorials

173

MongoDB Documentation, Release 3.2.5

return ret.seq;
}

3. Use this getNextSequence() function during insert().
db.users.insert(
{
_id: getNextSequence("userid"),
name: "Sarah C."
}
)
db.users.insert(
{
_id: getNextSequence("userid"),
name: "Bob D."
}
)

You can verify the results with find():
db.users.find()

The _id fields contain incrementing sequence values:
{
_id : 1,
name : "Sarah C."
}
{
_id : 2,
name : "Bob D."
}

findAndModify Behavior When findAndModify() includes the upsert: true option and the query
field(s) is not uniquely indexed, the method could insert a document multiple times in certain circumstances. For
instance, if multiple clients each invoke the method with the same query condition and these methods complete the
find phase before any of methods perform the modify phase, these methods could insert the same document.
In the counters collection example, the query field is the _id field, which always has a unique index. Consider
that the findAndModify() includes the upsert: true option, as in the following modified example:
function getNextSequence(name) {
var ret = db.counters.findAndModify(
{
query: { _id: name },
update: { $inc: { seq: 1 } },
new: true,
upsert: true
}
);
return ret.seq;
}

If multiple clients were to invoke the getNextSequence() method with the same name parameter, then the
methods would observe one of the following behaviors:
• Exactly one findAndModify() would successfully insert a new document.
174

Chapter 4. MongoDB CRUD Operations

MongoDB Documentation, Release 3.2.5

• Zero or more findAndModify() methods would update the newly inserted document.
• Zero or more findAndModify() methods would fail when they attempted to insert a duplicate.
If the method fails due to a unique index constraint violation, retry the method. Absent a delete of the document, the
retry should not fail.
Optimistic Loop

In this pattern, an Optimistic Loop calculates the incremented _id value and attempts to insert a document with the
calculated _id value. If the insert is successful, the loop ends. Otherwise, the loop will iterate through possible _id
values until the insert is successful.
1. Create a function named insertDocument that performs the “insert if not present” loop. The function wraps
the insert() method and takes a doc and a targetCollection arguments.
Changed in version 2.6: The db.collection.insert() method now returns a writeresults-insert object
that contains the status of the operation. Previous versions required an extra db.getLastErrorObj()
method call.
function insertDocument(doc, targetCollection) {
while (1) {
var cursor = targetCollection.find( {}, { _id: 1 } ).sort( { _id: -1 } ).limit(1);
var seq = cursor.hasNext() ? cursor.next()._id + 1 : 1;
doc._id = seq;
var results = targetCollection.insert(doc);
if( results.hasWriteError() ) {
if( results.writeError.code == 11000 /* dup key */ )
continue;
else
print( "unexpected error inserting data: " + tojson( results ) );
}
break;
}
}

The while (1) loop performs the following actions:
• Queries the targetCollection for the document with the maximum _id value.
• Determines the next sequence value for _id by:
– adding 1 to the returned _id value if the returned cursor points to a document.
– otherwise: it sets the next sequence value to 1 if the returned cursor points to no document.
• For the doc to insert, set its _id field to the calculated sequence value seq.
• Insert the doc into the targetCollection.
• If the insert operation errors with duplicate key, repeat the loop. Otherwise, if the insert operation encounters some other error or if the operation succeeds, break out of the loop.
2. Use the insertDocument() function to perform an insert:

4.3. MongoDB CRUD Tutorials

175

MongoDB Documentation, Release 3.2.5

var myCollection = db.users2;
insertDocument(
{
name: "Grace H."
},
myCollection
);
insertDocument(
{
name: "Ted R."
},
myCollection
)

You can verify the results with find():
db.users2.find()

The _id fields contain incrementing sequence values:
{
_id: 1,
name: "Grace H."
}
{
_id : 2,
"name" : "Ted R."
}

The while loop may iterate many times in collections with larger insert volumes.

4.3.13 Perform Quorum Reads on Replica Sets
New in version 3.2.
Overview
When reading from the primary of a replica set, it is possible to read data that is stale or not durable, depending
on the read concern used 14 . With a read concern level of "local" (page 182), a client can read data before it is
durable; that is, before they have propagated to enough replica set members to avoid a rollback. A read concern level
of "majority" (page 182) guarantees durable reads but may return stale data that has been overwritten by another
write operation.
This tutorial outlines a procedure that uses db.collection.findAndModify() to read data that is not stale and
cannot be rolled back. To do so, the procedure uses the findAndModify() method with a write concern (page 179)
to modify a dummy field in a document. Specifically, the procedure requires that:
• db.collection.findAndModify() use an exact match query, and a unique index (page 568) must exist
to satisfy the query.
14 In some circumstances (page 729), two nodes in a replica set may transiently believe that they are the primary, but at most, one of them
will be able to complete writes with { w: "majority" } (page 180) write concern. The node that can complete { w: "majority" }
(page 180) writes is the current primary, and the other node is a former primary that has not yet recognized its demotion, typically due to a network
partition. When this occurs, clients that connect to the former primary may observe stale data despite having requested read preference primary
(page 728), and new writes to the former primary will eventually roll back.

176

Chapter 4. MongoDB CRUD Operations

MongoDB Documentation, Release 3.2.5

• findAndModify() must actually modify a document; i.e. result in a change to the document.
• findAndModify() must use the write concern { w:

"majority" } (page 180).

Important: The “quorum read” procedure has a substantial cost over simply using a read concern of "majority"
(page 182) because it incurs write latency rather than read latency. This technique should only be used if staleness is
absolutely intolerable.

Prerequisites
This tutorial reads from a collection named products. Initialize the collection using the following operation.
db.products.insert( [
{
_id: 1,
sku: "xyz123",
description: "hats",
available: [ { quantity: 25, size: "S" }, { quantity: 50, size: "M" } ],
_dummy_field: 0
},
{
_id: 2,
sku: "abc123",
description: "socks",
available: [ { quantity: 10, size: "L" } ],
_dummy_field: 0
},
{
_id: 3,
sku: "ijk123",
description: "t-shirts",
available: [ { quantity: 30, size: "M" }, { quantity: 5, size: "L" } ],
_dummy_field: 0
}
] )

The documents in this collection contain a dummy field named _dummy_field that will be incremented by the db.collection.findAndModify() in the tutorial. If the field does not exist, the
db.collection.findAndModify() operation will add the field to the document. The purpose of the field
is to ensure that the db.collection.findAndModify() results in a modification to the document.
Procedure
Step 1: Create a unique index.

Create a unique index on the fields that will
db.collection.findAndModify() operation.

used

specify

exact

match

the

This tutorial will use an exact match on the sku field. As such, create a unique index on the sku field.
db.products.createIndex( { sku: 1 }, { unique: true } )

4.3. MongoDB CRUD Tutorials

177

MongoDB Documentation, Release 3.2.5

Step 2: Use findAndModify to read committed data.

Use the db.collection.findAndModify() method to make a trivial update to the document you want to read
and return the modified document. A write concern of { w: "majority" } (page 180) is required. To specify
the document to read, you must use an exact match query that is supported by a unique index.
The following findAndModify() operation specifies an exact match on the uniquely indexed field sku and increments the field named _dummy_field in the matching document. While not necessary, the write concern for this
command also includes a wtimeout (page 181) value of 5000 milliseconds to prevent the operation from blocking
forever if the write cannot propagate to a majority of voting members.
var updatedDocument = db.products.findAndModify(
{
query: { sku: "abc123" },
update: { $inc: { _dummy_field: 1 } },
new: true,
writeConcern: { w: "majority", wtimeout: 5000 }
}
);

Even in situations where two nodes in the replica set believe that they are the primary, only one will be able to complete
the write with w: "majority" (page 180). As such, the findAndModify() method with "majority"
(page 180) write concern will be successful only when the client has connected to the true primary to perform the
operation.
Since the quorum read procedure only increments a dummy field in the document, you can safely repeat invocations
of findAndModify(), adjusting the wtimeout (page 181) as necessary.

4.4 MongoDB CRUD Reference
On this page
• Query Cursor Methods (page 178)
• Query and Data Manipulation Collection Methods (page 179)
• MongoDB CRUD Reference Documentation (page 179)

4.4.1 Query Cursor Methods
Name
Description
cursor.count() Modifies the cursor to return the number of documents in the result set rather than the
documents themselves.
cursor.explain()Reports on the query execution plan for a cursor.
cursor.hint() Forces MongoDB to use a specific index for a query.
cursor.limit() Constrains the size of a cursor’s result set.
cursor.next() Returns the next document in a cursor.
cursor.skip() Returns a cursor that begins returning results only after passing or skipping a number of
documents.
cursor.sort() Returns results ordered according to a sort specification.
cursor.toArray()Returns an array that contains all documents returned by the cursor.

178

Chapter 4. MongoDB CRUD Operations

MongoDB Documentation, Release 3.2.5

4.4.2 Query and Data Manipulation Collection Methods
Name
Description
db.collection.count() Wraps count to return a count of the number of documents in a collection or
matching a query.
db.collection.distinct()
Returns an array of documents that have distinct values for the specified field.
db.collection.find() Performs a query on a collection and returns a cursor object.
db.collection.findOne()Performs a query and returns a single document.
db.collection.insert() Creates a new document in a collection.
db.collection.remove() Deletes documents from a collection.
db.collection.save() Provides a wrapper around an insert() and update() to insert new
documents.
db.collection.update() Modifies a document in a collection.

4.4.3 MongoDB CRUD Reference Documentation
Write Concern (page 179) Description of the write operation acknowledgements returned by MongoDB.
Read Concern (page 181) Description of the readConcern option.
SQL to MongoDB Mapping Chart (page 183) An overview of common database operations showing both the MongoDB operations and SQL statements.
The bios Example Collection (page 189) Sample data for experimenting with MongoDB. insert(), update()
and find() pages use the data for some of their examples.
Write Concern

On this page
• Write Concern Specification (page 179)
Write concern describes the level of acknowledgement requested from MongoDB for write operations to a standalone
mongod or to replica sets (page 623) or to sharded clusters (page 733). In sharded clusters, mongos instances will
pass the write concern on to the shards.
Changed in version 3.2: For replica sets using protocolVersion:
enabled:
• w:

1 (page 718) and running with the journal

"majority" (page 180) implies j: true (page 181).

• Secondary members acknowledge replicated write operations after the secondary members have written to their
respective on-disk journals, regardless of the j (page 181) option used for the write on the primary.
Changed in version 2.6: A new protocol for write operations (page 995) integrates write concerns with the write operations and eliminates the need to call the getLastError command. Previous versions required a getLastError
command immediately after a write operation to specify the write concern.
Write Concern Specification

Write concern can include the following fields:
{ w: , j: , wtimeout: }

4.4. MongoDB CRUD Reference

179

MongoDB Documentation, Release 3.2.5

• the w (page 180) option to request acknowledgment that the write operation has propagated to a specified number
of mongod instances or to mongod instances with specified tags.
• the j (page 181) option to request acknowledgement that the write operation has been written to the journal, and
• wtimeout (page 181) option to specify a time limit to prevent write operations from blocking indefinitely.
w Option The w option requests acknowledgement that the write operation has propagated to a specified number of
mongod instances or to mongod instances with specified tags.
Using the w option, the following w:

write concerns are available:

Note: Standalone mongod instances and primaries of replica sets acknowledge write operations after applying the
write in memory, unless j:true (page 181).
Changed in version 3.2: For replica sets using protocolVersion: 1 (page 718), secondaries acknowledge write
operations after the secondary members have written to their respective on-disk journals (page 606), regardless of the
j (page 181) option.
Value

"majority"

180

Description
Requests acknowledgement that the write operation has
propagated to the specified number of mongod instances. For example:
w: 1 Requests acknowledgement that the write operation has propagated to the standalone mongod
or the primary in a replica set. w: 1 is the default write concern for MongoDB.
w: 0 Requests no acknowledgment of the write operation. However, w: 0 may return information
about socket exceptions and networking errors to
the application.
If you specify w: 0 but include j: true
(page 181), the j: true (page 181) prevails to
request acknowledgement from the standalone
mongod or the primary of a replica set.
Numbers greater than 1 are valid only for replica sets
to request acknowledgement from specified number of
members, including the primary.
Changed in version 3.2
Requests acknowledgment that write operations have
propagated to the majority of voting nodes 15 , including the primary, and have been written to the on-disk
journal (page 606) for these nodes.
For replica sets using protocolVersion: 1
(page 718), w: "majority" (page 180) implies j:
true (page 181). So, unlike w: , with w:
"majority" (page 180), the primary also writes to the
on-disk journal before acknowledging the write.
After the write operation returns with a w:
"majority" (page 180) acknowledgement to
the client, the client can read the result of that write
with a "majority" (page 182) readConcern.
Requests acknowledgement that the write operations
have propagated to a replica set member with the specified tag (page 700).

Chapter 4. MongoDB CRUD Operations

MongoDB Documentation, Release 3.2.5

j Option The j (page 181) option requests acknowledgement from MongoDB that the write operation has been
written to the journal (page 606).
Requests acknowledgement that the mongod instances,
as specified in the w: (page 180), have written
to the on-disk journal. j: true does not by itself
guarantee that the write will not be rolled back due to
replica set primary failover.
Changed in version 3.2: With j: true (page 181),
MongoDB returns only after the requested number of
members, including the primary, have written to the
journal. Previously j: true (page 181) write concern in a replica set only requires the primary to write
to the journal, regardless of the w: (page 180)
write concern.
For replica sets using protocolVersion: 1
(page 718), w: "majority" (page 180) implies j:
true (page 181), if journaling is enabled. Journaling is
enabled by default.

Changed in version 2.6: Specifying a write concern that includes j: true to a mongod or mongos running with
--nojournal option produces an error. Previous versions would ignore the j: true.
wtimeout This option specifies a time limit, in milliseconds, for the write concern. wtimeout is only applicable
for w values greater than 1.
wtimeout causes write operations to return with an error after the specified limit, even if the required write concern
will eventually succeed. When these write operations return, MongoDB does not undo successful data modifications
performed before the write concern exceeded the wtimeout time limit.
If you do not specify the wtimeout option and the level of write concern is unachievable, the write operation will
block indefinitely. Specifying a wtimeout value of 0 is equivalent to a write concern without the wtimeout option.
Read Concern

On this page
• Storage Engine and Drivers Support (page 181)
• Read Concern Levels (page 182)
• readConcern Option (page 182)
New in version 3.2.
MongoDB 3.2 introduces the readConcern query option for replica sets and replica set shards. By default, MongoDB uses a read concern of "local" to return the most recent data available to the MongoDB instance at the time
of the query, even if the data has not been persisted to a majority of replica set members and may be rolled back.
Storage Engine and Drivers Support

For the WiredTiger storage engine (page 595), the readConcern option allows clients to choose a level of isolation
for their reads. You can specify a read concern of "majority" to read data that has been written to a majority of
replica set members and thus cannot be rolled back.
With the MMAPv1 storage engine (page 603), you can only specify a readConcern option of "local".
4.4. MongoDB CRUD Reference

181

MongoDB Documentation, Release 3.2.5

Tip
The serverStatus command returns the storageEngine.supportsCommittedReads field which indicates whether the storage engine supports "majority" read concern.
readConcern requires MongoDB drivers updated for 3.2.
Read Concern Levels

By default, MongoDB uses a readConcern of "local" which does not guarantee that the read data would not be
rolled back.
You can specify a readConcern of "majority" to read data that has been written to a majority of replica set
members and thus cannot be rolled back.
level
"local"

"majority"

Description
Default. The query returns the instance’s most recent
copy of data. Provides no guarantee that the data has
been written to a majority of the replica set members.
The query returns the instance’s most recent copy of data
confirmed as written to a majority of members in the
replica set.
To use a read concern level of "majority"
(page 182), you must use the WiredTiger storage engine and start the mongod instances
with
the
--enableMajorityReadConcern
command
line
option
(or
the
replication.enableMajorityReadConcern
setting if using a configuration file).
Only replica sets using protocol version 1
(page 718) support "majority" (page 182) read concern. Replica sets running protocol version 0 do not support "majority" (page 182) read concern.
To ensure that a single thread can read its own
writes, use "majority" (page 182) read concern and
"majority" (page 180) write concern against the primary of the replica set.

Regardless of the read concern level, the most recent data on a node may not reflect the most recent version of the data
in the system.
readConcern Option

Use the readConcern option to specify the read concern level.
readConcern: { level: <"majority"|"local"> }

For the level field, specify either the string "majority" or "local".
The readConcern option is available for the following operations:
• find command
• aggregate command and the db.collection.aggregate() method
• distinct command
182

Chapter 4. MongoDB CRUD Operations

MongoDB Documentation, Release 3.2.5

• count command
• parallelCollectionScan command
• geoNear command
• geoSearch command
To specify the read concern for the mongo shell method db.collection.find(),
cursor.readConcern() method.

use the

SQL to MongoDB Mapping Chart

On this page
•
•
•
•

Terminology and Concepts (page 183)
Executables (page 183)
Examples (page 184)
Additional Resources (page 188)

In addition to the charts that follow, you might want to consider the Frequently Asked Questions (page 831) section for
a selection of common questions about MongoDB.
Terminology and Concepts

The following table presents the various SQL terminology and concepts and the corresponding MongoDB terminology
and concepts.
SQL Terms/Concepts
database
table
row
column
index
table joins
primary key
Specify any unique column or column combination as
primary key.
aggregation (e.g. group by)

MongoDB Terms/Concepts
database
collection
document or BSON document
field
index
embedded documents and linking
primary key
In MongoDB, the primary key is automatically set to
the _id field.
aggregation pipeline
See the SQL to Aggregation Mapping Chart
(page 234).

Executables

The following table presents some database executables and the corresponding MongoDB executables. This table is
not meant to be exhaustive.
Database Server
Database Client

MongoDB
mongod
mongo

MySQL
mysqld
mysql

4.4. MongoDB CRUD Reference

Oracle
oracle
sqlplus

Informix
IDS
DB-Access

DB2
DB2 Server
DB2 Client

183

MongoDB Documentation, Release 3.2.5

Examples

The following table presents the various SQL statements and the corresponding MongoDB statements. The examples
in the table assume the following conditions:
• The SQL examples assume a table named users.
• The MongoDB examples assume a collection named users that contain documents of the following prototype:
{
_id: ObjectId("509a8fb2f3f4948bd2f983a0"),
user_id: "abc123",
age: 55,
status: 'A'
}

Create and Alter The following table presents the various SQL statements related to table-level actions and the
corresponding MongoDB statements.

184

Chapter 4. MongoDB CRUD Operations

MongoDB Documentation, Release 3.2.5

SQL Schema Statements
CREATE TABLE users (
id MEDIUMINT NOT NULL
AUTO_INCREMENT,
user_id Varchar(30),
age Number,
status char(1),
PRIMARY KEY (id)
)

ALTER TABLE users
ADD join_date DATETIME

ALTER TABLE users
DROP COLUMN join_date

MongoDB Schema Statements
Implicitly created on first insert() operation. The
primary key _id is automatically added if _id field is
not specified.
db.users.insert( {
user_id: "abc123",
age: 55,
status: "A"
} )
However, you can also explicitly create a collection:
db.createCollection("users")
Collections do not describe or enforce the structure of
its documents; i.e. there is no structural alteration at the
collection level.
However, at the document level, update() operations
can add fields to existing documents using the $set operator.
db.users.update(
{ },
{ $set: { join_date: new Date() } },
{ multi: true }
)
Collections do not describe or enforce the structure of
its documents; i.e. there is no structural alteration at the
collection level.
However, at the document level, update() operations
can remove fields from documents using the $unset
operator.
db.users.update(
{ },
{ $unset: { join_date: "" } },
{ multi: true }
)

CREATE INDEX idx_user_id_asc
ON users(user_id)

db.users.createIndex( { user_id: 1 } )

CREATE INDEX
idx_user_id_asc_age_desc
ON users(user_id, age DESC)

db.users.createIndex( { user_id: 1, age: -1 } )

DROP TABLE users

db.users.drop()

For
more
information,
see
db.collection.insert(),
db.createCollection(),
db.collection.update(), $set, $unset, db.collection.createIndex(), indexes (page 515),
db.collection.drop(), and Data Modeling Concepts (page 252).
Insert The following table presents the various SQL statements related to inserting records into tables and the corresponding MongoDB statements.

4.4. MongoDB CRUD Reference

185

MongoDB Documentation, Release 3.2.5

SQL INSERT Statements

MongoDB insert() Statements

INSERT INTO users(user_id,
age,
status)
VALUES ("bcd001",
45,
"A")

db.users.insert(
{ user_id: "bcd001", age: 45, status: "A" }
)

For more information, see db.collection.insert().
Select The following table presents the various SQL statements related to reading records from tables and the corresponding MongoDB statements.
Note: The find() method always includes the _id field in the returned documents unless specifically excluded
through projection (page 153). Some of the SQL queries below may include an _id field to reflect this, even if the
field is not included in the corresponding find() query.

186

Chapter 4. MongoDB CRUD Operations

MongoDB Documentation, Release 3.2.5

SQL SELECT Statements

MongoDB find() Statements

SELECT *
FROM users

db.users.find()

SELECT id,
user_id,
status
FROM users

db.users.find(
{ },
{ user_id: 1, status: 1 }
)

SELECT user_id, status
FROM users

db.users.find(
{ },
{ user_id: 1, status: 1, _id: 0 }
)

SELECT *
FROM users
WHERE status = "A"

db.users.find(
{ status: "A" }
)

SELECT user_id, status
FROM users
WHERE status = "A"

db.users.find(
{ status: "A" },
{ user_id: 1, status: 1, _id: 0 }
)

SELECT *
FROM users
WHERE status != "A"

db.users.find(
{ status: { $ne: "A" } }
)

SELECT *
FROM users
WHERE status = "A"
AND age = 50

db.users.find(
{ status: "A",
age: 50 }
)

SELECT *
FROM users
WHERE status = "A"
OR age = 50

db.users.find(
{ $or: [ { status: "A" } ,
{ age: 50 } ] }
)

SELECT *
FROM users
WHERE age > 25

db.users.find(
{ age: { $gt: 25 } }
)

SELECT *
FROM users
WHERE age < 25

db.users.find(
{ age: { $lt: 25 } }
)

SELECT *
FROM users
WHERE age > 25
AND
age <= 50

db.users.find(
{ age: { $gt: 25, $lte: 50 } }
)

4.4.
MongoDB CRUD Reference
SELECT
*
FROM users
WHERE user_id like "%bc%"

db.users.find( { user_id: /bc/ } ) 187

MongoDB Documentation, Release 3.2.5

For
more
information,
see
db.collection.find(),
db.collection.distinct(),
db.collection.findOne(), $ne $and, $or, $gt, $lt, $exists, $lte, $regex, limit(), skip(),
explain(), sort(), and count().
Update Records The following table presents the various SQL statements related to updating existing records in
tables and the corresponding MongoDB statements.
SQL Update Statements

MongoDB update() Statements

UPDATE users
SET status = "C"
WHERE age > 25

db.users.update(
{ age: { $gt: 25 } },
{ $set: { status: "C" } },
{ multi: true }
)

UPDATE users
SET age = age + 3
WHERE status = "A"

db.users.update(
{ status: "A" } ,
{ $inc: { age: 3 } },
{ multi: true }
)

For more information, see db.collection.update(), $set, $inc, and $gt.
Delete Records The following table presents the various SQL statements related to deleting records from tables and
the corresponding MongoDB statements.
SQL Delete Statements

MongoDB remove() Statements

DELETE FROM users
WHERE status = "D"

db.users.remove( { status: "D" } )

DELETE FROM users

db.users.remove({})

For more information, see db.collection.remove().
Additional Resources

• Transitioning from SQL to MongoDB (Presentation)16
• Best Practices for Migrating from RDBMS to MongoDB (Webinar)17
• SQL vs. MongoDB Day 1-218
• SQL vs. MongoDB Day 3-519
• MongoDB vs. SQL Day 1420
• MongoDB and MySQL Compared21
16 http://www.mongodb.com/presentations/webinar-transitioning-sql-mongodb?jmp=docs
17 http://www.mongodb.com/webinar/best-practices-migration?jmp=docs
18 http://www.mongodb.com/blog/post/mongodb-vs-sql-day-1-2?jmp=docs
19 http://www.mongodb.com/blog/post/mongodb-vs-sql-day-3-5?jmp=docs
20 http://www.mongodb.com/blog/post/mongodb-vs-sql-day-14?jmp=docs
21 http://www.mongodb.com/mongodb-and-mysql-compared?jmp=docs

188

Chapter 4. MongoDB CRUD Operations

MongoDB Documentation, Release 3.2.5

• Quick Reference Cards22
• MongoDB Database Modernization Consulting Package23
The bios Example Collection
The bios collection provides example data for experimenting with MongoDB. Many of this guide’s examples on
insert, update and read operations create or query data from the bios collection.
The following documents comprise the bios collection. In the examples, the data might be different, as the examples
themselves make changes to the data.
{
"_id" : 1,
"name" : {
"first" : "John",
"last" : "Backus"
},
"birth" : ISODate("1924-12-03T05:00:00Z"),
"death" : ISODate("2007-03-17T04:00:00Z"),
"contribs" : [
"Fortran",
"ALGOL",
"Backus-Naur Form",
"FP"
],
"awards" : [
{
"award" : "W.W. McDowell Award",
"year" : 1967,
"by" : "IEEE Computer Society"
},
{
"award" : "National Medal of Science",
"year" : 1975,
"by" : "National Science Foundation"
},
{
"award" : "Turing Award",
"year" : 1977,
"by" : "ACM"
},
{
"award" : "Draper Prize",
"year" : 1993,
"by" : "National Academy of Engineering"
}
]
}
{
"_id" : ObjectId("51df07b094c6acd67e492f41"),
"name" : {
"first" : "John",
"last" : "McCarthy"
},
22 https://www.mongodb.com/lp/misc/quick-reference-cards?jmp=docs
23 https://www.mongodb.com/products/consulting?jmp=docs#database_modernization

4.4. MongoDB CRUD Reference

189

MongoDB Documentation, Release 3.2.5

"birth" : ISODate("1927-09-04T04:00:00Z"),
"death" : ISODate("2011-12-24T05:00:00Z"),
"contribs" : [
"Lisp",
"Artificial Intelligence",
"ALGOL"
],
"awards" : [
{
"award" : "Turing Award",
"year" : 1971,
"by" : "ACM"
},
{
"award" : "Kyoto Prize",
"year" : 1988,
"by" : "Inamori Foundation"
},
{
"award" : "National Medal of Science",
"year" : 1990,
"by" : "National Science Foundation"
}
]
}
{
"_id" : 3,
"name" : {
"first" : "Grace",
"last" : "Hopper"
},
"title" : "Rear Admiral",
"birth" : ISODate("1906-12-09T05:00:00Z"),
"death" : ISODate("1992-01-01T05:00:00Z"),
"contribs" : [
"UNIVAC",
"compiler",
"FLOW-MATIC",
"COBOL"
],
"awards" : [
{
"award" : "Computer Sciences Man of the Year",
"year" : 1969,
"by" : "Data Processing Management Association"
},
{
"award" : "Distinguished Fellow",
"year" : 1973,
"by" : " British Computer Society"
},
{
"award" : "W. W. McDowell Award",
"year" : 1976,
"by" : "IEEE Computer Society"
},
{

190

Chapter 4. MongoDB CRUD Operations

MongoDB Documentation, Release 3.2.5

"award" : "National Medal of Technology",
"year" : 1991,
"by" : "United States"
}
]
}
{
"_id" : 4,
"name" : {
"first" : "Kristen",
"last" : "Nygaard"
},
"birth" : ISODate("1926-08-27T04:00:00Z"),
"death" : ISODate("2002-08-10T04:00:00Z"),
"contribs" : [
"OOP",
"Simula"
],
"awards" : [
{
"award" : "Rosing Prize",
"year" : 1999,
"by" : "Norwegian Data Association"
},
{
"award" : "Turing Award",
"year" : 2001,
"by" : "ACM"
},
{
"award" : "IEEE John von Neumann Medal",
"year" : 2001,
"by" : "IEEE"
}
]
}
{
"_id" : 5,
"name" : {
"first" : "Ole-Johan",
"last" : "Dahl"
},
"birth" : ISODate("1931-10-12T04:00:00Z"),
"death" : ISODate("2002-06-29T04:00:00Z"),
"contribs" : [
"OOP",
"Simula"
],
"awards" : [
{
"award" : "Rosing Prize",
"year" : 1999,
"by" : "Norwegian Data Association"
},
{
"award" : "Turing Award",

4.4. MongoDB CRUD Reference

191

MongoDB Documentation, Release 3.2.5

"year" : 2001,
"by" : "ACM"
},
{
"award" : "IEEE John von Neumann Medal",
"year" : 2001,
"by" : "IEEE"
}
]
}
{
"_id" : 6,
"name" : {
"first" : "Guido",
"last" : "van Rossum"
},
"birth" : ISODate("1956-01-31T05:00:00Z"),
"contribs" : [
"Python"
],
"awards" : [
{
"award" : "Award for the Advancement of Free Software",
"year" : 2001,
"by" : "Free Software Foundation"
},
{
"award" : "NLUUG Award",
"year" : 2003,
"by" : "NLUUG"
}
]
}
{
"_id" : ObjectId("51e062189c6ae665454e301d"),
"name" : {
"first" : "Dennis",
"last" : "Ritchie"
},
"birth" : ISODate("1941-09-09T04:00:00Z"),
"death" : ISODate("2011-10-12T04:00:00Z"),
"contribs" : [
"UNIX",
"C"
],
"awards" : [
{
"award" : "Turing Award",
"year" : 1983,
"by" : "ACM"
},
{
"award" : "National Medal of Technology",
"year" : 1998,
"by" : "United States"
},

192

Chapter 4. MongoDB CRUD Operations

MongoDB Documentation, Release 3.2.5

{
"award" : "Japan Prize",
"year" : 2011,
"by" : "The Japan Prize Foundation"
}
]
}
{
"_id" : 8,
"name" : {
"first" : "Yukihiro",
"aka" : "Matz",
"last" : "Matsumoto"
},
"birth" : ISODate("1965-04-14T04:00:00Z"),
"contribs" : [
"Ruby"
],
"awards" : [
{
"award" : "Award for the Advancement of Free Software",
"year" : "2011",
"by" : "Free Software Foundation"
}
]
}
{
"_id" : 9,
"name" : {
"first" : "James",
"last" : "Gosling"
},
"birth" : ISODate("1955-05-19T04:00:00Z"),
"contribs" : [
"Java"
],
"awards" : [
{
"award" : "The Economist Innovation Award",
"year" : 2002,
"by" : "The Economist"
},
{
"award" : "Officer of the Order of Canada",
"year" : 2007,
"by" : "Canada"
}
]
}
{
"_id" : 10,
"name" : {
"first" : "Martin",
"last" : "Odersky"
},

4.4. MongoDB CRUD Reference

193

MongoDB Documentation, Release 3.2.5

"contribs" : [
"Scala"
]
}

194

Chapter 4. MongoDB CRUD Operations

CHAPTER 5

Aggregation

On this page
•
•
•
•
•

Aggregation Pipeline (page 195)
Map-Reduce (page 197)
Single Purpose Aggregation Operations (page 198)
Additional Features and Behaviors (page 198)
Additional Resources (page 237)

Aggregations operations process data records and return computed results. Aggregation operations group values from
multiple documents together, and can perform a variety of operations on the grouped data to return a single result.
MongoDB provides three ways to perform aggregation: the aggregation pipeline (page 195), the map-reduce function
(page 197), and single purpose aggregation methods (page 198).

5.1 Aggregation Pipeline
MongoDB’s aggregation framework (page 199) is modeled on the concept of data processing pipelines. Documents
enter a multi-stage pipeline that transforms the documents into an aggregated result.
The most basic pipeline stages provide filters that operate like queries and document transformations that modify the
form of the output document.
Other pipeline operations provide tools for grouping and sorting documents by specific field or fields as well as tools
for aggregating the contents of arrays, including arrays of documents. In addition, pipeline stages can use operators
for tasks such as calculating the average or concatenating a string.
The pipeline provides efficient data aggregation using native operations within MongoDB, and is the preferred method
for data aggregation in MongoDB.
The aggregation pipeline can operate on a sharded collection (page 733).
The aggregation pipeline can use indexes to improve its performance during some of its stages. In addition, the aggregation pipeline has an internal optimization phase. See Pipeline Operators and Indexes (page 200) and Aggregation
Pipeline Optimization (page 201) for details.

195

MongoDB Documentation, Release 3.2.5

196

Chapter 5. Aggregation

MongoDB Documentation, Release 3.2.5

5.2 Map-Reduce
MongoDB also provides map-reduce (page 214) operations to perform aggregation. In general, map-reduce operations
have two phases: a map stage that processes each document and emits one or more objects for each input document,
and reduce phase that combines the output of the map operation. Optionally, map-reduce can have a finalize stage to
make final modifications to the result. Like other aggregation operations, map-reduce can specify a query condition to
select the input documents as well as sort and limit the results.
Map-reduce uses custom JavaScript functions to perform the map and reduce operations, as well as the optional finalize
operation. While the custom JavaScript provide great flexibility compared to the aggregation pipeline, in general, mapreduce is less efficient and more complex than the aggregation pipeline.
Map-reduce can operate on a sharded collection (page 733). Map reduce operations can also output to a sharded
collection. See Aggregation Pipeline and Sharded Collections (page 205) and Map-Reduce and Sharded Collections
(page 215) for details.
Note: Starting in MongoDB 2.4, certain mongo shell functions and properties are inaccessible in map-reduce operations. MongoDB 2.4 also provides support for multiple JavaScript operations to run at the same time. Before
MongoDB 2.4, JavaScript code executed in a single thread, raising concurrency issues for map-reduce.

5.2. Map-Reduce

197

MongoDB Documentation, Release 3.2.5

5.3 Single Purpose Aggregation Operations
MongoDB
also
provides
db.collection.count(),
db.collection.distinct(). special purpose database commands.

db.collection.group(),

All of these operations aggregate documents from a single collection. While these operations provide simple access to
common aggregation processes, they lack the flexibility and capabilities of the aggregation pipeline and map-reduce.

5.4 Additional Features and Behaviors
For a feature comparison of the aggregation pipeline, map-reduce, and the special group functionality, see Aggregation
Commands Comparison (page 232).

198

Chapter 5. Aggregation

MongoDB Documentation, Release 3.2.5

5.4.1 Aggregation Pipeline
On this page
•
•
•
•

Pipeline (page 199)
Pipeline Expressions (page 200)
Aggregation Pipeline Behavior (page 200)
Additional Resources (page 213)

The aggregation pipeline is a framework for data aggregation modeled on the concept of data processing pipelines.
Documents enter a multi-stage pipeline that transforms the documents into aggregated results.

The aggregation pipeline provides an alternative to map-reduce and may be the preferred solution for aggregation tasks
where the complexity of map-reduce may be unwarranted.
Aggregation pipeline have some limitations on value types and result size. See Aggregation Pipeline Limits (page 205)
for details on limits and restrictions on the aggregation pipeline.
Pipeline
The MongoDB aggregation pipeline consists of stages. Each stage transforms the documents as they pass through the
pipeline. Pipeline stages do not need to produce one output document for every input document; e.g., some stages may
generate new documents or filter out documents. Pipeline stages can appear multiple times in the pipeline.

5.4. Additional Features and Behaviors

199

MongoDB Documentation, Release 3.2.5

MongoDB provides the db.collection.aggregate() method in the mongo shell and the aggregate command for aggregation pipeline. See aggregation-pipeline-operator-reference for the available stages.
For example usage of the aggregation pipeline, consider Aggregation with User Preference Data (page 209) and
Aggregation with the Zip Code Data Set (page 206).
Pipeline Expressions
Some pipeline stages takes a pipeline expression as its operand. Pipeline expressions specify the transformation to
apply to the input documents. Expressions have a document (page 8) structure and can contain other expression
(page 226).
Pipeline expressions can only operate on the current document in the pipeline and cannot refer to data from other
documents: expression operations provide in-memory transformation of documents.
Generally, expressions are stateless and are only evaluated when seen by the aggregation process with one exception:
accumulator expressions.
The accumulators, used in the $group stage, maintain their state (e.g. totals, maximums, minimums, and related
data) as documents progress through the pipeline.
Changed in version 3.2: Some accumulators are available in the $project stage; however, when used in the
$project stage, the accumulators do not maintain their state across documents.
For more information on expressions, see Expressions (page 226).
Aggregation Pipeline Behavior
In MongoDB, the aggregate command operates on a single collection, logically passing the entire collection into
the aggregation pipeline. To optimize the operation, wherever possible, use the following strategies to avoid scanning
the entire collection.
Pipeline Operators and Indexes

The $match and $sort pipeline operators can take advantage of an index when they occur at the beginning of the
pipeline.
New in version 2.4: The $geoNear pipeline operator takes advantage of a geospatial index. When using $geoNear,
the $geoNear pipeline operation must appear as the first stage in an aggregation pipeline.
Changed in version 3.2: Starting in MongoDB 3.2, indexes can cover (page 106) an aggregation pipeline. In MongoDB
2.6 and 3.0, indexes could not cover an aggregation pipeline since even when the pipeline uses an index, aggregation
still requires access to the actual documents.
Early Filtering

If your aggregation operation requires only a subset of the data in a collection, use the $match, $limit, and $skip
stages to restrict the documents that enter at the beginning of the pipeline. When placed at the beginning of a pipeline,
$match operations use suitable indexes to scan only the matching documents in a collection.
Placing a $match pipeline stage followed by a $sort stage at the start of the pipeline is logically equivalent to a
single query with a sort and can use an index. When possible, place $match operators at the beginning of the pipeline.

200

Chapter 5. Aggregation

MongoDB Documentation, Release 3.2.5

Additional Features

The aggregation pipeline has an internal optimization phase that provides improved performance for certain sequences
of operators. For details, see Aggregation Pipeline Optimization (page 201).
The aggregation pipeline supports operations on sharded collections. See Aggregation Pipeline and Sharded Collections (page 205).

On this page
Aggregation Pipeline Optimization

•
•
•
•

Projection Optimization (page 201)
Pipeline Sequence Optimization (page 201)
Pipeline Coalescence Optimization (page 202)
Examples (page 204)

Aggregation pipeline operations have an optimization phase which attempts to reshape the pipeline for improved
performance.
To see how the optimizer transforms a particular aggregation pipeline, include the explain option in the
db.collection.aggregate() method.
Optimizations are subject to change between releases.
Projection Optimization The aggregation pipeline can determine if it requires only a subset of the fields in the
documents to obtain the results. If so, the pipeline will only use those required fields, reducing the amount of data
passing through the pipeline.
Pipeline Sequence Optimization
$sort + $match Sequence Optimization When you have a sequence with $sort followed by a $match, the
$match moves before the $sort to minimize the number of objects to sort. For example, if the pipeline consists of
the following stages:
{ $sort: { age : -1 } },
{ $match: { status: 'A' } }

During the optimization phase, the optimizer transforms the sequence to the following:
{ $match: { status: 'A' } },
{ $sort: { age : -1 } }

$skip + $limit Sequence Optimization When you have a sequence with $skip followed by a $limit, the
$limit moves before the $skip. With the reordering, the $limit value increases by the $skip amount.
For example, if the pipeline consists of the following stages:
{ $skip: 10 },
{ $limit: 5 }

During the optimization phase, the optimizer transforms the sequence to the following:
{ $limit: 15 },
{ $skip: 10 }

5.4. Additional Features and Behaviors

201

MongoDB Documentation, Release 3.2.5

This optimization allows for more opportunities for $sort + $limit Coalescence (page 202), such as with $sort +
$skip + $limit sequences. See $sort + $limit Coalescence (page 202) for details on the coalescence and $sort +
$skip + $limit Sequence (page 204) for an example.
For aggregation operations on sharded collections (page 205), this optimization reduces the results returned from each
shard.
$redact + $match Sequence Optimization When possible, when the pipeline has the $redact stage immediately followed by the $match stage, the aggregation can sometimes add a portion of the $match stage before the
$redact stage. If the added $match stage is at the start of a pipeline, the aggregation can use an index as well
as query the collection to limit the number of documents that enter the pipeline. See Pipeline Operators and Indexes
(page 200) for more information.
For example, if the pipeline consists of the following stages:
{ $redact: { $cond: { if: { $eq: [ "$level", 5 ] }, then: "$$PRUNE", else: "$$DESCEND" } } },
{ $match: { year: 2014, category: { $ne: "Z" } } }

The optimizer can add the same $match stage before the $redact stage:
{ $match: { year: 2014 } },
{ $redact: { $cond: { if: { $eq: [ "$level", 5 ] }, then: "$$PRUNE", else: "$$DESCEND" } } },
{ $match: { year: 2014, category: { $ne: "Z" } } }

$project + $skip or $limit Sequence Optimization New in version 3.2.
When you have a sequence with $project followed by either $skip or $limit, the $skip or $limit moves
before $project. For example, if the pipeline consists of the following stages:
{ $sort: { age : -1 } },
{ $project: { status: 1, name: 1 } },
{ $limit: 5 }

During the optimization phase, the optimizer transforms the sequence to the following:
{ $sort: { age : -1 } },
{ $limit: 5 }
{ $project: { status: 1, name: 1 } },

This optimization allows for more opportunities for $sort + $limit Coalescence (page 202), such as with $sort +
$limit sequences. See $sort + $limit Coalescence (page 202) for details on the coalescence.
Pipeline Coalescence Optimization When possible, the optimization phase coalesces a pipeline stage into its predecessor. Generally, coalescence occurs after any sequence reordering optimization.
$sort + $limit Coalescence When a $sort immediately precedes a $limit, the optimizer can coalesce the
$limit into the $sort. This allows the sort operation to only maintain the top n results as it progresses, where
n is the specified limit, and MongoDB only needs to store n items in memory 1 . See sort-and-memory for more
information.
1

The optimization will still apply when allowDiskUse is true and the n items exceed the aggregation memory limit (page 205).

202

Chapter 5. Aggregation

MongoDB Documentation, Release 3.2.5

$limit + $limit Coalescence When a $limit immediately follows another $limit, the two stages can
coalesce into a single $limit where the limit amount is the smaller of the two initial limit amounts. For example, a
pipeline contains the following sequence:
{ $limit: 100 },
{ $limit: 10 }

Then the second $limit stage can coalesce into the first $limit stage and result in a single $limit stage where
the limit amount 10 is the minimum of the two initial limits 100 and 10.
{ $limit: 10 }

$skip + $skip Coalescence When a $skip immediately follows another $skip, the two stages can coalesce
into a single $skip where the skip amount is the sum of the two initial skip amounts. For example, a pipeline contains
the following sequence:
{ $skip: 5 },
{ $skip: 2 }

Then the second $skip stage can coalesce into the first $skip stage and result in a single $skip stage where the
skip amount 7 is the sum of the two initial limits 5 and 2.
{ $skip: 7 }

$match + $match Coalescence When a $match immediately follows another $match, the two stages can
coalesce into a single $match combining the conditions with an $and. For example, a pipeline contains the following
sequence:
{ $match: { year: 2014 } },
{ $match: { status: "A" } }

Then the second $match stage can coalesce into the first $match stage and result in a single $match stage
{ $match: { $and: [ { "year" : 2014 }, { "status" : "A" } ] } }

$lookup + $unwind Coalescence New in version 3.2.
When a $unwind immediately follows another $lookup, and the $unwind operates on the as field of the
$lookup, the optimizer can coalesce the $unwind into the $lookup stage. This avoids creating large intermediate
documents.
For example, a pipeline contains the following sequence:
{
$lookup: {
from: "otherCollection",
as: "resultingArray",
localField: "x",
foreignField: "y"
}
},
{ $unwind: "$resultingArray"}

The optimizer can coalesce the $unwind stage into the $lookup stage. If you run the aggregation with explain
option, the explain output shows the coalesced stage:

5.4. Additional Features and Behaviors

203

MongoDB Documentation, Release 3.2.5

{
$lookup: {
from: "otherCollection",
as: "resultingArray",
localField: "x",
foreignField: "y",
unwinding: { preserveNullAndEmptyArrays: false }
}
}

Examples The following examples are some sequences that can take advantage of both sequence reordering and
coalescence. Generally, coalescence occurs after any sequence reordering optimization.
$sort + $skip + $limit Sequence A pipeline contains a sequence of $sort followed by a $skip followed
by a $limit:
{ $sort: { age : -1 } },
{ $skip: 10 },
{ $limit: 5 }

First, the optimizer performs the $skip + $limit Sequence Optimization (page 201) to transforms the sequence to the
following:
{ $sort: { age : -1 } },
{ $limit: 15 }
{ $skip: 10 }

The $skip + $limit Sequence Optimization (page 201) increases the $limit amount with the reordering. See $skip +
$limit Sequence Optimization (page 201) for details.
The reordered sequence now has $sort immediately preceding the $limit, and the pipeline can coalesce the two
stages to decrease memory usage during the sort operation. See $sort + $limit Coalescence (page 202) for more
information.
$limit + $skip + $limit + $skip Sequence A pipeline contains a sequence of alternating $limit and
$skip stages:
{
{
{
{

$limit: 100 },
$skip: 5 },
$limit: 10 },
$skip: 2 }

The $skip + $limit Sequence Optimization (page 201) reverses the position of the { $skip:
10 } stages and increases the limit amount:
{
{
{
{

5 } and { $limit:

$limit: 100 },
$limit: 15},
$skip: 5 },
$skip: 2 }

The optimizer then coalesces the two $limit stages into a single $limit stage and the two $skip stages into a
single $skip stage. The resulting sequence is the following:
{ $limit: 15 },
{ $skip: 7 }

204

Chapter 5. Aggregation

MongoDB Documentation, Release 3.2.5

See $limit + $limit Coalescence (page 203) and $skip + $skip Coalescence (page 203) for details.
See also:
explain option in the db.collection.aggregate()

On this page
Aggregation Pipeline Limits

• Result Size Restrictions (page 205)
• Memory Restrictions (page 205)

Aggregation operations with the aggregate command have the following limitations.
Result Size Restrictions Changed in version 2.6.
Starting in MongoDB 2.6, the aggregate command can return a cursor or store the results in a collection. When returning a cursor or storing the results in a collection, each document in the result set is subject to the BSON Document
Size limit, currently 16 megabytes; if any single document that exceeds the BSON Document Size limit, the
command will produce an error. The limit only applies to the returned documents; during the pipeline processing, the
documents may exceed this size. The db.collection.aggregate() method returns a cursor by default starting
in MongoDB 2.6
If you do not specify the cursor option or store the results in a collection, the aggregate command returns a single
BSON document that contains a field with the result set. As such, the command will produce an error if the total size
of the result set exceeds the BSON Document Size limit.
Earlier versions of the aggregate command can only return a single BSON document that contains the result set
and will produce an error if the if the total size of the result set exceeds the BSON Document Size limit.
Memory Restrictions Changed in version 2.6.
Pipeline stages have a limit of 100 megabytes of RAM. If a stage exceeds this limit, MongoDB will produce an error.
To allow for the handling of large datasets, use the allowDiskUse option to enable aggregation pipeline stages to
write data to temporary files.
See also:
sort-memory-limit and group-memory-limit.

On this page
Aggregation Pipeline and Sharded Collections

• Behavior (page 205)
• Optimization (page 206)

The aggregation pipeline supports operations on sharded collections. This section describes behaviors specific to the
aggregation pipeline (page 199) and sharded collections.
Behavior Changed in version 3.2.
If the pipeline starts with an exact $match on a shard key, the entire pipeline runs on the matching shard only.
Previously, the pipeline would have been split, and the work of merging it would have to be done on the primary shard.
For aggregation operations that must run on multiple shards, if the operations do not require running on the database’s
primary shard, these operations will route the results to a random shard to merge the results to avoid overloading the
5.4. Additional Features and Behaviors

205

MongoDB Documentation, Release 3.2.5

primary shard for that database. The $out stage and the $lookup stage require running on the database’s primary
shard.
Optimization When splitting the aggregation pipeline into two parts, the pipeline is split to ensure that the shards
perform as many stages as possible with consideration for optimization.
To see how the pipeline was split, include the explain option in the db.collection.aggregate() method.
Optimizations are subject to change between releases.

On this page
Aggregation with the Zip Code Data Set

•
•
•
•
•

Data Model (page 206)
aggregate() Method (page 206)
Return States with Populations above 10 Million (page 207)
Return Average City Population by State (page 207)
Return Largest and Smallest Cities by State (page 208)

The examples in this document use the zipcodes collection.
This collection is available at:
dia.mongodb.org/zips.json2 . Use mongoimport to load this data set into your mongod instance.

me-

Data Model Each document in the zipcodes collection has the following form:
{
"_id": "10280",
"city": "NEW YORK",
"state": "NY",
"pop": 5574,
"loc": [
-74.016323,
40.710537
]
}

• The _id field holds the zip code as a string.
• The city field holds the city name. A city can have more than one zip code associated with it as different
sections of the city can each have a different zip code.
• The state field holds the two letter state abbreviation.
• The pop field holds the population.
• The loc field holds the location as a latitude longitude pair.
aggregate() Method All of the following examples use the aggregate() helper in the mongo shell.
The aggregate() method uses the aggregation pipeline (page 199) to processes documents into aggregated results.
An aggregation pipeline (page 199) consists of stages with each stage processing the documents as they pass along
the pipeline. Documents pass through the stages in sequence.
The aggregate() method in the mongo shell provides a wrapper around the aggregate database command. See
the documentation for your driver for a more idiomatic interface for data aggregation operations.
2 http://media.mongodb.org/zips.json

206

Chapter 5. Aggregation

MongoDB Documentation, Release 3.2.5

Return States with Populations above 10 Million The following aggregation operation returns all states with total
population greater than 10 million:
db.zipcodes.aggregate( [
{ $group: { _id: "$state", totalPop: { $sum: "$pop" } } },
{ $match: { totalPop: { $gte: 10*1000*1000 } } }
] )

In this example, the aggregation pipeline (page 199) consists of the $group stage followed by the $match stage:
• The $group stage groups the documents of the zipcode collection by the state field, calculates the
totalPop field for each state, and outputs a document for each unique state.
The new per-state documents have two fields: the _id field and the totalPop field. The _id field contains
the value of the state; i.e. the group by field. The totalPop field is a calculated field that contains the total
population of each state. To calculate the value, $group uses the $sum operator to add the population field
(pop) for each state.
After the $group stage, the documents in the pipeline resemble the following:
{
"_id" : "AK",
"totalPop" : 550043
}

• The $match stage filters these grouped documents to output only those documents whose totalPop value is
greater than or equal to 10 million. The $match stage does not alter the matching documents but outputs the
matching documents unmodified.
The equivalent SQL for this aggregation operation is:
SELECT state, SUM(pop) AS totalPop
FROM zipcodes
GROUP BY state
HAVING totalPop >= (10*1000*1000)

See also:
$group, $match, $sum
Return Average City Population by State
cities in each state:

The following aggregation operation returns the average populations for

db.zipcodes.aggregate( [
{ $group: { _id: { state: "$state", city: "$city" }, pop: { $sum: "$pop" } } },
{ $group: { _id: "$_id.state", avgCityPop: { $avg: "$pop" } } }
] )

In this example, the aggregation pipeline (page 199) consists of the $group stage followed by another $group
stage:
• The first $group stage groups the documents by the combination of city and state, uses the $sum expression to calculate the population for each combination, and outputs a document for each city and state
combination. 3
After this stage in the pipeline, the documents resemble the following:
3

A city can have more than one zip code associated with it as different sections of the city can each have a different zip code.

5.4. Additional Features and Behaviors

207

MongoDB Documentation, Release 3.2.5

{
"_id" : {
"state" : "CO",
"city" : "EDGEWATER"
},
"pop" : 13154
}

• A second $group stage groups the documents in the pipeline by the _id.state field (i.e. the state field
inside the _id document), uses the $avg expression to calculate the average city population (avgCityPop)
for each state, and outputs a document for each state.
The documents that result from this aggregation operation resembles the following:
{
"_id" : "MN",
"avgCityPop" : 5335
}

See also:
$group, $sum, $avg
Return Largest and Smallest Cities by State The following aggregation operation returns the smallest and largest
cities by population for each state:
db.zipcodes.aggregate( [
{ $group:
{
_id: { state: "$state", city: "$city" },
pop: { $sum: "$pop" }
}
},
{ $sort: { pop: 1 } },
{ $group:
{
_id : "$_id.state",
biggestCity: { $last: "$_id.city" },
biggestPop:
{ $last: "$pop" },
smallestCity: { $first: "$_id.city" },
smallestPop: { $first: "$pop" }
}
},
// the following $project is optional, and
// modifies the output format.
{ $project:
{ _id: 0,
state: "$_id",
biggestCity: { name: "$biggestCity", pop: "$biggestPop" },
smallestCity: { name: "$smallestCity", pop: "$smallestPop" }
}
}
] )

In this example, the aggregation pipeline (page 199) consists of a $group stage, a $sort stage, another $group
stage, and a $project stage:

208

Chapter 5. Aggregation

MongoDB Documentation, Release 3.2.5

• The first $group stage groups the documents by the combination of the city and state, calculates the sum
of the pop values for each combination, and outputs a document for each city and state combination.
At this stage in the pipeline, the documents resemble the following:
{
"_id" : {
"state" : "CO",
"city" : "EDGEWATER"
},
"pop" : 13154
}

• The $sort stage orders the documents in the pipeline by the pop field value, from smallest to largest; i.e. by
increasing order. This operation does not alter the documents.
• The next $group stage groups the now-sorted documents by the _id.state field (i.e. the state field inside
the _id document) and outputs a document for each state.
The stage also calculates the following four fields for each state. Using the $last expression, the $group
operator creates the biggestCity and biggestPop fields that store the city with the largest population
and that population. Using the $first expression, the $group operator creates the smallestCity and
smallestPop fields that store the city with the smallest population and that population.
The documents, at this stage in the pipeline, resemble the following:
{
"_id" : "WA",
"biggestCity" : "SEATTLE",
"biggestPop" : 520096,
"smallestCity" : "BENGE",
"smallestPop" : 2
}

• The final $project stage renames the _id field to state and moves the biggestCity, biggestPop,
smallestCity, and smallestPop into biggestCity and smallestCity embedded documents.
The output documents of this aggregation operation resemble the following:
{
"state" : "RI",
"biggestCity" : {
"name" : "CRANSTON",
"pop" : 176404
},
"smallestCity" : {
"name" : "CLAYVILLE",
"pop" : 45
}
}

On this page
Aggregation with User Preference Data

5.4. Additional Features and Behaviors

•
•
•
•
•

Data Model (page 210)
Normalize and Sort Documents (page 210)
Return Usernames Ordered by Join Month (page 210)
Return Total Number of Joins per Month (page 211)
Return the Five Most Common “Likes” (page 212)

209

MongoDB Documentation, Release 3.2.5

Data Model Consider a hypothetical sports club with a database that contains a users collection that tracks the
user’s join dates, sport preferences, and stores these data in documents that resemble the following:
{
_id : "jane",
joined : ISODate("2011-03-02"),
likes : ["golf", "racquetball"]
}
{
_id : "joe",
joined : ISODate("2012-07-02"),
likes : ["tennis", "golf", "swimming"]
}

Normalize and Sort Documents The following operation returns user names in upper case and in alphabetical order.
The aggregation includes user names for all documents in the users collection. You might do this to normalize user
names for processing.
db.users.aggregate(
[
{ $project : { name:{$toUpper:"$_id"} , _id:0 } },
{ $sort : { name : 1 } }
]
)

All documents from the users collection pass through the pipeline, which consists of the following operations:
• The $project operator:
– creates a new field called name.
– converts the value of the _id to upper case, with the $toUpper operator. Then the $project creates
a new field, named name to hold this value.
– suppresses the id field. $project will pass the _id field by default, unless explicitly suppressed.
• The $sort operator orders the results by the name field.
The results of the aggregation would resemble the following:
{
"name" : "JANE"
},
{
"name" : "JILL"
},
{
"name" : "JOE"
}

Return Usernames Ordered by Join Month The following aggregation operation returns user names sorted by the
month they joined. This kind of aggregation could help generate membership renewal notices.
db.users.aggregate(
[
{ $project :
{
month_joined : { $month : "$joined" },
name : "$_id",

210

Chapter 5. Aggregation

MongoDB Documentation, Release 3.2.5

_id : 0
}
},
{ $sort : { month_joined : 1 } }
]
)

The pipeline passes all documents in the users collection through the following operations:
• The $project operator:
– Creates two new fields: month_joined and name.
– Suppresses the id from the results. The aggregate() method includes the _id, unless explicitly
suppressed.
• The $month operator converts the values of the joined field to integer representations of the month. Then
the $project operator assigns those values to the month_joined field.
• The $sort operator sorts the results by the month_joined field.
The operation returns results that resemble the following:
{
"month_joined" : 1,
"name" : "ruth"
},
{
"month_joined" : 1,
"name" : "harold"
},
{
"month_joined" : 1,
"name" : "kate"
}
{
"month_joined" : 2,
"name" : "jill"
}

Return Total Number of Joins per Month The following operation shows how many people joined each month of
the year. You might use this aggregated data for recruiting and marketing strategies.
db.users.aggregate(
[
{ $project : { month_joined : { $month : "$joined" } } } ,
{ $group : { _id : {month_joined:"$month_joined"} , number : { $sum : 1 } } },
{ $sort : { "_id.month_joined" : 1 } }
]
)

The pipeline passes all documents in the users collection through the following operations:
• The $project operator creates a new field called month_joined.
• The $month operator converts the values of the joined field to integer representations of the month. Then
the $project operator assigns the values to the month_joined field.
• The $group operator collects all documents with a given month_joined value and counts how many documents there are for that value. Specifically, for each unique value, $group creates a new “per-month” document
with two fields:
5.4. Additional Features and Behaviors

211

MongoDB Documentation, Release 3.2.5

– _id, which contains a nested document with the month_joined field and its value.
– number, which is a generated field. The $sum operator increments this field by 1 for every document
containing the given month_joined value.
• The $sort operator sorts the documents created by $group according to the contents of the month_joined
field.
The result of this aggregation operation would resemble the following:
{
"_id" : {
"month_joined" : 1
},
"number" : 3
},
{
"_id" : {
"month_joined" : 2
},
"number" : 9
},
{
"_id" : {
"month_joined" : 3
},
"number" : 5
}

Return the Five Most Common “Likes” The following aggregation collects top five most “liked” activities in the
data set. This type of analysis could help inform planning and future development.
db.users.aggregate(
[
{ $unwind : "$likes" },
{ $group : { _id : "$likes" , number : { $sum : 1 } } },
{ $sort : { number : -1 } },
{ $limit : 5 }
]
)

The pipeline begins with all documents in the users collection, and passes these documents through the following
operations:
• The $unwind operator separates each value in the likes array, and creates a new version of the source
document for every element in the array.
Example
Given the following document from the users collection:
{
_id : "jane",
joined : ISODate("2011-03-02"),
likes : ["golf", "racquetball"]
}

The $unwind operator would create the following documents:

212

Chapter 5. Aggregation

MongoDB Documentation, Release 3.2.5

{
_id : "jane",
joined : ISODate("2011-03-02"),
likes : "golf"
}
{
_id : "jane",
joined : ISODate("2011-03-02"),
likes : "racquetball"
}

• The $group operator collects all documents the same value for the likes field and counts each grouping.
With this information, $group creates a new document with two fields:
– _id, which contains the likes value.
– number, which is a generated field. The $sum operator increments this field by 1 for every document
containing the given likes value.
• The $sort operator sorts these documents by the number field in reverse order.
• The $limit operator only includes the first 5 result documents.
The results of aggregation would resemble the following:
{
"_id" : "golf",
"number" : 33
},
{
"_id" : "racquetball",
"number" : 31
},
{
"_id" : "swimming",
"number" : 24
},
{
"_id" : "handball",
"number" : 19
},
{
"_id" : "tennis",
"number" : 18
}

Additional Resources
• MongoDB Analytics: Learn Aggregation by Example: Exploratory Analytics and Visualization Using Flight
Data4
• MongoDB for Time Series Data: Analyzing Time Series Data Using the Aggregation Framework and Hadoop5
• The Aggregation Framework6
4 http://www.mongodb.com/presentations/mongodb-analytics-learn-aggregation-example-exploratory-analytics-and-visualization?jmp=docs
5 http://www.mongodb.com/presentations/mongodb-time-series-data-part-2-analyzing-time-series-data-using-aggregationframework?jmp=docs
6 https://www.mongodb.com/presentations/aggregation-framework-0?jmp=docs

5.4. Additional Features and Behaviors

213

MongoDB Documentation, Release 3.2.5

• Webinar: Exploring the Aggregation Framework7
• Quick Reference Cards8

5.4.2 Map-Reduce
On this page
• Map-Reduce JavaScript Functions (page 215)
• Map-Reduce Behavior (page 215)
Map-reduce is a data processing paradigm for condensing large volumes of data into useful aggregated results. For
map-reduce operations, MongoDB provides the mapReduce database command.
Consider the following map-reduce operation:

7 https://www.mongodb.com/webinar/exploring-the-aggregation-framework?jmp=docs
8 https://www.mongodb.com/lp/misc/quick-reference-cards?jmp=docs

214

Chapter 5. Aggregation

MongoDB Documentation, Release 3.2.5

In this map-reduce operation, MongoDB applies the map phase to each input document (i.e. the documents in the
collection that match the query condition). The map function emits key-value pairs. For those keys that have multiple
values, MongoDB applies the reduce phase, which collects and condenses the aggregated data. MongoDB then stores
the results in a collection. Optionally, the output of the reduce function may pass through a finalize function to further
condense or process the results of the aggregation.
All map-reduce functions in MongoDB are JavaScript and run within the mongod process. Map-reduce operations
take the documents of a single collection as the input and can perform any arbitrary sorting and limiting before
beginning the map stage. mapReduce can return the results of a map-reduce operation as a document, or may write
the results to collections. The input and the output collections may be sharded.
Note: For most aggregation operations, the Aggregation Pipeline (page 199) provides better performance and more
coherent interface. However, map-reduce operations provide some flexibility that is not presently available in the
aggregation pipeline.

Map-Reduce JavaScript Functions
In MongoDB, map-reduce operations use custom JavaScript functions to map, or associate, values to a key. If a key
has multiple values mapped to it, the operation reduces the values for the key to a single object.
The use of custom JavaScript functions provide flexibility to map-reduce operations. For instance, when processing a
document, the map function can create more than one key and value mapping or no mapping. Map-reduce operations
can also use a custom JavaScript function to make final modifications to the results at the end of the map and reduce
operation, such as perform additional calculations.
Map-Reduce Behavior
In MongoDB, the map-reduce operation can write results to a collection or return the results inline. If you write
map-reduce output to a collection, you can perform subsequent map-reduce operations on the same input collection
that merge replace, merge, or reduce new results with previous results. See mapReduce and Perform Incremental
Map-Reduce (page 219) for details and examples.
When returning the results of a map reduce operation inline, the result documents must
be within the BSON Document Size limit,
which is currently 16 megabytes.
For
additional
information
on
limits
and
restrictions
on
map-reduce
operations,
see
the
https://docs.mongodb.org/manual/reference/command/mapReduce reference page.
MongoDB supports map-reduce operations on sharded collections (page 733). Map-reduce operations can also output
the results to a sharded collection. See Map-Reduce and Sharded Collections (page 215).
Map-Reduce and Sharded Collections

On this page
• Sharded Collection as Input (page 216)
• Sharded Collection as Output (page 216)
Map-reduce supports operations on sharded collections, both as an input and as an output. This section describes the
behaviors of mapReduce specific to sharded collections.

5.4. Additional Features and Behaviors

215

MongoDB Documentation, Release 3.2.5

Sharded Collection as Input When using sharded collection as the input for a map-reduce operation, mongos will
automatically dispatch the map-reduce job to each shard in parallel. There is no special option required. mongos will
wait for jobs on all shards to finish.
Sharded Collection as Output If the out field for mapReduce has the sharded value, MongoDB shards the
output collection using the _id field as the shard key.
To output to a sharded collection:
• If the output collection does not exist, MongoDB creates and shards the collection on the _id field.
• For a new or an empty sharded collection, MongoDB uses the results of the first stage of the map-reduce
operation to create the initial chunks distributed among the shards.
• mongos dispatches, in parallel, a map-reduce post-processing job to every shard that owns a chunk. During
the post-processing, each shard will pull the results for its own chunks from the other shards, run the final
reduce/finalize, and write locally to the output collection.
Note:
• During later map-reduce jobs, MongoDB splits chunks as needed.
• Balancing of chunks for the output collection is automatically prevented during post-processing to avoid concurrency issues.
In MongoDB 2.0:
• mongos retrieves the results from each shard, performs a merge sort to order the results, and proceeds to the
reduce/finalize phase as needed. mongos then writes the result to the output collection in sharded mode.
• This model requires only a small amount of memory, even for large data sets.
• Shard chunks are not automatically split during insertion. This requires manual intervention until the chunks
are granular and balanced.
Important: For best results, only use the sharded output options for mapReduce in version 2.2 or later.

Map Reduce Concurrency

The map-reduce operation is composed of many tasks, including reads from the input collection, executions of the
map function, executions of the reduce function, writes to a temporary collection during processing, and writes to
the output collection.
During the operation, map-reduce takes the following locks:
• The read phase takes a read lock. It yields every 100 documents.
• The insert into the temporary collection takes a write lock for a single write.
• If the output collection does not exist, the creation of the output collection takes a write lock.
• If the output collection exists, then the output actions (i.e. merge, replace, reduce) take a write lock. This
write lock is global, and blocks all operations on the mongod instance.
Note: The final write lock during post-processing makes the results appear atomically. However, output actions
merge and reduce may take minutes to process. For the merge and reduce, the nonAtomic flag is available, which releases the lock between writing each output document. See the db.collection.mapReduce()
reference for more information.

216

Chapter 5. Aggregation

MongoDB Documentation, Release 3.2.5

Map-Reduce Examples

On this page
• Return the Total Price Per Customer (page 217)
• Calculate Order and Total Quantity with Average Quantity Per Item (page 218)
In the mongo shell, the db.collection.mapReduce() method is a wrapper around the mapReduce command.
The following examples use the db.collection.mapReduce() method:
Consider the following map-reduce operations on a collection orders that contains documents of the following
prototype:
{
_id: ObjectId("50a8240b927d5d8b5891743c"),
cust_id: "abc123",
ord_date: new Date("Oct 04, 2012"),
status: 'A',
price: 25,
items: [ { sku: "mmm", qty: 5, price: 2.5 },
{ sku: "nnn", qty: 5, price: 2.5 } ]
}

Return the Total Price Per Customer Perform the map-reduce operation on the orders collection to group by
the cust_id, and calculate the sum of the price for each cust_id:
1. Define the map function to process each input document:
• In the function, this refers to the document that the map-reduce operation is processing.
• The function maps the price to the cust_id for each document and emits the cust_id and price
pair.
var mapFunction1 = function() {
emit(this.cust_id, this.price);
};

2. Define the corresponding reduce function with two arguments keyCustId and valuesPrices:
• The valuesPrices is an array whose elements are the price values emitted by the map function and
grouped by keyCustId.
• The function reduces the valuesPrice array to the sum of its elements.
var reduceFunction1 = function(keyCustId, valuesPrices) {
return Array.sum(valuesPrices);
};

3. Perform the map-reduce on all documents in the orders collection using the mapFunction1 map function
and the reduceFunction1 reduce function.
db.orders.mapReduce(
mapFunction1,
reduceFunction1,
{ out: "map_reduce_example" }
)

5.4. Additional Features and Behaviors

217

MongoDB Documentation, Release 3.2.5

This operation outputs the results to a collection named map_reduce_example.
If the
map_reduce_example collection already exists, the operation will replace the contents with the results of this map-reduce operation:
Calculate Order and Total Quantity with Average Quantity Per Item In this example, you will perform a
map-reduce operation on the orders collection for all documents that have an ord_date value greater than
01/01/2012. The operation groups by the item.sku field, and calculates the number of orders and the total
quantity ordered for each sku. The operation concludes by calculating the average quantity per order for each sku
value:
1. Define the map function to process each input document:
• In the function, this refers to the document that the map-reduce operation is processing.
• For each item, the function associates the sku with a new object value that contains the count of 1
and the item qty for the order and emits the sku and value pair.
var mapFunction2 = function() {
for (var idx = 0; idx < this.items.length; idx++) {
var key = this.items[idx].sku;
var value = {
count: 1,
qty: this.items[idx].qty
};
emit(key, value);
}
};

2. Define the corresponding reduce function with two arguments keySKU and countObjVals:
• countObjVals is an array whose elements are the objects mapped to the grouped keySKU values
passed by map function to the reducer function.
• The function reduces the countObjVals array to a single object reducedValue that contains the
count and the qty fields.
• In reducedVal, the count field contains the sum of the count fields from the individual array elements, and the qty field contains the sum of the qty fields from the individual array elements.
var reduceFunction2 = function(keySKU, countObjVals) {
reducedVal = { count: 0, qty: 0 };
for (var idx = 0; idx < countObjVals.length; idx++) {
reducedVal.count += countObjVals[idx].count;
reducedVal.qty += countObjVals[idx].qty;
}
return reducedVal;
};

3. Define a finalize function with two arguments key and reducedVal. The function modifies the
reducedVal object to add a computed field named avg and returns the modified object:
var finalizeFunction2 = function (key, reducedVal) {
reducedVal.avg = reducedVal.qty/reducedVal.count;
return reducedVal;
};

218

Chapter 5. Aggregation

MongoDB Documentation, Release 3.2.5

4. Perform the map-reduce operation on the orders collection
reduceFunction2, and finalizeFunction2 functions.

using

the

mapFunction2,

db.orders.mapReduce( mapFunction2,
reduceFunction2,
{
out: { merge: "map_reduce_example" },
query: { ord_date:
{ $gt: new Date('01/01/2012') }
},
finalize: finalizeFunction2
}
)

This operation uses the query field to select only those documents with ord_date greater than new
Date(01/01/2012). Then it output the results to a collection map_reduce_example. If the
map_reduce_example collection already exists, the operation will merge the existing contents with the
results of this map-reduce operation.
Perform Incremental Map-Reduce

On this page
• Data Setup (page 219)
• Initial Map-Reduce of Current Collection (page 220)
• Subsequent Incremental Map-Reduce (page 221)
Map-reduce operations can handle complex aggregation tasks. To perform map-reduce operations, MongoDB provides
the mapReduce command and, in the mongo shell, the db.collection.mapReduce() wrapper method.
If the map-reduce data set is constantly growing, you may want to perform an incremental map-reduce rather than
performing the map-reduce operation over the entire data set each time.
To perform incremental map-reduce:
1. Run a map-reduce job over the current collection and output the result to a separate collection.
2. When you have more data to process, run subsequent map-reduce job with:
• the query parameter that specifies conditions that match only the new documents.
• the out parameter that specifies the reduce action to merge the new results into the existing output
collection.
Consider the following example where you schedule a map-reduce operation on a sessions collection to run at the
end of each day.
Data Setup The sessions collection contains documents that log users’ sessions each day, for example:
db.sessions.save(
db.sessions.save(
db.sessions.save(
db.sessions.save(

{
{
{
{

userid:
userid:
userid:
userid:

"a",
"b",
"c",
"d",

ts:
ts:
ts:
ts:

ISODate('2011-11-03
ISODate('2011-11-03
ISODate('2011-11-03
ISODate('2011-11-03

14:17:00'),
14:23:00'),
15:02:00'),
16:45:00'),

length:
length:
length:
length:

95 } );
110 } );
120 } );
45 } );

db.sessions.save( { userid: "a", ts: ISODate('2011-11-04 11:05:00'), length: 105 } );
db.sessions.save( { userid: "b", ts: ISODate('2011-11-04 13:14:00'), length: 120 } );

5.4. Additional Features and Behaviors

219

MongoDB Documentation, Release 3.2.5

db.sessions.save( { userid: "c", ts: ISODate('2011-11-04 17:00:00'), length: 130 } );
db.sessions.save( { userid: "d", ts: ISODate('2011-11-04 15:37:00'), length: 65 } );

Initial Map-Reduce of Current Collection Run the first map-reduce operation as follows:
1. Define the map function that maps the userid to an object that contains the fields userid, total_time,
count, and avg_time:
var mapFunction = function() {
var key = this.userid;
var value = {
userid: this.userid,
total_time: this.length,
count: 1,
avg_time: 0
};
emit( key, value );
};

2. Define the corresponding reduce function with two arguments key and values to calculate the total time and
the count. The key corresponds to the userid, and the values is an array whose elements corresponds to
the individual objects mapped to the userid in the mapFunction.
var reduceFunction = function(key, values) {
var reducedObject = {
userid: key,
total_time: 0,
count:0,
avg_time:0
};
values.forEach( function(value) {
reducedObject.total_time += value.total_time;
reducedObject.count += value.count;
}
);
return reducedObject;
};

3. Define the finalize function with two arguments key and reducedValue. The function modifies the
reducedValue document to add another field average and returns the modified document.
var finalizeFunction = function (key, reducedValue) {

if (reducedValue.count > 0)
reducedValue.avg_time = reducedValue.total_time / reducedValue.cou
return reducedValue;
};

4. Perform map-reduce on the session collection using the mapFunction, the reduceFunction, and the
finalizeFunction functions. Output the results to a collection session_stat. If the session_stat
collection already exists, the operation will replace the contents:
db.sessions.mapReduce( mapFunction,
reduceFunction,

220

Chapter 5. Aggregation

MongoDB Documentation, Release 3.2.5

{
out: "session_stat",
finalize: finalizeFunction
}
)

Subsequent Incremental Map-Reduce Later, as the sessions collection grows, you can run additional mapreduce operations. For example, add new documents to the sessions collection:
db.sessions.save(
db.sessions.save(
db.sessions.save(
db.sessions.save(

{
{
{
{

userid:
userid:
userid:
userid:

"a",
"b",
"c",
"d",

ts:
ts:
ts:
ts:

ISODate('2011-11-05
ISODate('2011-11-05
ISODate('2011-11-05
ISODate('2011-11-05

14:17:00'),
14:23:00'),
15:02:00'),
16:45:00'),

length:
length:
length:
length:

100 } );
115 } );
125 } );
55 } );

At the end of the day, perform incremental map-reduce on the sessions collection, but use the query field to select
only the new documents. Output the results to the collection session_stat, but reduce the contents with the
results of the incremental map-reduce:
db.sessions.mapReduce( mapFunction,
reduceFunction,
{
query: { ts: { $gt: ISODate('2011-11-05 00:00:00') } },
out: { reduce: "session_stat" },
finalize: finalizeFunction
}
);

Troubleshoot the Map Function

The map function is a JavaScript function that associates or “maps” a value with a key and emits the key and value
pair during a map-reduce (page 214) operation.
To verify the key and value pairs emitted by the map function, write your own emit function.
Consider a collection orders that contains documents of the following prototype:
{
_id: ObjectId("50a8240b927d5d8b5891743c"),
cust_id: "abc123",
ord_date: new Date("Oct 04, 2012"),
status: 'A',
price: 250,
items: [ { sku: "mmm", qty: 5, price: 2.5 },
{ sku: "nnn", qty: 5, price: 2.5 } ]
}

1. Define the map function that maps the price to the cust_id for each document and emits the cust_id and
price pair:
var map = function() {
emit(this.cust_id, this.price);
};

2. Define the emit function to print the key and value:
var emit = function(key, value) {
print("emit");

5.4. Additional Features and Behaviors

221

MongoDB Documentation, Release 3.2.5

print("key: " + key + "

value: " + tojson(value));

}

3. Invoke the map function with a single document from the orders collection:
var myDoc = db.orders.findOne( { _id: ObjectId("50a8240b927d5d8b5891743c") } );
map.apply(myDoc);

4. Verify the key and value pair is as you expected.
emit
key: abc123 value:250

5. Invoke the map function with multiple documents from the orders collection:
var myCursor = db.orders.find( { cust_id: "abc123" } );
while (myCursor.hasNext()) {
var doc = myCursor.next();
print ("document _id= " + tojson(doc._id));
map.apply(doc);
print();
}

6. Verify the key and value pairs are as you expected.
See also:
The map function must meet various requirements. For a list of all the requirements for the map function, see
mapReduce, or the mongo shell helper method db.collection.mapReduce().
Troubleshoot the Reduce Function

On this page
• Confirm Output Type (page 222)
• Ensure Insensitivity to the Order of Mapped Values (page 223)
• Ensure Reduce Function Idempotence (page 224)
The reduce function is a JavaScript function that “reduces” to a single object all the values associated with a particular key during a map-reduce (page 214) operation. The reduce function must meet various requirements. This
tutorial helps verify that the reduce function meets the following criteria:
• The reduce function must return an object whose type must be identical to the type of the value emitted by
the map function.
• The order of the elements in the valuesArray should not affect the output of the reduce function.
• The reduce function must be idempotent.
For a list of all the requirements for the reduce function, see mapReduce, or the mongo shell helper method
db.collection.mapReduce().
Confirm Output Type You can test that the reduce function returns a value that is the same type as the value
emitted from the map function.

222

Chapter 5. Aggregation

MongoDB Documentation, Release 3.2.5

1. Define a reduceFunction1 function that takes the arguments keyCustId and valuesPrices.
valuesPrices is an array of integers:
var reduceFunction1 = function(keyCustId, valuesPrices) {
return Array.sum(valuesPrices);
};

2. Define a sample array of integers:
var myTestValues = [ 5, 5, 10 ];

3. Invoke the reduceFunction1 with myTestValues:
reduceFunction1('myKey', myTestValues);

4. Verify the reduceFunction1 returned an integer:
20

5. Define a reduceFunction2 function that takes the arguments keySKU and valuesCountObjects.
valuesCountObjects is an array of documents that contain two fields count and qty:
var reduceFunction2 = function(keySKU, valuesCountObjects) {
reducedValue = { count: 0, qty: 0 };
for (var idx = 0; idx < valuesCountObjects.length; idx++) {
reducedValue.count += valuesCountObjects[idx].count;
reducedValue.qty += valuesCountObjects[idx].qty;
}
return reducedValue;
};

6. Define a sample array of documents:
var myTestObjects = [
{ count: 1, qty: 5 },
{ count: 2, qty: 10 },
{ count: 3, qty: 15 }
];

7. Invoke the reduceFunction2 with myTestObjects:
reduceFunction2('myKey', myTestObjects);

8. Verify the reduceFunction2 returned a document with exactly the count and the qty field:
{ "count" : 6, "qty" : 30 }

Ensure Insensitivity to the Order of Mapped Values The reduce function takes a key and a values array as
its argument. You can test that the result of the reduce function does not depend on the order of the elements in the
values array.
1. Define a sample values1 array and a sample values2 array that only differ in the order of the array elements:
var values1 = [
{ count: 1, qty: 5 },
{ count: 2, qty: 10 },
{ count: 3, qty: 15 }
];

5.4. Additional Features and Behaviors

223

MongoDB Documentation, Release 3.2.5

var values2 = [
{ count: 3, qty: 15 },
{ count: 1, qty: 5 },
{ count: 2, qty: 10 }
];

2. Define a reduceFunction2 function that takes the arguments keySKU and valuesCountObjects.
valuesCountObjects is an array of documents that contain two fields count and qty:
var reduceFunction2 = function(keySKU, valuesCountObjects) {
reducedValue = { count: 0, qty: 0 };
for (var idx = 0; idx < valuesCountObjects.length; idx++) {
reducedValue.count += valuesCountObjects[idx].count;
reducedValue.qty += valuesCountObjects[idx].qty;
}
return reducedValue;
};

3. Invoke the reduceFunction2 first with values1 and then with values2:
reduceFunction2('myKey', values1);
reduceFunction2('myKey', values2);

4. Verify the reduceFunction2 returned the same result:
{ "count" : 6, "qty" : 30 }

Ensure Reduce Function Idempotence Because the map-reduce operation may call a reduce multiple times for
the same key, and won’t call a reduce for single instances of a key in the working set, the reduce function must
return a value of the same type as the value emitted from the map function. You can test that the reduce function
process “reduced” values without affecting the final value.
1. Define a reduceFunction2 function that takes the arguments keySKU and valuesCountObjects.
valuesCountObjects is an array of documents that contain two fields count and qty:
var reduceFunction2 = function(keySKU, valuesCountObjects) {
reducedValue = { count: 0, qty: 0 };
for (var idx = 0; idx < valuesCountObjects.length; idx++) {
reducedValue.count += valuesCountObjects[idx].count;
reducedValue.qty += valuesCountObjects[idx].qty;
}
return reducedValue;
};

2. Define a sample key:
var myKey = 'myKey';

3. Define a sample valuesIdempotent array that contains an element that is a call to the reduceFunction2
function:
var valuesIdempotent = [
{ count: 1, qty: 5 },
{ count: 2, qty: 10 },

224

Chapter 5. Aggregation

MongoDB Documentation, Release 3.2.5

reduceFunction2(myKey, [ { count:3, qty: 15 } ] )
];

4. Define a sample values1 array that combines the values passed to reduceFunction2:
var values1 = [
{ count: 1, qty: 5 },
{ count: 2, qty: 10 },
{ count: 3, qty: 15 }
];

5. Invoke the reduceFunction2 first with myKey and valuesIdempotent and then with myKey and
values1:
reduceFunction2(myKey, valuesIdempotent);
reduceFunction2(myKey, values1);

6. Verify the reduceFunction2 returned the same result:
{ "count" : 6, "qty" : 30 }

5.4.3 Aggregation Reference
Aggregation Pipeline Quick Reference (page 225) Quick reference card for aggregation pipeline.
Aggregation Commands (page 231) The reference for the data aggregation commands, which provide the interfaces
to MongoDB’s aggregation capability.
Aggregation Commands Comparison (page 232) A comparison of group, mapReduce and aggregate that explores the strengths and limitations of each aggregation modality.
https://docs.mongodb.org/manual/reference/operator/aggregation Aggregation pipeline
operations have a collection of operators available to define and manipulate documents in pipeline stages.
Variables in Aggregation Expressions (page 234) Use of variables in aggregation pipeline expressions.
SQL to Aggregation Mapping Chart (page 234) An overview common aggregation operations in SQL and MongoDB using the aggregation pipeline and operators in MongoDB and common SQL statements.
Aggregation Pipeline Quick Reference

On this page
• Stages (page 225)
• Expressions (page 226)
• Accumulators (page 230)

Stages

In the db.collection.aggregate method, pipeline stages appear in an array. Documents pass through the
stages in sequence. All except the $out and $geoNear stages can appear multiple times in a pipeline.
db.collection.aggregate( [ { }, ... ] )

5.4. Additional Features and Behaviors

225

MongoDB Documentation, Release 3.2.5

Name
Description
$project Reshapes each document in the stream, such as by adding new fields or removing existing fields. For
each input document, outputs one document.
$match
Filters the document stream to allow only matching documents to pass unmodified into the next
pipeline stage. $match uses standard MongoDB queries. For each input document, outputs either
one document (a match) or zero documents (no match).
$redact Reshapes each document in the stream by restricting the content for each document based on
information stored in the documents themselves. Incorporates the functionality of $project and
$match. Can be used to implement field level redaction. For each input document, outputs either
one or zero documents.
$limit
Passes the first n documents unmodified to the pipeline where n is the specified limit. For each input
document, outputs either one document (for the first n documents) or zero documents (after the first n
documents).
$skip
Skips the first n documents where n is the specified skip number and passes the remaining documents
unmodified to the pipeline. For each input document, outputs either zero documents (for the first n
documents) or one document (if after the first n documents).
$unwind Deconstructs an array field from the input documents to output a document for each element. Each
output document replaces the array with an element value. For each input document, outputs n
documents where n is the number of array elements and can be zero for an empty array.
$group
Groups input documents by a specified identifier expression and applies the accumulator
expression(s), if specified, to each group. Consumes all input documents and outputs one document
per each distinct group. The output documents only contain the identifier field and, if specified,
accumulated fields.
$sample Randomly selects the specified number of documents from its input.
$sort
Reorders the document stream by a specified sort key. Only the order changes; the documents remain
unmodified. For each input document, outputs one document.
$geoNear Returns an ordered stream of documents based on the proximity to a geospatial point. Incorporates
the functionality of $match, $sort, and $limit for geospatial data. The output documents
include an additional distance field and can include a location identifier field.
$lookup Performs a left outer join to another collection in the same database to filter in documents from the
“joined” collection for processing.
$out
Writes the resulting documents of the aggregation pipeline to a collection. To use the $out stage, it
must be the last stage in the pipeline.
$indexStats
Returns statistics regarding the use of each index for the collection.
Expressions

Expressions can include field paths and system variables (page 226), literals (page 227), expression objects (page 227),
and expression operators (page 227). Expressions can be nested.
Field Path and System Variables Aggregation expressions use field path to access fields in the input documents.
To specify a field path, use a string that prefixes with a dollar sign $ the field name or the dotted field name, if the field
is in embedded document. For example, "$user" to specify the field path for the user field or "$user.name" to
specify the field path to "user.name" field.
"$" is equivalent to "$$CURRENT." where the CURRENT (page 234) is a system variable that
defaults to the root of the current object in the most stages, unless stated otherwise in specific stages. CURRENT
(page 234) can be rebound.
Along with the CURRENT (page 234) system variable, other system variables (page 234) are also available for use in
expressions. To use user-defined variables, use $let and $map expressions. To access variables in expressions, use
a string that prefixes the variable name with $$.

226

Chapter 5. Aggregation

MongoDB Documentation, Release 3.2.5

Literals Literals can be of any type. However, MongoDB parses string literals that start with a dollar sign $ as a path
to a field and numeric/boolean literals in expression objects (page 227) as projection flags. To avoid parsing literals,
use the $literal expression.
Expression Objects Expression objects have the following form:
{ : , ... }

If the expressions are numeric or boolean literals, MongoDB treats the literals as projection flags (e.g. 1 or true to
include the field), valid only in the $project stage. To avoid treating numeric or boolean literals as projection flags,
use the $literal expression to wrap the numeric or boolean literals.
Operator Expressions Operator expressions are similar to functions that take arguments. In general, these expressions take an array of arguments and have the following form:
{ : [ , ... ] }

If operator accepts a single argument, you can omit the outer array designating the argument list:
{ : }

To avoid parsing ambiguity if the argument is a literal array, you must wrap the literal array in a $literal expression
or keep the outer array that designates the argument list.
Boolean Expressions Boolean expressions evaluate their argument expressions as booleans and return a boolean as
the result.
In addition to the false boolean value, Boolean expression evaluates as false the following: null, 0, and
undefined values. The Boolean expression evaluates all other values as true, including non-zero numeric values
and arrays.
Name
$and
$or
$not

Description
Returns true only when all its expressions evaluate to true. Accepts any number of argument
expressions.
Returns true when any of its expressions evaluates to true. Accepts any number of argument
expressions.
Returns the boolean value that is the opposite of its argument expression. Accepts a single argument
expression.

Set Expressions Set expressions performs set operation on arrays, treating arrays as sets. Set expressions ignores
the duplicate entries in each input array and the order of the elements.
If the set operation returns a set, the operation filters out duplicates in the result to output an array that contains only
unique entries. The order of the elements in the output array is unspecified.
If a set contains a nested array element, the set expression does not descend into the nested array but evaluates the
array at top-level.

5.4. Additional Features and Behaviors

227

MongoDB Documentation, Release 3.2.5

Name
Description
$setEquals Returns true if the input sets have the same distinct elements. Accepts two or more argument
expressions.
$setIntersection
Returns a set with elements that appear in all of the input sets. Accepts any number of argument
expressions.
$setUnion Returns a set with elements that appear in any of the input sets. Accepts any number of argument
expressions.
$setDifference
Returns a set with elements that appear in the first set but not in the second set; i.e. performs a
relative complement9 of the second set relative to the first. Accepts exactly two argument
expressions.
$setIsSubsetReturns true if all elements of the first set appear in the second set, including when the first set
equals the second set; i.e. not a strict subset10 . Accepts exactly two argument expressions.
$anyElementTrue
Returns true if any elements of a set evaluate to true; otherwise, returns false. Accepts a
single argument expression.
$allElementsTrue
Returns true if no element of a set evaluates to false, otherwise, returns false. Accepts a
single argument expression.
Comparison Expressions Comparison expressions return a boolean except for $cmp which returns a number.
The comparison expressions take two argument expressions and compare both value and type, using the specified
BSON comparison order (page 13) for values of different types.
Name Description
$cmp Returns: 0 if the two values are equivalent, 1 if the first value is greater than the second, and -1 if the
first value is less than the second.
$eq
Returns true if the values are equivalent.
$gt
Returns true if the first value is greater than the second.
$gte Returns true if the first value is greater than or equal to the second.
$lt
Returns true if the first value is less than the second.
$lte Returns true if the first value is less than or equal to the second.
$ne
Returns true if the values are not equivalent.
Arithmetic Expressions Arithmetic expressions perform mathematic operations on numbers. Some arithmetic expressions can also support date arithmetic.
9 http://en.wikipedia.org/wiki/Complement_(set_theory)
10 http://en.wikipedia.org/wiki/Subset

228

Chapter 5. Aggregation

MongoDB Documentation, Release 3.2.5

Name
$abs
$add

Description
Returns the absolute value of a number.
Adds numbers to return the sum, or adds numbers and a date to return a new date. If adding numbers
and a date, treats the numbers as milliseconds. Accepts any number of argument expressions, but at
most, one expression can resolve to a date.
$ceil
Returns the smallest integer greater than or equal to the specified number.
$divide Returns the result of dividing the first number by the second. Accepts two argument expressions.
$exp
Raises e to the specified exponent.
$floor Returns the largest integer less than or equal to the specified number.
$ln
Calculates the natural log of a number.
$log
Calculates the log of a number in the specified base.
$log10 Calculates the log base 10 of a number.
$mod
Returns the remainder of the first number divided by the second. Accepts two argument expressions.
$multiply
Multiplies numbers to return the product. Accepts any number of argument expressions.
$pow
Raises a number to the specified exponent.
$sqrt
Calculates the square root.
$subtract
Returns the result of subtracting the second value from the first. If the two values are numbers, return
the difference. If the two values are dates, return the difference in milliseconds. If the two values are a
date and a number in milliseconds, return the resulting date. Accepts two argument expressions. If the
two values are a date and a number, specify the date argument first as it is not meaningful to subtract a
date from a number.
$trunc Truncates a number to its integer.
String Expressions String expressions, with the exception of $concat, only have a well-defined behavior for
strings of ASCII characters.
$concat behavior is well-defined regardless of the characters used.
Name
$concat
$substr

Description
Concatenates any number of strings.
Returns a substring of a string, starting at a specified index position up to a specified length. Accepts
three expressions as arguments: the first argument must resolve to a string, and the second and third
arguments must resolve to integers.
$toLower Converts a string to lowercase. Accepts a single argument expression.
$toUpper Converts a string to uppercase. Accepts a single argument expression.
$strcasecmp
Performs case-insensitive string comparison and returns: 0 if two strings are equivalent, 1 if the first
string is greater than the second, and -1 if the first string is less than the second.

Text Search Expressions

Array Expressions

Name
$meta

Description
Access text search metadata.

Name
$arrayElemAt
$concatArrays
$filter
$isArray
$size
$slice

Description
Returns the element at the specified array index.
Concatenates arrays to return the concatenated array.
Selects a subset of the array to return an array with only the elements that match the filter
condition.
Determines if the operand is an array. Returns a boolean.
Returns the number of elements in the array. Accepts a single expression as argument.
Returns a subset of an array.

5.4. Additional Features and Behaviors

229

MongoDB Documentation, Release 3.2.5

Name Description
$map Applies a subexpression to each element of an array and returns the array of resulting values in order
Accepts named parameters.
$let Defines variables for use within the scope of a subexpression and returns the result of the subexpress
Accepts named parameters.

Variable Expressions

Literal Expressions

Date Expressions

Name
Description
$literal
Return a value without parsing. Use for values that the aggregation pipeline may interpret as an
expression. For example, use a $literal expression to a string that starts with a $ to avoid parsing
a field path.
Name
Description
$dayOfYear Returns the day of the year for a date as a number between 1 and 366 (leap year).
$dayOfMonth Returns the day of the month for a date as a number between 1 and 31.
$dayOfWeek Returns the day of the week for a date as a number between 1 (Sunday) and 7 (Saturday).
$year
Returns the year for a date as a number (e.g. 2014).
$month
Returns the month for a date as a number between 1 (January) and 12 (December).
$week
Returns the week number for a date as a number between 0 (the partial week that precedes the
first Sunday of the year) and 53 (leap year).
$hour
Returns the hour for a date as a number between 0 and 23.
$minute
Returns the minute for a date as a number between 0 and 59.
$second
Returns the seconds for a date as a number between 0 and 60 (leap seconds).
$millisecondReturns the milliseconds of a date as a number between 0 and 999.
$dateToString
Returns the date as a formatted string.

Conditional Expressions

Name Description
$cond A ternary operator that evaluates one expression, and depending on the result, returns the value o
the other two expressions. Accepts either three expressions in an ordered list or three named par
$ifNullReturns either the non-null result of the first expression or the result of the second expression if t
expression results in a null result. Null result encompasses instances of undefined values or miss
fields. Accepts two expressions as arguments. The result of the second expression can be null.

Accumulators

Changed in version 3.2: Some accumulators are now available in the $project stage. In previous versions of
MongoDB , accumulators are available only for the $group stage.
Accumulators, when used in the $group stage, maintain their state (e.g. totals, maximums, minimums, and related
data) as documents progress through the pipeline.
When used in the $group stage, accumulators take as input a single expression, evaluating the expression once for
each input document, and maintain their stage for the group of documents that share the same group key.
When used in the $project stage, the accumulators do not maintain their state. When used in the $project stage,
accumulators take as input either a single argument or multiple arguments.

230

Chapter 5. Aggregation

MongoDB Documentation, Release 3.2.5

Name
$sum

Description
Returns a sum of numerical values. Ignores non-numeric values.
Changed in version 3.2: Available in both $group and $project stages.
$avg
Returns an average of numerical values. Ignores non-numeric values.
Changed in version 3.2: Available in both $group and $project stages.
$first
Returns a value from the first document for each group. Order is only defined if the documents are
in a defined order.
Available in $group stage only.
$last
Returns a value from the last document for each group. Order is only defined if the documents are in
a defined order.
Available in $group stage only.
$max
Returns the highest expression value for each group.
Changed in version 3.2: Available in both $group and $project stages.
$min
Returns the lowest expression value for each group.
Changed in version 3.2: Available in both $group and $project stages.
$push
Returns an array of expression values for each group.
Available in $group stage only.
$addToSet Returns an array of unique expression values for each group. Order of the array elements is
undefined.
Available in $group stage only.
$stdDevPopReturns the population standard deviation of the input values.
Changed in version 3.2: Available in both $group and $project stages.
$stdDevSamp
Returns the sample standard deviation of the input values.
Changed in version 3.2: Available in both $group and $project stages.
Aggregation Commands

On this page
• Aggregation Commands (page 231)
• Aggregation Methods (page 231)

Aggregation Commands

Name
aggregate
count
distinct
group
mapReduce

Description
Performs aggregation tasks (page 199) such as group using the aggregation framework.
Counts the number of documents in a collection.
Displays the distinct values found for a specified key in a collection.
Groups documents in a collection by the specified key and performs simple aggregation.
Performs map-reduce (page 214) aggregation for large data sets.

Aggregation Methods

Name
Description
db.collection.aggregate()Provides access to the aggregation pipeline (page 199).
db.collection.group()
Groups documents in a collection by the specified key and performs simple
aggregation.
db.collection.mapReduce()Performs map-reduce (page 214) aggregation for large data sets.

5.4. Additional Features and Behaviors

231

MongoDB Documentation, Release 3.2.5

Aggregation Commands Comparison
The following table provides a brief overview of the features of the MongoDB aggregation commands.

232

Chapter 5. Aggregation

MongoDB Documentation, Release 3.2.5

aggregate
mapReduce
group
De- Designed with specific goals of
Implements the Map-Reduce
Provides grouping functionality.
scrip- improving performance and
aggregation for processing large
Is slower than the aggregate
tion usability for aggregation tasks.
data sets.
command and has less
Uses a “pipeline” approach
functionality than the
where objects are transformed as
mapReduce command.
they pass through a series of
pipeline operators such as
$group, $match, and $sort.
See
https://docs.mongodb.org/manual/reference/operator/aggregation
for more information on the
pipeline operators.
Key Pipeline operators can be
In addition to grouping
Can either group by existing
Fea- repeated as needed.
operations, can perform complex
fields or with a custom keyf
tures Pipeline operators need not
aggregation tasks as well as
JavaScript function, can group by
produce one output document for perform incremental aggregation
calculated fields.
every input document.
on continuously growing
See group for information and
Can also generate new
datasets.
example using the keyf
documents or filter out
See Map-Reduce Examples
function.
documents.
(page 217) and Perform
Incremental Map-Reduce
(page 219).
Flex- Limited to the operators and
Custom map, reduce and
Custom reduce and
iexpressions supported by the
finalize JavaScript functions
finalize JavaScript functions
bil- aggregation pipeline.
offer flexibility to aggregation
offer flexibility to grouping logic.
ity
However, can add computed
logic.
See group for details and
fields, create new virtual
See mapReduce for details and
restrictions on these functions.
sub-objects, and extract
restrictions on the functions.
sub-fields into the top-level of
results by using the $project
pipeline operator.
See $project for more
information as well as
https://docs.mongodb.org/manual/reference/operator/aggregation
for more information on all the
available pipeline operators.
Out- Returns results in various options Returns results in various options Returns results inline as an array
put (inline as a document that
(inline, new collection, merge,
of grouped items.
Re- contains the result set, a cursor to replace, reduce). See
The result set must fit within the
sults the result set) or stores the results mapReduce for details on the
maximum BSON document size
in a collection.
output options.
limit.
The result is subject to the BSON
The returned array can contain at
Document size limit if returned
most 20,000 elements; i.e. at
inline as a document that
most 20,000 unique groupings.
contains the result set.
Changed in version 2.6: Can
return results as a cursor or store
the results to a collection.
Shard-Supports non-sharded and
Supports non-sharded and
Does not support sharded
ing sharded input collections.
sharded input collections.
collection.
Notes
Prior to 2.4, JavaScript code
Prior to 2.4, JavaScript code
executed in a single thread.
executed in a single thread.
More See Aggregation Pipeline
See Map-Reduce (page 214) and
See group.
In(page 199) and aggregate.
mapReduce.
for5.4.
233
ma-Additional Features and Behaviors
tion

MongoDB Documentation, Release 3.2.5

Variables in Aggregation Expressions

On this page
• User Variables (page 234)
• System Variables (page 234)
Aggregation expressions (page 226) can use both user-defined and system variables.
Variables can hold any BSON type data (page 12). To access the value of the variable, use a string with the variable
name prefixed with double dollar signs ($$).
If the variable references an object, to access a specific field in the object, use the dot notation; i.e.
"$$.".
User Variables

User variable names can contain the ascii characters [_a-zA-Z0-9] and any non-ascii character.
User variable names must begin with a lowercase ascii letter [a-z] or a non-ascii character.
System Variables

MongoDB offers the following system variables:
Variable
ROOT

CURRENT

DESCEND

Description
References the root document, i.e. the top-level document, currently being processed in the aggregation
pipeline stage.
References the start of the field path being processed in
the aggregation pipeline stage. Unless documented otherwise, all stages start with CURRENT (page 234) the
same as ROOT (page 234).
CURRENT (page 234) is modifiable. However, since
$ is equivalent to $$CURRENT.,
rebinding CURRENT (page 234) changes the meaning
of $ accesses.
One of the allowed results of a $redact expression.

PRUNE

One of the allowed results of a $redact expression.

KEEP

One of the allowed results of a $redact expression.

See also:
$let, $redact, $map
SQL to Aggregation Mapping Chart

234

Chapter 5. Aggregation

MongoDB Documentation, Release 3.2.5

On this page
• Examples (page 235)
• Additional Resources (page 237)
The aggregation pipeline (page 199) allows MongoDB to provide native aggregation capabilities that corresponds to
many common data aggregation operations in SQL.
The following table provides an overview of common SQL aggregation terms, functions, and concepts and the corresponding MongoDB aggregation operators:
SQL Terms, Functions, and Concepts
WHERE
GROUP BY
HAVING
SELECT
ORDER BY
LIMIT
SUM()
COUNT()
join

MongoDB Aggregation Operators
$match
$group
$match
$project
$sort
$limit
$sum
$sum
$lookup
New in version 3.2.

Examples

The following table presents a quick reference of SQL aggregation statements and the corresponding MongoDB statements. The examples in the table assume the following conditions:
• The SQL examples assume two tables, orders and order_lineitem that join by the
order_lineitem.order_id and the orders.id columns.
• The MongoDB examples assume one collection orders that contain documents of the following prototype:
{
cust_id: "abc123",
ord_date: ISODate("2012-11-02T17:04:11.102Z"),
status: 'A',
price: 50,
items: [ { sku: "xxx", qty: 25, price: 1 },
{ sku: "yyy", qty: 25, price: 1 } ]
}

5.4. Additional Features and Behaviors

235

MongoDB Documentation, Release 3.2.5

SQL Example

MongoDB Example

SELECT COUNT(*) AS count
FROM orders

db.orders.aggregate( [
{
$group: {
_id: null,
count: { $sum: 1 }
}
}
] )

Description
Count all records from orders

Sum the price field from orders
SELECT SUM(price) AS total db.orders.aggregate( [
FROM orders
{
$group: {
_id: null,
total: { $sum: "$price" }
}
}
] )
For each unique cust_id, sum the
SELECT cust_id,
db.orders.aggregate( [
price field.
SUM(price) AS total
{
FROM orders
$group: {
GROUP BY cust_id
_id: "$cust_id",
total: { $sum: "$price" }
}
}
] )
For each unique cust_id, sum the
SELECT cust_id,
db.orders.aggregate( [
price field, results sorted by sum.
SUM(price) AS total
{
FROM orders
$group: {
GROUP BY cust_id
_id: "$cust_id",
ORDER BY total
total: { $sum: "$price" }
}
},
{ $sort: { total: 1 } }
] )
For
each
unique
cust_id,
SELECT cust_id,
db.orders.aggregate( [
ord_date grouping, sum the
ord_date,
{
price field. Excludes the time
SUM(price) AS total
$group: {
portion of the date.
FROM orders
_id: {
GROUP BY cust_id,
cust_id: "$cust_id",
ord_date
ord_date: {
month: { $month: "$ord_date" },
day: { $dayOfMonth: "$ord_date" },
year: { $year: "$ord_date"}
}
},
total: { $sum: "$price" }
}
}
] )
236
SELECT cust_id,
count(*)
FROM orders

db.orders.aggregate( [
{
$group: {

Chapter 5. Aggregation
For cust_id with multiple records,
return the cust_id and the corresponding record count.

MongoDB Documentation, Release 3.2.5

Additional Resources

• MongoDB and MySQL Compared11
• Quick Reference Cards12
• MongoDB Database Modernization Consulting Package13

5.5 Additional Resources
• MongoDB Analytics: Learn Aggregation by Example: Exploratory Analytics and Visualization Using Flight
Data14
• MongoDB for Time Series Data: Analyzing Time Series Data Using the Aggregation Framework and Hadoop15
• The Aggregation Framework16
• Webinar: Exploring the Aggregation Framework17
• Quick Reference Cards18

11 http://www.mongodb.com/mongodb-and-mysql-compared?jmp=docs
12 https://www.mongodb.com/lp/misc/quick-reference-cards?jmp=docs
13 https://www.mongodb.com/products/consulting?jmp=docs#database_modernization
14 http://www.mongodb.com/presentations/mongodb-analytics-learn-aggregation-example-exploratory-analytics-and-visualization?jmp=docs
15 http://www.mongodb.com/presentations/mongodb-time-series-data-part-2-analyzing-time-series-data-using-aggregationframework?jmp=docs
16 https://www.mongodb.com/presentations/aggregation-framework-0?jmp=docs
17 https://www.mongodb.com/webinar/exploring-the-aggregation-framework?jmp=docs
18 https://www.mongodb.com/lp/misc/quick-reference-cards?jmp=docs

5.5. Additional Resources

237

MongoDB Documentation, Release 3.2.5

238

Chapter 5. Aggregation

CHAPTER 6

Text Search

On this page
• Overview (page 239)
• Example (page 239)
• Language Support (page 240)

6.1 Overview
MongoDB supports query operations that perform a text search of string content. To perform text search, MongoDB
uses a text index (page 533) and the $text operator.

6.2 Example
This example demonstrates how to build a text index and use it to find coffee shops, given only text fields.
Create a collection stores with the following documents:
db.stores.insert(
[
{ _id: 1, name:
{ _id: 2, name:
{ _id: 3, name:
{ _id: 4, name:
{ _id: 5, name:
]
)

"Java Hut", description: "Coffee and cakes" },
"Burger Buns", description: "Gourmet hamburgers" },
"Coffee Shop", description: "Just coffee" },
"Clothes Clothes Clothes", description: "Discount clothing" },
"Java Shopping", description: "Indonesian goods" }

6.2.1 Text Index
MongoDB provides text indexes (page 533) to support text search queries on string content. text indexes can include
any field whose value is a string or an array of string elements.
To perform text search queries, you must have a text index on your collection. A collection can only have one text
search index, but that index can cover multiple fields.

239

MongoDB Documentation, Release 3.2.5

For example you can run the following in a mongo shell to allow text search over the name and description
fields:
db.stores.createIndex( { name: "text", description: "text" } )

6.2.2 $text Operator
Use the $text query operator to perform text searches on a collection with a text index (page 533).
$text will tokenize the search string using whitespace and most punctuation as delimiters, and perform a logical OR
of all such tokens in the search string.
For example, you could use the following query to find all stores containing any terms from the list “coffee”, “shop”,
and “java”:
db.stores.find( { $text: { $search: "java coffee shop" } } )

Exact Phrase
You can also search for exact phrases by wrapping them in double-quotes. For example, the following will find all
documents containing “java” or “coffee shop”:
db.stores.find( { $text: { $search: "java \"coffee shop\"" } } )

Term Exclusion
To exclude a word, you can prepend a “-” character. For example, to find all stores containing “java” or “shop” but
not “coffee”, use the following:
db.stores.find( { $text: { $search: "java shop -coffee" } } )

Sorting
MongoDB will return its results in unsorted order by default. However, text search queries will compute a relevance
score for each document that specifies how well a document matches the query.
To sort the results in order of relevance score, you must explicitly project the $meta textScore field and sort on it:
db.stores.find(
{ $text: { $search: "java coffee shop" } },
{ score: { $meta: "textScore" } }
).sort( { score: { $meta: "textScore" } } )

Text search is also available in the aggregation pipeline.

6.3 Language Support
MongoDB supports text search for various languages. See Text Search Languages (page 245) for a list of supported
languages.

240

Chapter 6. Text Search

MongoDB Documentation, Release 3.2.5

6.3.1 Text Indexes
MongoDB provides text indexes (page 533) to support text search queries on string content. text indexes can include
any field whose value is a string or an array of string elements.
To perform text search queries, you must have a text index on your collection. A collection can only have one text
search index, but that index can cover multiple fields.
For example you can run the following in a mongo shell to allow text search over the name and description
fields:
db.stores.createIndex( { name: "text", description: "text" } )

See the Text Indexes (page 533) section for a full reference on text indexes, including behavior, tokenization, and
properties.

6.3.2 Text Search Operators
On this page
• Query Framework (page 241)
• Aggregation Framework (page 241)

Query Framework
Use the $text query operator to perform text searches on a collection with a text index (page 533).
$text will tokenize the search string using whitespace and most punctuation as delimiters, and perform a logical OR
of all such tokens in the search string.
For example, you could use the following query to find all stores containing any terms from the list “coffee”, “shop”,
and “java”:
db.stores.find( { $text: { $search: "java coffee shop" } } )

Use the $meta query operator to obtain and sort by the relevance score of each matching document. For example, to
order a list of coffee shops in order of relevance, run the following:
db.stores.find(
{ $text: { $search: "coffee shop cake" } },
{ score: { $meta: "textScore" } }
).sort( { score: { $meta: "textScore" } } )

For more information on the $text and $meta operators, including restrictions and behavior, see:
• $text Reference Page
• $text Query Examples
• $meta projection operator
Aggregation Framework
When working with the Aggregation (page 195) framework, use $match with a $text expression to execute a text
search query. To sort the results in order of relevance score,use the $meta aggregation operator in the $sort stage

6.3. Language Support

241

MongoDB Documentation, Release 3.2.5

For more information and examples of text search in the Aggregation (page 195) framework, see Text Search in the
Aggregation Pipeline (page 242).

6.3.3 Text Search in the Aggregation Pipeline
On this page
•
•
•
•
•
•

Restrictions (page 242)
Text Score (page 242)
Calculate the Total Views for Articles that Contains a Word (page 243)
Return Results Sorted by Text Search Score (page 243)
Match on Text Score (page 243)
Specify a Language for Text Search (page 243)

New in version 2.6. In the aggregation pipeline, text search is available via the use of the $text query operator in
the $match stage.
Restrictions
Text search in the aggregation pipeline has the following restrictions:
• The $match stage that includes a $text must be the first stage in the pipeline.
• A text operator can only occur once in the stage.
• The text operator expression cannot appear in $or or $not expressions.
• The text search, by default, does not return the matching documents in order of matching scores. Use the $meta
aggregation expression in the $sort stage.
Text Score
The $text operator assigns a score to each document that contains the search term in the indexed fields. The score
represents the relevance of a document to a given text search query. The score can be part of a $sort pipeline
specification as well as part of the projection expression. The { $meta: "textScore" } expression provides
information on the processing of the $text operation. See $meta aggregation for details on accessing the score for
projection or sort.
The metadata is only available after the $match stage that includes the $text operation.
Examples

The following examples assume a collection articles that has a text index on the field subject:
db.articles.createIndex( { subject: "text" } )
1 The behavior and requirements of the $meta projection operator differ from that of the $meta aggregation operator. For details on the
$meta aggregation operator, see the $meta aggregation operator reference page.

242

Chapter 6. Text Search

MongoDB Documentation, Release 3.2.5

Calculate the Total Views for Articles that Contains a Word
The following aggregation searches for the term cake in the $match stage and calculates the total views for the
matching documents in the $group stage.
db.articles.aggregate(
[
{ $match: { $text: { $search: "cake" } } },
{ $group: { _id: null, views: { $sum: "$views" } } }
]
)

Return Results Sorted by Text Search Score
To sort by the text search score, include a $meta expression in the $sort stage. The following example matches on
either the term cake or tea, sorts by the textScore in descending order, and returns only the title field in the
results set.
db.articles.aggregate(
[
{ $match: { $text: { $search: "cake tea" } } },
{ $sort: { score: { $meta: "textScore" } } },
{ $project: { title: 1, _id: 0 } }
]
)

The specified metadata determines the sort order. For example, the "textScore" metadata sorts in descending
order. See $meta for more information on metadata as well as an example of overriding the default sort order of the
metadata.
Match on Text Score
The "textScore" metadata is available for projections, sorts, and conditions subsequent the $match stage that
includes the $text operation.
The following example matches on either the term cake or tea, projects the title and the score fields, and then
returns only those documents with a score greater than 1.0.
db.articles.aggregate(
[
{ $match: { $text: { $search: "cake tea" } } },
{ $project: { title: 1, _id: 0, score: { $meta: "textScore" } } },
{ $match: { score: { $gt: 1.0 } } }
]
)

Specify a Language for Text Search
The following aggregation searches in spanish for documents that contain the term saber but not the term claro in
the $match stage and calculates the total views for the matching documents in the $group stage.
db.articles.aggregate(
[
{ $match: { $text: { $search: "saber -claro", $language: "es" } } },
{ $group: { _id: null, views: { $sum: "$views" } } }

6.3. Language Support

243

MongoDB Documentation, Release 3.2.5

]
)

6.3.4 Text Search with Basis Technology Rosette Linguistics Platform
On this page
•
•
•
•

Overview (page 244)
Prerequisites (page 244)
Procedure (page 245)
Additional Information (page 245)

Enterprise Feature
Available in MongoDB Enterprise only.

Overview
New in version 3.2.
In addition to the languages supported by text search in MongoDB, MongoDB Enterprise provides support for the following additional languages: Arabic, Farsi (specifically Dari and Iranian Persian dialects), Urdu, Simplified Chinese,
and Traditional Chinese.
To provide support for these six additional languages, MongoDB Enterprise integrates Basis Technology Rosette
Linguistics Platform (RLP) to perform normalization, word breaking, sentence breaking, and stemming or tokenization
depending on the language.
MongoDB Enterprise supports RLP SDK 7.11.1 on Red Hat Enterprise Linux 6.x. For information on providing
support on other platforms, contact your sales representative.
See also:
Text Search Languages (page 245), Specify a Language for Text Index (page 538)
Prerequisites
To use MongoDB with RLP, MongoDB requires a license for the Base Linguistics component of RLP and one or more
languages specified above. MongoDB does not require a license for all six languages listed above.
Support for any of the specified languages is conditional on having a valid RLP license for the language. For instance,
if there is only an RLP license provided for Arabic, then MongoDB will only enable support for Arabic and will
not enable support for any other RLP based languages. For any language which lacks a valid license, the MongoDB
log will contain a warning message. Additionally, you can set the MongoDB log verbosity level to 2 to log debug
messages that identify each supported language.
You do not need the Language Extension Pack as MongoDB does not support these RLP languages at this time.
Contact Basis Technology at info@basistech.com2 to get a copy of RLP and a license for one or more languages. For
more information on how to contact Basis Technology, see http://www.basistech.com/contact/.
2 info@basistech.com

244

Chapter 6. Text Search

MongoDB Documentation, Release 3.2.5

Procedure
Step 1: Download Rosette Linguistics Platform from Basis Technology.

From Basis Technology, obtain the links to download the RLP C++ SDK package file, the documentation package file,
and the license file (rlp-license.xml) for Linux x64. Basis Technology provides the download links in an email.
Using the links, download the RLP C++ SDK package file, the documentation package file, and the license file
(rlp-license.xml) for Linux x64.
Note: These links automatically expire after 30 days.

Step 2: Install the RLP binaries.

Untar the RLP binaries and place them in a directory; this directory is referred to as the installation directory or
BT_ROOT. For this example, we will use /opt/basis as the BT_ROOT.
tar zxvC /opt/basis rlp-7.11.1-sdk-amd64-glibc25-gcc41.tar.gz

Step 3: Move the RLP license into the RLP licenses directory.

Move the RLP license file rlp-license.xml to the /rlp/rlp/licenses directory; in our example, move the file to the /opt/basis/rlp/rlp/licenses/ directory.
mv rlp-license.xml /opt/basis/rlp/rlp/licenses/

Step 4: Run mongod with RLP support.

To enable support for RLP, use the --basisTechRootDirectory option to specify the BT_ROOT directory.
Include any additional settings as appropriate for your deployment.
mongod --basisTechRootDirectory=/opt/basis

Additional Information
For installation help, see the RLP Quick Start manual or Chapter 2 of the Rosette Linguistics Platform Application
Developer’s Guide.
For debugging any RLP specific issues, you can set the rlpVerbose parameter to true (i.e. --setParameter
rlpVerbose=true) to view INFO messages from RLP.
Warning: Enabling rlpVerbose has a performance overhead and should only be enabled for troubleshooting
installation issues.

6.3.5 Text Search Languages
The text index (page 533) and the $text operator supports the following languages:

6.3. Language Support

245

MongoDB Documentation, Release 3.2.5

Changed in version 2.6: MongoDB introduces version 2 of the text search feature. With version 2, text search feature
supports using the two-letter language codes defined in ISO 639-1. Version 1 of text search only supported the long
form of each language name.
Changed in version 3.2: MongoDB Enterprise includes support for Arabic, Farsi (specifically Dari and Iranian Persian
dialects), Urdu, Simplified Chinese, and Traditional Chinese. To support the new languages, the text search feature
uses the three-letter language codes defined in ISO 636-3. To enable support for these languages, see Text Search with
Basis Technology Rosette Linguistics Platform (page 244).
Language Name
danish
dutch
english
finnish
french
german
hungarian
italian
norwegian
portuguese
romanian
russian
spanish
swedish
turkish
arabic
dari
iranian persian
urdu
simplified chinese
or hans
traditional
chinese or hant

ISO 639-1 (Two letter
codes)
da
nl
en
fi
fr
de
hu
it
nb
pt
ro
ru
es
sv
tr

ISO 636-3 (Three letter
codes)

RLP names (Three
letter codes)

ara
prs
pes
urd
zhs
zht

Note: If you specify a language value of "none", then the text search uses simple tokenization with no list of stop
words and no stemming.
See also:
Specify a Language for Text Index (page 538)

246

Chapter 6. Text Search

CHAPTER 7

Data Models

Data in MongoDB has a flexible schema. Collections do not enforce document structure. This flexibility gives you
data-modeling choices to match your application and its performance requirements.
Data Modeling Introduction (page 247) An introduction to data modeling in MongoDB.
Document Validation (page 250) MongoDB provides the capability to validate documents during updates and insertions.
Data Modeling Concepts (page 252) The core documentation detailing the decisions you must make when determining a data model, and discussing considerations that should be taken into account.
Data Model Examples and Patterns (page 258) Examples of possible data models that you can use to structure your
MongoDB documents.
Data Model Reference (page 276) Reference material for data modeling for developers of MongoDB applications.

7.1 Data Modeling Introduction
On this page
•
•
•
•
•

Document Structure (page 247)
Atomicity of Write Operations (page 248)
Document Growth (page 249)
Data Use and Performance (page 249)
Additional Resources (page 249)

Data in MongoDB has a flexible schema. Unlike SQL databases, where you must determine and declare a table’s
schema before inserting data, MongoDB’s collections do not enforce document structure. This flexibility facilitates
the mapping of documents to an entity or an object. Each document can match the data fields of the represented entity,
even if the data has substantial variation. In practice, however, the documents in a collection share a similar structure.
The key challenge in data modeling is balancing the needs of the application, the performance characteristics of the
database engine, and the data retrieval patterns. When designing data models, always consider the application usage
of the data (i.e. queries, updates, and processing of the data) as well as the inherent structure of the data itself.

7.1.1 Document Structure
The key decision in designing data models for MongoDB applications revolves around the structure of documents and
how the application represents relationships between data. There are two tools that allow applications to represent
247

MongoDB Documentation, Release 3.2.5

these relationships: references and embedded documents.
References
References store the relationships between data by including links or references from one document to another. Applications can resolve these references (page 277) to access the related data. Broadly, these are normalized data models.

See Normalized Data Models (page 254) for the strengths and weaknesses of using references.
Embedded Data
Embedded documents capture relationships between data by storing related data in a single document structure. MongoDB documents make it possible to embed document structures in a field or array within a document. These denormalized data models allow applications to retrieve and manipulate related data in a single database operation.
See Embedded Data Models (page 253) for the strengths and weaknesses of embedding documents.

7.1.2 Atomicity of Write Operations
In MongoDB, write operations are atomic at the document level, and no single write operation can atomically affect
more than one document or more than one collection. A denormalized data model with embedded data combines
all related data for a represented entity in a single document. This facilitates atomic write operations since a single
write operation can insert or update the data for an entity. Normalizing the data would split the data across multiple
collections and would require multiple write operations that are not atomic collectively.

248

Chapter 7. Data Models

MongoDB Documentation, Release 3.2.5

However, schemas that facilitate atomic writes may limit ways that applications can use the data or may limit ways to
modify applications. The Atomicity Considerations (page 256) documentation describes the challenge of designing a
schema that balances flexibility and atomicity.

7.1.3 Document Growth
Some updates, such as pushing elements to an array or adding new fields, increase a document’s size.
For the MMAPv1 storage engine, if the document size exceeds the allocated space for that document, MongoDB
relocates the document on disk. When using the MMAPv1 storage engine, growth consideration can affect the decision
to normalize or denormalize data. See Document Growth Considerations (page 255) for more about planning for and
managing document growth for MMAPv1.

7.1.4 Data Use and Performance
When designing a data model, consider how applications will use your database. For instance, if your application
only uses recently inserted documents, consider using Capped Collections (page 6). Or if your application needs are
mainly read operations to a collection, adding indexes to support common queries can improve performance.
See Operational Factors and Data Models (page 255) for more information on these and other operational considerations that affect data model designs.

7.1.5 Additional Resources
• Thinking in Documents Part 1 (Blog Post)1
1 https://www.mongodb.com/blog/post/thinking-documents-part-1?jmp=docs

7.1. Data Modeling Introduction

249

MongoDB Documentation, Release 3.2.5

7.2 Document Validation
On this page
•
•
•
•

Behavior (page 250)
Restrictions (page 252)
Bypass Document Validation (page 252)
Additional Information (page 252)

New in version 3.2.
MongoDB provides the capability to validate documents during updates and insertions. Validation rules are specified
on a per-collection basis using the validator option, which takes a document that specifies the validation rules
or expressions. Specify the expressions using any query operators, with the exception of $near, $nearSphere,
$text, and $where.
Add document validation to an existing collection using the collMod command with the validator option. You
can also specify document validation rules when creating a new collection using db.createCollection() with
the validator option, as in the following:
db.createCollection( "contacts",
{ validator: { $or:
[
{ phone: { $type: "string" } },
{ email: { $regex: /@mongodb\.com$/ } },
{ status: { $in: [ "Unknown", "Incomplete" ] } }
]
}
} )

MongoDB also provides the validationLevel option, which determines how strictly MongoDB applies validation rules to existing documents during an update, and the validationAction option, which determines whether
MongoDB should error and reject documents that violate the validation rules or warn about the violations in the
log but allow invalid documents.

7.2.1 Behavior
Validation occurs during updates and inserts. When you add validation to a collection, existing documents do not
undergo validation checks until modification.
Existing Documents
You can control how MongoDB handles existing documents using the validationLevel option.
By default, validationLevel is strict and MongoDB applies validation rules to all inserts and updates. Setting
validationLevel to moderate applies validation rules to inserts and to updates to existing documents that fulfill
the validation criteria. With the moderate level, updates to existing documents that do not fulfill the validation
criteria are not checked for validity.
Example
Consider the following documents in a contacts collection:

250

Chapter 7. Data Models

MongoDB Documentation, Release 3.2.5

{
"_id": "125876",
"name": "Anne",
"phone": "+1 555 123 456",
"city": "London",
"status": "Complete"
},
{
"_id": "860000",
"name": "Ivan",
"city": "Vancouver"
}

Issue the following command to add a validator to the contacts collection:
db.runCommand( {
collMod: "contacts",
validator: { $or: [ { phone: { $exists: true } }, { email: { $exists: true } } ] },
validationLevel: "moderate"
} )

The contacts collection now has a validator with the moderate validationLevel. If you attempted to update the
document with _id of 125876, MongoDB would apply validation rules since the existing document matches the
criteria. In contrast, MongoDB will not apply validation rules to updates to the document with _id of 860000 as it
does not meet the validation rules.
To disable validation entirely, you can set validationLevel to off.
Accept or Reject Invalid Documents
The validationAction option determines how MongoDB handles documents that violate the validation rules.
By default, validationAction is error and MongoDB rejects any insertion or update that violates the validation
criteria. When validationAction is set to warn, MongoDB logs any violations but allows the insertion or update
to proceed.
Example
The following example creates a contacts collection with a validator that specifies that inserted or updated documents should match at least one of three following conditions:
• the phone field is a string
• the email field matches the regular expression
• the status field is either Unknown or Incomplete.
db.createCollection( "contacts",
{
validator: { $or:
[
{ phone: { $type: "string" } },
{ email: { $regex: /@mongodb\.com$/ } },
{ status: { $in: [ "Unknown", "Incomplete" ] } }
]
},
validationAction: "warn"
}
)

7.2. Document Validation

251

MongoDB Documentation, Release 3.2.5

With the validator in place, the following insert operation fails the validation rules, but since the
validationAction is warn, the write operation logs the failure and succeeds.
db.contacts.insert( { name: "Amanda", status: "Updated" } )

The log includes the full namespace of the collection and the document that failed the validation rules, as well as the
time of the operation:
2015-10-15T11:20:44.260-0400 W STORAGE

[conn3] Document would fail validation collection: example.co

7.2.2 Restrictions
You cannot specify a validator for collections in the admin, local, and config databases.
You cannot specify a validator for system.* collections.

7.2.3 Bypass Document Validation
User can bypass document validation using the bypassDocumentValidation option. For a list of commands
that support the bypassDocumentValidation option, see Document Validation (page 890).
For deployments that have enabled access control, to bypass document validation, the authenticated user must have
bypassDocumentValidation (page 501) action. The built-in roles dbAdmin (page 487) and restore
(page 492) provide this action.

7.2.4 Additional Information
See also:
collMod, db.createCollection(), db.getCollectionInfos().

7.3 Data Modeling Concepts
Consider the following aspects of data modeling in MongoDB:
Data Model Design (page 252) Presents the different strategies that you can choose from when determining your data
model, their strengths and their weaknesses.
Operational Factors and Data Models (page 255) Details features you should keep in mind when designing your
data model, such as lifecycle management, indexing, horizontal scalability, and document growth.
For a general introduction to data modeling in MongoDB, see the Data Modeling Introduction (page 247). For example
data models, see Data Modeling Examples and Patterns (page 258).

7.3.1 Data Model Design
On this page
• Embedded Data Models (page 253)
• Normalized Data Models (page 254)
• Additional Resources (page 254)

252

Chapter 7. Data Models

MongoDB Documentation, Release 3.2.5

Effective data models support your application needs. The key consideration for the structure of your documents is
the decision to embed (page 253) or to use references (page 254).
Embedded Data Models
With MongoDB, you may embed related data in a single structure or document. These schema are generally known
as “denormalized” models, and take advantage of MongoDB’s rich documents. Consider the following diagram:

Embedded data models allow applications to store related pieces of information in the same database record. As a
result, applications may need to issue fewer queries and updates to complete common operations.
In general, use embedded data models when:
• you have “contains” relationships between entities. See Model One-to-One Relationships with Embedded Documents (page 259).
• you have one-to-many relationships between entities. In these relationships the “many” or child documents
always appear with or are viewed in the context of the “one” or parent documents. See Model One-to-Many
Relationships with Embedded Documents (page 260).
In general, embedding provides better performance for read operations, as well as the ability to request and retrieve
related data in a single database operation. Embedded data models make it possible to update related data in a single
atomic write operation.
However, embedding related data in documents may lead to situations where documents grow after creation. With the
MMAPv1 storage engine, document growth can impact write performance and lead to data fragmentation.
In version 3.0.0, MongoDB uses Power of 2 Sized Allocations (page 604) as the default allocation strategy for
MMAPv1 in order to account for document growth, minimizing the likelihood of data fragmentation. See Power of 2
Sized Allocations (page 604) for details. Furthermore, documents in MongoDB must be smaller than the maximum
BSON document size. For bulk binary data, consider GridFS (page 611).

7.3. Data Modeling Concepts

253

MongoDB Documentation, Release 3.2.5

To interact with embedded documents, use dot notation to “reach into” embedded documents. See query for data in
arrays (page 143) and query data in embedded documents (page 142) for more examples on accessing data in arrays
and embedded documents.
Normalized Data Models
Normalized data models describe relationships using references (page 277) between documents.

In general, use normalized data models:
• when embedding would result in duplication of data but would not provide sufficient read performance advantages to outweigh the implications of the duplication.
• to represent more complex many-to-many relationships.
• to model large hierarchical data sets.
References provides more flexibility than embedding. However, client-side applications must issue follow-up queries
to resolve the references. In other words, normalized data models can require more round trips to the server.
See Model One-to-Many Relationships with Document References (page 261) for an example of referencing. For
examples of various tree models using references, see Model Tree Structures (page 263).
Additional Resources
• Thinking in Documents Part 1 (Blog Post)2
• Thinking in Documents (Presentation)3
2 https://www.mongodb.com/blog/post/thinking-documents-part-1?jmp=docs
3 http://www.mongodb.com/presentations/webinar-back-basics-1-thinking-documents?jmp=docs

254

Chapter 7. Data Models

MongoDB Documentation, Release 3.2.5

• Schema Design for Time Series Data (Presentation)4
• Socialite, the Open Source Status Feed - Storing a Social Graph (Presentation)5
• MongoDB Rapid Start Consultation Services6

7.3.2 Operational Factors and Data Models
On this page
•
•
•
•
•
•
•
•

Document Growth (page 255)
Atomicity (page 256)
Sharding (page 256)
Indexes (page 256)
Large Number of Collections (page 256)
Collection Contains Large Number of Small Documents (page 257)
Storage Optimization for Small Documents (page 257)
Data Lifecycle Management (page 258)

Modeling application data for MongoDB depends on both the data itself, as well as the characteristics of MongoDB
itself. For example, different data models may allow applications to use more efficient queries, increase the throughput
of insert and update operations, or distribute activity to a sharded cluster more effectively.
These factors are operational or address requirements that arise outside of the application but impact the performance
of MongoDB based applications. When developing a data model, analyze all of your application’s read operations
(page 100) and write operations (page 114) in conjunction with the following considerations.
Document Growth
Changed in version 3.0.0.
Some updates to documents can increase the size of documents. These updates include pushing elements to an array
(i.e. $push) and adding new fields to a document.
When using the MMAPv1 storage engine, document growth can be a consideration for your data model. For
MMAPv1, if the document size exceeds the allocated space for that document, MongoDB will relocate the document
on disk. With MongoDB 3.0.0, however, the default use of the Power of 2 Sized Allocations (page 604) minimizes the
occurrences of such re-allocations as well as allows for the effective reuse of the freed record space.
When using MMAPv1, if your applications require updates that will frequently cause document growth to exceeds
the current power of 2 allocation, you may want to refactor your data model to use references between data in distinct
documents rather than a denormalized data model.
You may also use a pre-allocation strategy to explicitly avoid document growth. Refer to the Pre-Aggregated Reports
Use Case7 for an example of the pre-allocation approach to handling document growth.
See MMAPv1 Storage Engine (page 603) for more information on MMAPv1.
4 http://www.mongodb.com/presentations/webinar-time-series-data-mongodb?jmp=docs
5 http://www.mongodb.com/presentations/socialite-open-source-status-feed-part-2-managing-social-graph?jmp=docs
6 https://www.mongodb.com/products/consulting?jmp=docs#rapid_start
7 https://docs.mongodb.org/ecosystem/use-cases/pre-aggregated-reports

7.3. Data Modeling Concepts

255

MongoDB Documentation, Release 3.2.5

Atomicity
In MongoDB, operations are atomic at the document level. No single write operation can change more than one
document. Operations that modify more than a single document in a collection still operate on one document at a time.
8
Ensure that your application stores all fields with atomic dependency requirements in the same document. If the
application can tolerate non-atomic updates for two pieces of data, you can store these data in separate documents.
A data model that embeds related data in a single document facilitates these kinds of atomic operations. For data models that store references between related pieces of data, the application must issue separate read and write operations
to retrieve and modify these related pieces of data.
See Model Data for Atomic Operations (page 272) for an example data model that provides atomic updates for a single
document.
Sharding
MongoDB uses sharding to provide horizontal scaling. These clusters support deployments with large data sets and
high-throughput operations. Sharding allows users to partition a collection within a database to distribute the collection’s documents across a number of mongod instances or shards.
To distribute data and application traffic in a sharded collection, MongoDB uses the shard key (page 747). Selecting
the proper shard key (page 747) has significant implications for performance, and can enable or prevent query isolation
and increased write capacity. It is important to consider carefully the field or fields to use as the shard key.
See Sharding Introduction (page 733) and Shard Keys (page 747) for more information.
Indexes
Use indexes to improve performance for common queries. Build indexes on fields that appear often in queries and for
all operations that return sorted results. MongoDB automatically creates a unique index on the _id field.
As you create indexes, consider the following behaviors of indexes:
• Each index requires at least 8 kB of data space.
• Adding an index has some negative performance impact for write operations. For collections with high writeto-read ratio, indexes are expensive since each insert must also update any indexes.
• Collections with high read-to-write ratio often benefit from additional indexes. Indexes do not affect un-indexed
read operations.
• When active, each index consumes disk space and memory. This usage can be significant and should be tracked
for capacity planning, especially for concerns over working set size.
See Indexing Strategies (page 586) for more information on indexes as well as Analyze Query Performance (page 159).
Additionally, the MongoDB database profiler (page 326) may help identify inefficient queries.
Large Number of Collections
In certain situations, you might choose to store related information in several collections rather than in a single collection.
Consider a sample collection logs that stores log documents for various environment and applications. The logs
collection contains documents of the following form:
8 Document-level atomic operations include all operations within a single MongoDB document record: operations that affect multiple embedded
documents within that single record are still atomic.

256

Chapter 7. Data Models

MongoDB Documentation, Release 3.2.5

{ log: "dev", ts: ..., info: ... }
{ log: "debug", ts: ..., info: ...}

If the total number of documents is low, you may group documents into collection by type. For logs, consider maintaining distinct log collections, such as logs_dev and logs_debug. The logs_dev collection would contain
only the documents related to the dev environment.
Generally, having a large number of collections has no significant performance penalty and results in very good
performance. Distinct collections are very important for high-throughput batch processing.
When using models that have a large number of collections, consider the following behaviors:
• Each collection has a certain minimum overhead of a few kilobytes.
• Each index, including the index on _id, requires at least 8 kB of data space.
• For each database, a single namespace file (i.e. .ns) stores all meta-data for that database, and
each index and collection has its own entry in the namespace file. MongoDB places limits on the size
of namespace files.
• MongoDB using the mmapv1 storage engine has limits on the number of namespaces. You may
wish to know the current number of namespaces in order to determine how many additional namespaces the
database can support. To get the current number of namespaces, run the following in the mongo shell:
db.system.namespaces.count()

The limit on the number of namespaces depend on the .ns size. The namespace file defaults to
16 MB.
To change the size of the new namespace file, start the server with the option --nssize .
For existing databases, after starting up the server with --nssize, run the db.repairDatabase() command from the mongo shell. For impacts and considerations on running db.repairDatabase(), see
repairDatabase.
Collection Contains Large Number of Small Documents
You should consider embedding for performance reasons if you have a collection with a large number of small documents. If you can group these small documents by some logical relationship and you frequently retrieve the documents
by this grouping, you might consider “rolling-up” the small documents into larger documents that contain an array of
embedded documents.
“Rolling up” these small documents into logical groupings means that queries to retrieve a group of documents involve
sequential reads and fewer random disk accesses. Additionally, “rolling up” documents and moving common fields
to the larger document benefit the index on these fields. There would be fewer copies of the common fields and there
would be fewer associated key entries in the corresponding index. See Indexes (page 515) for more information on
indexes.
However, if you often only need to retrieve a subset of the documents within the group, then “rolling-up” the documents
may not provide better performance. Furthermore, if small, separate documents represent the natural model for the
data, you should maintain that model.
Storage Optimization for Small Documents
Each MongoDB document contains a certain amount of overhead. This overhead is normally insignificant but becomes
significant if all documents are just a few bytes, as might be the case if the documents in your collection only have one
or two fields.
Consider the following suggestions and strategies for optimizing storage utilization for these collections:

7.3. Data Modeling Concepts

257

MongoDB Documentation, Release 3.2.5

• Use the _id field explicitly.
MongoDB clients automatically add an _id field to each document and generate a unique 12-byte ObjectId for
the _id field. Furthermore, MongoDB always indexes the _id field. For smaller documents this may account
for a significant amount of space.
To optimize storage use, users can specify a value for the _id field explicitly when inserting documents into the
collection. This strategy allows applications to store a value in the _id field that would have occupied space in
another portion of the document.
You can store any value in the _id field, but because this value serves as a primary key for documents in the
collection, it must uniquely identify them. If the field’s value is not unique, then it cannot serve as a primary key
as there would be collisions in the collection.
• Use shorter field names.
Note: Shortening field names reduces expressiveness and does not provide considerable benefit for larger
documents and where document overhead is not of significant concern. Shorter field names do not reduce the
size of indexes, because indexes have a predefined structure.
In general, it is not necessary to use short field names.
MongoDB stores all field names in every document. For most documents, this represents a small fraction of the
space used by a document; however, for small documents the field names may represent a proportionally large
amount of space. Consider a collection of small documents that resemble the following:
{ last_name : "Smith", best_score: 3.9 }

If you shorten the field named last_name to lname and the field named best_score to score, as follows,
you could save 9 bytes per document.
{ lname : "Smith", score : 3.9 }

• Embed documents.
In some cases you may want to embed documents in other documents and save on the per-document overhead.
See Collection Contains Large Number of Small Documents (page 257).
Data Lifecycle Management
Data modeling decisions should take data lifecycle management into consideration.
The Time to Live or TTL feature (page 567) of collections expires documents after a period of time. Consider using
the TTL feature if your application requires some data to persist in the database for a limited period of time.
Additionally, if your application only uses recently inserted documents, consider Capped Collections (page 6). Capped
collections provide first-in-first-out (FIFO) management of inserted documents and efficiently support operations that
insert and read documents based on insertion order.

7.4 Data Model Examples and Patterns
The following documents provide overviews of various data modeling patterns and common schema design considerations:
Model Relationships Between Documents (page 259) Examples for modeling relationships between documents.
Model One-to-One Relationships with Embedded Documents (page 259) Presents a data model that uses embedded documents (page 253) to describe one-to-one relationships between connected data.
258

Chapter 7. Data Models

MongoDB Documentation, Release 3.2.5

Model One-to-Many Relationships with Embedded Documents (page 260) Presents a data model that uses
embedded documents (page 253) to describe one-to-many relationships between connected data.
Model One-to-Many Relationships with Document References (page 261) Presents a data model that uses
references (page 254) to describe one-to-many relationships between documents.
Model Tree Structures (page 263) Examples for modeling tree structures.
Model Tree Structures with Parent References (page 264) Presents a data model that organizes documents in
a tree-like structure by storing references (page 254) to “parent” nodes in “child” nodes.
Model Tree Structures with Child References (page 266) Presents a data model that organizes documents in a
tree-like structure by storing references (page 254) to “child” nodes in “parent” nodes.
See Model Tree Structures (page 263) for additional examples of data models for tree structures.
Model Specific Application Contexts (page 272) Examples for models for specific application contexts.
Model Data for Atomic Operations (page 272) Illustrates how embedding fields related to an atomic update
within the same document ensures that the fields are in sync.
Model Data to Support Keyword Search (page 273) Describes one method for supporting keyword search by
storing keywords in an array in the same document as the text field. Combined with a multi-key index, this
pattern can support application’s keyword search operations.

7.4.1 Model Relationships Between Documents
Model One-to-One Relationships with Embedded Documents (page 259) Presents a data model that uses embedded
documents (page 253) to describe one-to-one relationships between connected data.
Model One-to-Many Relationships with Embedded Documents (page 260) Presents a data model that uses embedded documents (page 253) to describe one-to-many relationships between connected data.
Model One-to-Many Relationships with Document References (page 261) Presents a data model that uses references (page 254) to describe one-to-many relationships between documents.
Model One-to-One Relationships with Embedded Documents

On this page
• Overview (page 259)
• Pattern (page 260)

Overview

Data in MongoDB has a flexible schema. Collections do not enforce document structure. Decisions that affect how
you model data can affect application performance and database capacity. See Data Modeling Concepts (page 252)
for a full high level overview of data modeling in MongoDB.
This document describes a data model that uses embedded (page 253) documents to describe relationships between
connected data.

7.4. Data Model Examples and Patterns

259

MongoDB Documentation, Release 3.2.5

Pattern

Consider the following example that maps patron and address relationships. The example illustrates the advantage of
embedding over referencing if you need to view one data entity in context of the other. In this one-to-one relationship
between patron and address data, the address belongs to the patron.
In the normalized data model, the address document contains a reference to the patron document.
{
_id: "joe",
name: "Joe Bookreader"
}
{
patron_id: "joe",
street: "123 Fake Street",
city: "Faketon",
state: "MA",
zip: "12345"
}

If the address data is frequently retrieved with the name information, then with referencing, your application needs
to issue multiple queries to resolve the reference. The better data model would be to embed the address data in the
patron data, as in the following document:
{
_id: "joe",
name: "Joe Bookreader",
address: {
street: "123 Fake Street",
city: "Faketon",
state: "MA",
zip: "12345"
}
}

With the embedded data model, your application can retrieve the complete patron information with one query.
Model One-to-Many Relationships with Embedded Documents

On this page
• Overview (page 260)
• Pattern (page 261)

Overview

260

Chapter 7. Data Models

MongoDB Documentation, Release 3.2.5

Pattern

Consider the following example that maps patron and multiple address relationships. The example illustrates the
advantage of embedding over referencing if you need to view many data entities in context of another. In this one-tomany relationship between patron and address data, the patron has multiple address entities.
In the normalized data model, the address documents contain a reference to the patron document.
{
_id: "joe",
name: "Joe Bookreader"
}
{
patron_id: "joe",
street: "123 Fake Street",
city: "Faketon",
state: "MA",
zip: "12345"
}
{
patron_id: "joe",
street: "1 Some Other Street",
city: "Boston",
state: "MA",
zip: "12345"
}

If your application frequently retrieves the address data with the name information, then your application needs
to issue multiple queries to resolve the references. A more optimal schema would be to embed the address data
entities in the patron data, as in the following document:
{
_id: "joe",
name: "Joe Bookreader",
addresses: [
{
street: "123 Fake Street",
city: "Faketon",
state: "MA",
zip: "12345"
},
{
street: "1 Some Other Street",
city: "Boston",
state: "MA",
zip: "12345"
}
]
}

With the embedded data model, your application can retrieve the complete patron information with one query.
Model One-to-Many Relationships with Document References

7.4. Data Model Examples and Patterns

261

MongoDB Documentation, Release 3.2.5

On this page
• Overview (page 262)
• Pattern (page 262)

Overview

Data in MongoDB has a flexible schema. Collections do not enforce document structure. Decisions that affect how
you model data can affect application performance and database capacity. See Data Modeling Concepts (page 252)
for a full high level overview of data modeling in MongoDB.
This document describes a data model that uses references (page 254) between documents to describe relationships
between connected data.
Pattern

Consider the following example that maps publisher and book relationships. The example illustrates the advantage of
referencing over embedding to avoid repetition of the publisher information.
Embedding the publisher document inside the book document would lead to repetition of the publisher data, as the
following documents show:
{
title: "MongoDB: The Definitive Guide",
author: [ "Kristina Chodorow", "Mike Dirolf" ],
published_date: ISODate("2010-09-24"),
pages: 216,
language: "English",
publisher: {
name: "O'Reilly Media",
founded: 1980,
location: "CA"
}
}
{
title: "50 Tips and Tricks for MongoDB Developer",
author: "Kristina Chodorow",
published_date: ISODate("2011-05-06"),
pages: 68,
language: "English",
publisher: {
name: "O'Reilly Media",
founded: 1980,
location: "CA"
}
}

To avoid repetition of the publisher data, use references and keep the publisher information in a separate collection
from the book collection.
When using references, the growth of the relationships determine where to store the reference. If the number of books
per publisher is small with limited growth, storing the book reference inside the publisher document may sometimes
be useful. Otherwise, if the number of books per publisher is unbounded, this data model would lead to mutable,
growing arrays, as in the following example:

262

Chapter 7. Data Models

MongoDB Documentation, Release 3.2.5

{
name: "O'Reilly Media",
founded: 1980,
location: "CA",
books: [12346789, 234567890, ...]
}
{
_id: 123456789,
title: "MongoDB: The Definitive Guide",
author: [ "Kristina Chodorow", "Mike Dirolf" ],
published_date: ISODate("2010-09-24"),
pages: 216,
language: "English"
}
{
_id: 234567890,
title: "50 Tips and Tricks for MongoDB Developer",
author: "Kristina Chodorow",
published_date: ISODate("2011-05-06"),
pages: 68,
language: "English"
}

To avoid mutable, growing arrays, store the publisher reference inside the book document:
{
_id: "oreilly",
name: "O'Reilly Media",
founded: 1980,
location: "CA"
}
{
_id: 123456789,
title: "MongoDB: The Definitive Guide",
author: [ "Kristina Chodorow", "Mike Dirolf" ],
published_date: ISODate("2010-09-24"),
pages: 216,
language: "English",
publisher_id: "oreilly"
}
{
_id: 234567890,
title: "50 Tips and Tricks for MongoDB Developer",
author: "Kristina Chodorow",
published_date: ISODate("2011-05-06"),
pages: 68,
language: "English",
publisher_id: "oreilly"
}

7.4.2 Model Tree Structures
MongoDB allows various ways to use tree data structures to model large hierarchical or nested data relationships.

7.4. Data Model Examples and Patterns

263

MongoDB Documentation, Release 3.2.5

Model Tree Structures with Parent References (page 264) Presents a data model that organizes documents in a treelike structure by storing references (page 254) to “parent” nodes in “child” nodes.
Model Tree Structures with Child References (page 266) Presents a data model that organizes documents in a treelike structure by storing references (page 254) to “child” nodes in “parent” nodes.
Model Tree Structures with an Array of Ancestors (page 267) Presents a data model that organizes documents in a
tree-like structure by storing references (page 254) to “parent” nodes and an array that stores all ancestors.
Model Tree Structures with Materialized Paths (page 269) Presents a data model that organizes documents in a treelike structure by storing full relationship paths between documents. In addition to the tree node, each document
stores the _id of the nodes ancestors or path as a string.
Model Tree Structures with Nested Sets (page 270) Presents a data model that organizes documents in a tree-like
structure using the Nested Sets pattern. This optimizes discovering subtrees at the expense of tree mutability.
Model Tree Structures with Parent References

On this page
• Overview (page 265)
• Pattern (page 265)

264

Chapter 7. Data Models

MongoDB Documentation, Release 3.2.5

Overview

Data in MongoDB has a flexible schema. Collections do not enforce document structure. Decisions that affect how
you model data can affect application performance and database capacity. See Data Modeling Concepts (page 252)
for a full high level overview of data modeling in MongoDB.
This document describes a data model that describes a tree-like structure in MongoDB documents by storing references
(page 254) to “parent” nodes in children nodes.
Pattern

The Parent References pattern stores each tree node in a document; in addition to the tree node, the document stores
the id of the node’s parent.
Consider the following hierarchy of categories:

The following example models the tree using Parent References, storing the reference to the parent category in the
field parent:
db.categories.insert(
db.categories.insert(
db.categories.insert(
db.categories.insert(
db.categories.insert(
db.categories.insert(

{
{
{
{
{
{

_id:
_id:
_id:
_id:
_id:
_id:

"MongoDB", parent: "Databases" } )
"dbm", parent: "Databases" } )
"Databases", parent: "Programming" } )
"Languages", parent: "Programming" } )
"Programming", parent: "Books" } )
"Books", parent: null } )

7.4. Data Model Examples and Patterns

265

MongoDB Documentation, Release 3.2.5

• The query to retrieve the parent of a node is fast and straightforward:
db.categories.findOne( { _id: "MongoDB" } ).parent

• You can create an index on the field parent to enable fast search by the parent node:
db.categories.createIndex( { parent: 1 } )

• You can query by the parent field to find its immediate children nodes:
db.categories.find( { parent: "Databases" } )

The Parent Links pattern provides a simple solution to tree storage but requires multiple queries to retrieve subtrees.
Model Tree Structures with Child References

On this page
• Overview (page 266)
• Pattern (page 266)

Overview

Data in MongoDB has a flexible schema. Collections do not enforce document structure. Decisions that affect how
you model data can affect application performance and database capacity. See Data Modeling Concepts (page 252)
for a full high level overview of data modeling in MongoDB.
This document describes a data model that describes a tree-like structure in MongoDB documents by storing references
(page 254) in the parent-nodes to children nodes.
Pattern

The Child References pattern stores each tree node in a document; in addition to the tree node, document stores in an
array the id(s) of the node’s children.
Consider the following hierarchy of categories:
The following example models the tree using Child References, storing the reference to the node’s children in the field
children:
db.categories.insert(
db.categories.insert(
db.categories.insert(
db.categories.insert(
db.categories.insert(
db.categories.insert(

{
{
{
{
{
{

_id:
_id:
_id:
_id:
_id:
_id:

"MongoDB", children: [] } )
"dbm", children: [] } )
"Databases", children: [ "MongoDB", "dbm" ] } )
"Languages", children: [] } )
"Programming", children: [ "Databases", "Languages" ] } )
"Books", children: [ "Programming" ] } )

• The query to retrieve the immediate children of a node is fast and straightforward:
db.categories.findOne( { _id: "Databases" } ).children

• You can create an index on the field children to enable fast search by the child nodes:
db.categories.createIndex( { children: 1 } )

266

Chapter 7. Data Models

MongoDB Documentation, Release 3.2.5

• You can query for a node in the children field to find its parent node as well as its siblings:
db.categories.find( { children: "MongoDB" } )

The Child References pattern provides a suitable solution to tree storage as long as no operations on subtrees are
necessary. This pattern may also provide a suitable solution for storing graphs where a node may have multiple
parents.
Model Tree Structures with an Array of Ancestors

On this page
• Overview (page 267)
• Pattern (page 268)

Overview

Data in MongoDB has a flexible schema. Collections do not enforce document structure. Decisions that affect how
you model data can affect application performance and database capacity. See Data Modeling Concepts (page 252)
for a full high level overview of data modeling in MongoDB.
This document describes a data model that describes a tree-like structure in MongoDB documents using references
(page 254) to parent nodes and an array that stores all ancestors.

7.4. Data Model Examples and Patterns

267

MongoDB Documentation, Release 3.2.5

Pattern

The Array of Ancestors pattern stores each tree node in a document; in addition to the tree node, document stores in
an array the id(s) of the node’s ancestors or path.
Consider the following hierarchy of categories:

The following example models the tree using Array of Ancestors. In addition to the ancestors field, these documents also store the reference to the immediate parent category in the parent field:
db.categories.insert(
db.categories.insert(
db.categories.insert(
db.categories.insert(
db.categories.insert(
db.categories.insert(

{
{
{
{
{
{

_id:
_id:
_id:
_id:
_id:
_id:

"MongoDB", ancestors: [ "Books", "Programming", "Databases" ], parent: "
"dbm", ancestors: [ "Books", "Programming", "Databases" ], parent: "Data
"Databases", ancestors: [ "Books", "Programming" ], parent: "Programming
"Languages", ancestors: [ "Books", "Programming" ], parent: "Programming
"Programming", ancestors: [ "Books" ], parent: "Books" } )
"Books", ancestors: [ ], parent: null } )

• The query to retrieve the ancestors or path of a node is fast and straightforward:
db.categories.findOne( { _id: "MongoDB" } ).ancestors

• You can create an index on the field ancestors to enable fast search by the ancestors nodes:
db.categories.createIndex( { ancestors: 1 } )

• You can query by the field ancestors to find all its descendants:

268

Chapter 7. Data Models

MongoDB Documentation, Release 3.2.5

db.categories.find( { ancestors: "Programming" } )

The Array of Ancestors pattern provides a fast and efficient solution to find the descendants and the ancestors of a node
by creating an index on the elements of the ancestors field. This makes Array of Ancestors a good choice for working
with subtrees.
The Array of Ancestors pattern is slightly slower than the Materialized Paths (page 269) pattern but is more straightforward to use.
Model Tree Structures with Materialized Paths

On this page
• Overview (page 269)
• Pattern (page 269)

Overview

Data in MongoDB has a flexible schema. Collections do not enforce document structure. Decisions that affect how
you model data can affect application performance and database capacity. See Data Modeling Concepts (page 252)
for a full high level overview of data modeling in MongoDB.
This document describes a data model that describes a tree-like structure in MongoDB documents by storing full
relationship paths between documents.
Pattern

The Materialized Paths pattern stores each tree node in a document; in addition to the tree node, document stores as
a string the id(s) of the node’s ancestors or path. Although the Materialized Paths pattern requires additional steps of
working with strings and regular expressions, the pattern also provides more flexibility in working with the path, such
as finding nodes by partial paths.
Consider the following hierarchy of categories:
The following example models the tree using Materialized Paths, storing the path in the field path; the path string
uses the comma , as a delimiter:
db.categories.insert(
db.categories.insert(
db.categories.insert(
db.categories.insert(
db.categories.insert(
db.categories.insert(

{
{
{
{
{
{

_id:
_id:
_id:
_id:
_id:
_id:

"Books", path: null } )
"Programming", path: ",Books," } )
"Databases", path: ",Books,Programming," } )
"Languages", path: ",Books,Programming," } )
"MongoDB", path: ",Books,Programming,Databases," } )
"dbm", path: ",Books,Programming,Databases," } )

• You can query to retrieve the whole tree, sorting by the field path:
db.categories.find().sort( { path: 1 } )

• You can use regular expressions on the path field to find the descendants of Programming:
db.categories.find( { path: /,Programming,/ } )

• You can also retrieve the descendants of Books where the Books is also at the topmost level of the hierarchy:

7.4. Data Model Examples and Patterns

269

MongoDB Documentation, Release 3.2.5

db.categories.find( { path: /^,Books,/ } )

• To create an index on the field path use the following invocation:
db.categories.createIndex( { path: 1 } )

This index may improve performance depending on the query:
– For queries from the root Books sub-tree (e.g. https://docs.mongodb.org/manual/^,Books,/
or https://docs.mongodb.org/manual/^,Books,Programming,/), an index on the path
field improves the query performance significantly.
– For queries of sub-trees where the path from the root is not provided in the query (e.g.
https://docs.mongodb.org/manual/,Databases,/), or similar queries of sub-trees, where
the node might be in the middle of the indexed string, the query must inspect the entire index.
For these queries an index may provide some performance improvement if the index is significantly smaller
than the entire collection.
Model Tree Structures with Nested Sets

On this page
• Overview (page 271)
• Pattern (page 271)

270

Chapter 7. Data Models

MongoDB Documentation, Release 3.2.5

Overview

Data in MongoDB has a flexible schema. Collections do not enforce document structure. Decisions that affect how
you model data can affect application performance and database capacity. See Data Modeling Concepts (page 252)
for a full high level overview of data modeling in MongoDB.
This document describes a data model that describes a tree like structure that optimizes discovering subtrees at the
expense of tree mutability.
Pattern

The Nested Sets pattern identifies each node in the tree as stops in a round-trip traversal of the tree. The application
visits each node in the tree twice; first during the initial trip, and second during the return trip. The Nested Sets pattern
stores each tree node in a document; in addition to the tree node, document stores the id of node’s parent, the node’s
initial stop in the left field, and its return stop in the right field.
Consider the following hierarchy of categories:

The following example models the tree using Nested Sets:
db.categories.insert(
db.categories.insert(
db.categories.insert(
db.categories.insert(
db.categories.insert(
db.categories.insert(

{
{
{
{
{
{

_id:
_id:
_id:
_id:
_id:
_id:

"Books", parent: 0, left: 1, right: 12 } )
"Programming", parent: "Books", left: 2, right: 11 } )
"Languages", parent: "Programming", left: 3, right: 4 } )
"Databases", parent: "Programming", left: 5, right: 10 } )
"MongoDB", parent: "Databases", left: 6, right: 7 } )
"dbm", parent: "Databases", left: 8, right: 9 } )

You can query to retrieve the descendants of a node:
var databaseCategory = db.categories.findOne( { _id: "Databases" } );
db.categories.find( { left: { $gt: databaseCategory.left }, right: { $lt: databaseCategory.right } }

7.4. Data Model Examples and Patterns

271

MongoDB Documentation, Release 3.2.5

The Nested Sets pattern provides a fast and efficient solution for finding subtrees but is inefficient for modifying the
tree structure. As such, this pattern is best for static trees that do not change.

7.4.3 Model Specific Application Contexts
Model Data for Atomic Operations (page 272) Illustrates how embedding fields related to an atomic update within
the same document ensures that the fields are in sync.
Model Data to Support Keyword Search (page 273) Describes one method for supporting keyword search by storing
keywords in an array in the same document as the text field. Combined with a multi-key index, this pattern can
support application’s keyword search operations.
Model Monetary Data (page 274) Describes two methods to model monetary data in MongoDB.
Model Time Data (page 276) Describes how to deal with local time in MongoDB.
Model Data for Atomic Operations

On this page
• Pattern (page 272)

Pattern

In MongoDB, write operations, e.g. db.collection.update(), db.collection.findAndModify(),
db.collection.remove(), are atomic on the level of a single document. For fields that must be updated together, embedding the fields within the same document ensures that the fields can be updated atomically.
For example, consider a situation where you need to maintain information on books, including the number of copies
available for checkout as well as the current checkout information.
The available copies of the book and the checkout information should be in sync. As such, embedding the
available field and the checkout field within the same document ensures that you can update the two fields
atomically.
{
_id: 123456789,
title: "MongoDB: The Definitive Guide",
author: [ "Kristina Chodorow", "Mike Dirolf" ],
published_date: ISODate("2010-09-24"),
pages: 216,
language: "English",
publisher_id: "oreilly",
available: 3,
checkout: [ { by: "joe", date: ISODate("2012-10-15") } ]
}

Then to update with new checkout information, you can use the db.collection.update() method to atomically
update both the available field and the checkout field:
db.books.update (
{ _id: 123456789, available: { $gt: 0 } },
{
$inc: { available: -1 },

272

Chapter 7. Data Models

MongoDB Documentation, Release 3.2.5

$push: { checkout: { by: "abc", date: new Date() } }
}
)

The operation returns a WriteResult() object that contains information on the status of the operation:
WriteResult({ "nMatched" : 1, "nUpserted" : 0, "nModified" : 1 })

The nMatched field shows that 1 document matched the update condition, and nModified shows that the operation
updated 1 document.
If no document matched the update condition, then nMatched and nModified would be 0 and would indicate that
you could not check out the book.
Model Data to Support Keyword Search

On this page
• Pattern (page 273)
• Limitations of Keyword Indexes (page 274)

Note: Keyword search is not the same as text search or full text search, and does not provide stemming or other
text-processing features. See the Limitations of Keyword Indexes (page 274) section for more information.
In 2.4, MongoDB provides a text search feature. See Text Indexes (page 533) for more information.
If your application needs to perform queries on the content of a field that holds text you can perform exact matches
on the text or use $regex to use regular expression pattern matches. However, for many operations on text, these
methods do not satisfy application requirements.
This pattern describes one method for supporting keyword search using MongoDB to support application search
functionality, that uses keywords stored in an array in the same document as the text field. Combined with a multi-key
index (page 525), this pattern can support application’s keyword search operations.
Pattern

To add structures to your document to support keyword-based queries, create an array field in your documents and add
the keywords as strings in the array. You can then create a multi-key index (page 525) on the array and create queries
that select values from the array.
Example
Given a collection of library volumes that you want to provide topic-based search. For each volume, you add the array
topics, and you add as many keywords as needed for a given volume.
For the Moby-Dick volume you might have the following document:
{ title : "Moby-Dick" ,
author : "Herman Melville" ,
published : 1851 ,
ISBN : 0451526996 ,
topics : [ "whaling" , "allegory" , "revenge" , "American" ,
"novel" , "nautical" , "voyage" , "Cape Cod" ]
}

7.4. Data Model Examples and Patterns

273

MongoDB Documentation, Release 3.2.5

You then create a multi-key index on the topics array:
db.volumes.createIndex( { topics: 1 } )

The multi-key index creates separate index entries for each keyword in the topics array. For example the index
contains one entry for whaling and another for allegory.
You then query based on the keywords. For example:
db.volumes.findOne( { topics : "voyage" }, { title: 1 } )

Note: An array with a large number of elements, such as one with several hundreds or thousands of keywords will
incur greater indexing costs on insertion.

Limitations of Keyword Indexes

MongoDB can support keyword searches using specific data models and multi-key indexes (page 525); however, these
keyword indexes are not sufficient or comparable to full-text products in the following respects:
• Stemming. Keyword queries in MongoDB can not parse keywords for root or related words.
• Synonyms. Keyword-based search features must provide support for synonym or related queries in the application layer.
• Ranking. The keyword look ups described in this document do not provide a way to weight results.
• Asynchronous Indexing. MongoDB builds indexes synchronously, which means that the indexes used for keyword indexes are always current and can operate in real-time. However, asynchronous bulk indexes may be
more efficient for some kinds of content and workloads.
Model Monetary Data

On this page
•
•
•
•
•

Overview (page 274)
Use Cases for Exact Precision Model (page 275)
Use Cases for Arbitrary Precision Model (page 275)
Exact Precision (page 275)
Arbitrary Precision (page 275)

Overview

MongoDB stores numeric data as either IEEE 754 standard 64-bit floating point numbers or as 32-bit or 64-bit signed
integers. Applications that handle monetary data often require capturing fractional units of currency. However, arithmetic on floating point numbers, as implemented in modern hardware, often does not conform to requirements for
monetary arithmetic. In addition, some fractional numeric quantities, such as one third and one tenth, have no exact
representation in binary floating point numbers.
Note: Arithmetic mentioned on this page refers to server-side arithmetic performed by mongod or mongos, and not
to client-side arithmetic.
This document describes two ways to model monetary data in MongoDB:
274

Chapter 7. Data Models

MongoDB Documentation, Release 3.2.5

• Exact Precision (page 275) which multiplies the monetary value by a power of 10.
• Arbitrary Precision (page 275) which uses two fields for the value: one field to store the exact monetary value
as a non-numeric and another field to store a floating point approximation of the value.
Use Cases for Exact Precision Model

If you regularly need to perform server-side arithmetic on monetary data, the exact precision model may be appropriate.
For instance:
• If you need to query the database for exact, mathematically valid matches, use Exact Precision (page 275).
• If you need to be able to do server-side arithmetic, e.g., $inc, $mul, and aggregation framework
arithmetic, use Exact Precision (page 275).
Use Cases for Arbitrary Precision Model

If there is no need to perform server-side arithmetic on monetary data, modeling monetary data using the arbitrary
precision model may be suitable. For instance:
• If you need to handle arbitrary or unforeseen number of precision, see Arbitrary Precision (page 275).
• If server-side approximations are sufficient, possibly with client-side post-processing, see Arbitrary Precision
(page 275).
Exact Precision

To model monetary data using the exact precision model:
1. Determine the maximum precision needed for the monetary value. For example, your application may require
precision down to the tenth of one cent for monetary values in USD currency.
2. Convert the monetary value into an integer by multiplying the value by a power of 10 that ensures the maximum
precision needed becomes the least significant digit of the integer. For example, if the required maximum
precision is the tenth of one cent, multiply the monetary value by 1000.
3. Store the converted monetary value.
For example, the following scales 9.99 USD by 1000 to preserve precision up to one tenth of a cent.
{ price: 9990, currency: "USD" }

The model assumes that for a given currency value:
• The scale factor is consistent for a currency; i.e. same scaling factor for a given currency.
• The scale factor is a constant and known property of the currency; i.e applications can determine the scale factor
from the currency.
When using this model, applications must be consistent in performing the appropriate scaling of the values.
For use cases of this model, see Use Cases for Exact Precision Model (page 275).
Arbitrary Precision

To model monetary data using the arbitrary precision model, store the value in two fields:
1. In one field, encode the exact monetary value as a non-numeric data type; e.g., BinData or a string.
7.4. Data Model Examples and Patterns

275

MongoDB Documentation, Release 3.2.5

2. In the second field, store a double-precision floating point approximation of the exact value.
The following example uses the arbitrary precision model to store 9.99 USD for the price and 0.25 USD for the
fee:
{
price: { display: "9.99", approx: 9.9900000000000002, currency: "USD" },
fee: { display: "0.25", approx: 0.2499999999999999, currency: "USD" }
}

With some care, applications can perform range and sort queries on the field with the numeric approximation. However, the use of the approximation field for the query and sort operations requires that applications perform client-side
post-processing to decode the non-numeric representation of the exact value and then filter out the returned documents
based on the exact monetary value.
For use cases of this model, see Use Cases for Arbitrary Precision Model (page 275).
Model Time Data

On this page
• Overview (page 276)
• Example (page 276)

Overview

MongoDB stores times in UTC (page 15) by default, and will convert any local time representations into this form.
Applications that must operate or report on some unmodified local time value may store the time zone alongside the
UTC timestamp, and compute the original local time in their application logic.
Example

In the MongoDB shell, you can store both the current date and the current client’s offset from UTC.
var now = new Date();
db.data.save( { date: now,
offset: now.getTimezoneOffset() } );

You can reconstruct the original local time by applying the saved offset:
var record = db.data.findOne();
var localNow = new Date( record.date.getTime() -

( record.offset * 60000 ) );

7.5 Data Model Reference
Database References (page 277) Discusses manual references and DBRefs, which MongoDB can use to represent
relationships between documents.

276

Chapter 7. Data Models

MongoDB Documentation, Release 3.2.5

7.5.1 Database References
On this page
• Manual References (page 277)
• DBRefs (page 278)
MongoDB does not support joins. In MongoDB some data is denormalized, or stored with related data in documents to
remove the need for joins. However, in some cases it makes sense to store related information in separate documents,
typically in different collections or databases.
MongoDB applications use one of two methods for relating documents:
• Manual references (page 277) where you save the _id field of one document in another document as a reference.
Then your application can run a second query to return the related data. These references are simple and
sufficient for most use cases.
• DBRefs (page 278) are references from one document to another using the value of the first document’s _id
field, collection name, and, optionally, its database name. By including these names, DBRefs allow documents
located in multiple collections to be more easily linked with documents from a single collection.
To resolve DBRefs, your application must perform additional queries to return the referenced documents. Many
drivers have helper methods that form the query for the DBRef automatically. The drivers 9 do not automatically resolve DBRefs into documents.
DBRefs provide a common format and type to represent relationships among documents. The DBRef format
also provides common semantics for representing links between documents if your database must interact with
multiple frameworks and tools.
Unless you have a compelling reason to use DBRefs, use manual references instead.
Manual References
Background

Using manual references is the practice of including one document’s _id field in another document. The application
can then issue a second query to resolve the referenced fields as needed.
Process

Consider the following operation to insert two documents, using the _id field of the first document as a reference in
the second document:
original_id = ObjectId()
db.places.insert({
"_id": original_id,
"name": "Broadway Center",
"url": "bc.example.net"
})
db.people.insert({
"name": "Erin",
9

Some community supported drivers may have alternate behavior and may resolve a DBRef into a document automatically.

7.5. Data Model Reference

277

MongoDB Documentation, Release 3.2.5

"places_id": original_id,
"url": "bc.example.net/Erin"
})

Then, when a query returns the document from the people collection you can, if needed, make a second query for
the document referenced by the places_id field in the places collection.
Use

For nearly every case where you want to store a relationship between two documents, use manual references
(page 277). The references are simple to create and your application can resolve references as needed.
The only limitation of manual linking is that these references do not convey the database and collection names. If you
have documents in a single collection that relate to documents in more than one collection, you may need to consider
using DBRefs.
DBRefs
Background

DBRefs are a convention for representing a document, rather than a specific reference type. They include the name of
the collection, and in some cases the database name, in addition to the value from the _id field.
Format

DBRefs have the following fields:
$ref
The $ref field holds the name of the collection where the referenced document resides.
$id
The $id field contains the value of the _id field in the referenced document.
$db
Optional.
Contains the name of the database where the referenced document resides.
Only some drivers support $db references.
Example
DBRef documents resemble the following document:
{ "$ref" : , "$id" : , "$db" : }

Consider a document from a collection that stored a DBRef in a creator field:
{
"_id" : ObjectId("5126bbf64aed4daf9e2ab771"),
// .. application fields
"creator" : {
"$ref" : "creators",
"$id" : ObjectId("5126bc054aed4daf9e2ab772"),
"$db" : "users"

278

Chapter 7. Data Models

MongoDB Documentation, Release 3.2.5

}
}

The DBRef in this example points to a document in the creators collection of the users database that has
ObjectId("5126bc054aed4daf9e2ab772") in its _id field.
Note: The order of fields in the DBRef matters, and you must use the above sequence when using a DBRef.

Driver Support for DBRefs

C
C++
C#

The C driver contains no support for DBRefs. You can traverse references manually.
The C++ driver contains no support for DBRefs. You can traverse references manually.
The C# driver supports DBRefs using the MongoDBRef10 class and FetchDBRef and
FetchDBRefAs methods.
Haskell The Haskell driver contains no support for DBRefs. You can traverse references manually.
Java
The DBRef11 class provides support for DBRefs from Java.
JavaScriptThe mongo shell’s JavaScript interface provides a DBRef.
Node.js The Node.js driver supports DBRefs using the DBRef12 class and the dereference13 method.
Perl
The Perl driver supports DBRefs using the MongoDB::DBRef14 class. You can traverse references
manually.
PHP
The PHP driver supports DBRefs, including the optional $db reference, using the MongoDBRef15
class.
Python The Python driver supports DBRefs using the DBRef16 class and the dereference17 method.
Ruby
The Ruby driver supports DBRefs using the DBRef18 class and the dereference19 method.
Scala
The Scala driver contains no support for DBRefs. You can traverse references manually.
Use

In most cases you should use the manual reference (page 277) method for connecting two or more related documents.
However, if you need to reference documents from multiple collections, consider using DBRefs.

10 https://api.mongodb.org/csharp/current/html/T_MongoDB_Driver_MongoDBRef.htm
11 https://api.mongodb.org/java/current/com/mongodb/DBRef.html
12 http://mongodb.github.io/node-mongodb-native/api-bson-generated/db_ref.html
13 http://mongodb.github.io/node-mongodb-native/api-generated/db.html#dereference
14 https://metacpan.org/pod/MongoDB::DBRef
15 http://www.php.net/manual/en/class.mongodbref.php/
16 https://api.mongodb.org/python/current/api/bson/dbref.html
17 https://api.mongodb.org/python/current/api/pymongo/database.html#pymongo.database.Database.deref

eren ce

18 https://api.mongodb.org/ruby/current/BSON/DBRef.html
19 https://api.mongodb.org/ruby/current/Mongo/DB.html#dereference-instance_method

7.5. Data Model Reference

279

MongoDB Documentation, Release 3.2.5

280

Chapter 7. Data Models

CHAPTER 8

Administration

The administration documentation addresses the ongoing operation and maintenance of MongoDB instances and deployments. This documentation includes both high level overviews of these concerns as well as tutorials that cover
specific procedures and processes for operating MongoDB.
Administration Concepts (page 281) Core conceptual documentation of operational practices for managing MongoDB deployments and systems.
MongoDB Backup Methods (page 282) Describes approaches and considerations for backing up a MongoDB
database.
Monitoring for MongoDB (page 285) An overview of monitoring tools, diagnostic strategies, and approaches
to monitoring replica sets and sharded clusters.
Production Notes (page 296) A collection of notes that describe best practices and considerations for the operations of MongoDB instances and deployments.
Continue reading from Administration Concepts (page 281) for additional documentation of MongoDB administration.
Administration Tutorials (page 318) Tutorials that describe common administrative procedures and practices for operations for MongoDB instances and deployments.
Configuration, Maintenance, and Analysis (page 318) Describes routine management operations, including
configuration and performance analysis.
Backup and Recovery (page 343) Outlines procedures for data backup and restoration with mongod instances
and deployments.
Continue reading from Administration Tutorials (page 318) for more tutorials of common MongoDB maintenance operations.
Administration Reference (page 372) Reference and documentation of internal mechanics of administrative features,
systems and functions and operations.
See also:
The MongoDB Manual contains administrative documentation and tutorials though out several sections. See Replica
Set Tutorials (page 665) and Sharded Cluster Tutorials (page 764) for additional tutorials and information.

8.1 Administration Concepts
The core administration documents address strategies and practices used in the operation of MongoDB systems and
deployments.

281

MongoDB Documentation, Release 3.2.5

Operational Strategies (page 282) Higher level documentation of key concepts for the operation and maintenance of
MongoDB deployments.
MongoDB Backup Methods (page 282) Describes approaches and considerations for backing up a MongoDB
database.
Monitoring for MongoDB (page 285) An overview of monitoring tools, diagnostic strategies, and approaches
to monitoring replica sets and sharded clusters.
Run-time Database Configuration (page 291) Outlines common MongoDB configurations and examples of
best-practice configurations for common use cases.
Continue reading from Operational Strategies (page 282) for additional documentation.
Data Management (page 308) Core documentation that addresses issues in data management, organization, maintenance, and lifecycle management.
Data Center Awareness (page 308) Presents the MongoDB features that allow application developers and
database administrators to configure their deployments to be more data center aware or allow operational
and location-based separation.
Optimization Strategies for MongoDB (page 310) Techniques for optimizing application performance with MongoDB.
Continue reading from Optimization Strategies for MongoDB (page 310) for additional documentation.

8.1.1 Operational Strategies
These documents address higher level strategies for common administrative tasks and requirements with respect to
MongoDB deployments.
MongoDB Backup Methods (page 282) Describes approaches and considerations for backing up a MongoDB
database.
Monitoring for MongoDB (page 285) An overview of monitoring tools, diagnostic strategies, and approaches to
monitoring replica sets and sharded clusters.
Run-time Database Configuration (page 291) Outlines common MongoDB configurations and examples of bestpractice configurations for common use cases.
Production Notes (page 296) A collection of notes that describe best practices and considerations for the operations
of MongoDB instances and deployments.
MongoDB Backup Methods

On this page
•
•
•
•
•
•

Backup by Copying Underlying Data Files (page 283)
Backup with mongodump (page 283)
MongoDB Cloud Manager Backup (page 284)
Ops Manager Backup Software (page 284)
Further Reading (page 285)
Additional Resources (page 285)

When deploying MongoDB in production, you should have a strategy for capturing and restoring backups in the case
of data loss events. There are several ways to back up MongoDB clusters:
• Backup by Copying Underlying Data Files (page 283)
282

Chapter 8. Administration

MongoDB Documentation, Release 3.2.5

• Backup a Database with mongodump (page 350)
• MongoDB Cloud Manager Backup (page 284)
• Ops Manager Backup Software (page 284)
Backup by Copying Underlying Data Files

You can create a backup by copying MongoDB’s underlying data files.
If the volume where MongoDB stores data files supports point in time snapshots, you can use these snapshots to create
backups of a MongoDB system at an exact moment in time.
File systems snapshots are an operating system volume manager feature, and are not specific to MongoDB. The
mechanics of snapshots depend on the underlying storage system. For example, if you use Amazon’s EBS storage
system for EC2 supports snapshots. On Linux the LVM manager can create a snapshot.
To get a correct snapshot of a running mongod process, you must have journaling enabled and the journal must reside
on the same logical volume as the other MongoDB data files. Without journaling enabled, there is no guarantee that
the snapshot will be consistent or valid.
To get a consistent snapshot of a sharded system, you must disable the balancer and capture a snapshot from every
shard and a config server at approximately the same moment in time.
If your storage system does not support snapshots, you can copy the files directly using cp, rsync, or a similar tool.
Since copying multiple files is not an atomic operation, you must stop all writes to the mongod before copying the
files. Otherwise, you will copy the files in an invalid state.
Backups produced by copying the underlying data do not support point in time recovery for replica sets and are
difficult to manage for larger sharded clusters. Additionally, these backups are larger because they include the indexes
and duplicate underlying storage padding and fragmentation. mongodump, by contrast, creates smaller backups.
For more information, see the Backup and Restore with Filesystem Snapshots (page 343) and Backup a Sharded Cluster
with Filesystem Snapshots (page 356) for complete instructions on using LVM to create snapshots. Also see Back up
and Restore Processes for MongoDB on Amazon EC21 .
Backup with mongodump

The mongodump tool reads data from a MongoDB database and creates high fidelity BSON files.
mongorestore tool can populate a MongoDB database with the data from these BSON files.

The

Use Cases mongodump and mongorestore are simple and efficient for backing up small MongoDB deployments, for partial backup and restores based on a query, syncing from production to staging or development environments, or changing the storage engine of a standalone.
However, these tools can be problematic for capturing backups of larger systems, sharded clusters, or replica sets. For
alternatives, see MongoDB Cloud Manager Backup (page 284) or Ops Manager Backup Software (page 284).
Data Exclusion mongodump excludes the content of the local database in its output.
mongodump only captures the documents in the database in its backup data and does not include index data.
mongorestore or mongod must then rebuild the indexes after restoring data.
1 https://docs.mongodb.org/ecosystem/tutorial/backup-and-restore-mongodb-on-amazon-ec2

8.1. Administration Concepts

283

MongoDB Documentation, Release 3.2.5

Data Compression Handling When run against a mongod instance that uses the WiredTiger (page 595) storage
engine, mongodump outputs uncompressed data.
Performance mongodump can adversely affect the performance of the mongod. If your data is larger than system
memory, the mongodump will push the working set out of memory.
If applications modify data while mongodump is creating a backup, mongodump will compete for resources with
those applications.
To mitigate the impact of mongodump on the performance of the replica set, use mongodump to capture backups
from a secondary (page 628) member of a replica set.
Applications can continue to modify data while mongodump captures the output. For replica sets, mongodump
provides the --oplog option to include in its output oplog entries that occur during the mongodump operation.
This allows the corresponding mongorestore operation to replay the captured oplog. To restore a backup created
with --oplog, use mongorestore with the --oplogReplay option.
However, for replica sets, consider MongoDB Cloud Manager Backup (page 284) or Ops Manager Backup Software
(page 284).
See Back Up and Restore with MongoDB Tools (page 349), Backup a Small Sharded Cluster with mongodump
(page 355), and Backup a Sharded Cluster with Database Dumps (page 359) for more information.
MongoDB Cloud Manager Backup

The MongoDB Cloud Manager2 supports the backing up and restoring of MongoDB deployments.
MongoDB Cloud Manager continually backs up MongoDB replica sets and sharded clusters by reading the oplog data
from your MongoDB deployment.
MongoDB Cloud Manager Backup offers point in time recovery of MongoDB replica sets and a consistent snapshot
of sharded clusters.
MongoDB Cloud Manager achieves point in time recovery by storing oplog data so that it can create a restore for
any moment in time in the last 24 hours for a particular replica set or sharded cluster. Sharded cluster snapshots are
difficult to achieve with other MongoDB backup methods.
To restore a MongoDB deployment from an MongoDB Cloud Manager Backup snapshot, you download a compressed
archive of your MongoDB data files and distribute those files before restarting the mongod processes.
To get started with MongoDB Cloud Manager Backup, sign up for MongoDB Cloud Manager3 . For documentation
on MongoDB Cloud Manager, see the MongoDB Cloud Manager documentation4 .
Ops Manager Backup Software

MongoDB Subscribers can install and run the same core software that powers MongoDB Cloud Manager Backup
(page 284) on their own infrastructure. Ops Manager, an on-premise solution, has similar functionality to the cloud
version and is available with Enterprise Advanced subscriptions.
For more information about Ops Manager, see the MongoDB Enterprise Advanced5 page and the Ops Manager Manual6 .
2 https://cloud.mongodb.com/?jmp=docs
3 https://cloud.mongodb.com/?jmp=docs
4 https://docs.cloud.mongodb.com/
5 https://www.mongodb.com/products/mongodb-enterprise-advanced?jmp=docs
6 https://docs.opsmanager.mongodb.com/current/

284

Chapter 8. Administration

MongoDB Documentation, Release 3.2.5

Further Reading

Backup and Restore with Filesystem Snapshots (page 343) An outline of procedures for creating MongoDB data set
backups using system-level file snapshot tool, such as LVM or native storage appliance tools.
Restore a Replica Set from MongoDB Backups (page 348) Describes procedure for restoring a replica set from an
archived backup such as a mongodump or MongoDB Cloud Manager7 Backup file.
Back Up and Restore with MongoDB Tools (page 349) Describes a procedure for exporting the contents of a
database to either a binary dump or a textual exchange format, and for importing these files into a database.
Backup and Restore Sharded Clusters (page 355) Detailed procedures and considerations for backing up sharded
clusters and single shards.
Recover Data after an Unexpected Shutdown (page 366) Recover data from MongoDB data files that were not properly closed or have an invalid state.
Additional Resources

• Backup and it’s Role in Disaster Recovery White Paper8
• Backup vs. Replication: Why Do You Need Both?9
• MongoDB Production Readiness Consulting Package10
Monitoring for MongoDB

On this page
•
•
•
•
•
•
•

Monitoring Strategies (page 286)
MongoDB Reporting Tools (page 286)
Process Logging (page 288)
Diagnosing Performance Issues (page 289)
Replication and Monitoring (page 289)
Sharding and Monitoring (page 290)
Additional Resources (page 291)

Monitoring is a critical component of all database administration. A firm grasp of MongoDB’s reporting will allow you
to assess the state of your database and maintain your deployment without crisis. Additionally, a sense of MongoDB’s
normal operational parameters will allow you to diagnose problems before they escalate to failures.
This document presents an overview of the available monitoring utilities and the reporting statistics available in MongoDB. It also introduces diagnostic strategies and suggestions for monitoring replica sets and sharded clusters.
Note: MongoDB Cloud Manager11 , a hosted service, and Ops Manager12 , an on-premise solution, provide monitoring, backup, and automation of MongoDB instances. See the MongoDB Cloud Manager documentation13 and Ops
Manager documentation14 for more information.
7 https://cloud.mongodb.com/?jmp=docs
8 https://www.mongodb.com/lp/white-paper/backup-disaster-recovery?jmp=docs
9 http://www.mongodb.com/blog/post/backup-vs-replication-why-do-you-need-both?jmp=docs
10 https://www.mongodb.com/products/consulting?jmp=docs#s_product_readiness
11 https://cloud.mongodb.com/?jmp=docs
12 https://www.mongodb.com/products/mongodb-enterprise-advanced?jmp=docs
13 https://docs.cloud.mongodb.com/
14 https://docs.opsmanager.mongodb.com?jmp=docs

8.1. Administration Concepts

285

MongoDB Documentation, Release 3.2.5

Monitoring Strategies

There are three methods for collecting data about the state of a running MongoDB instance:
• First, there is a set of utilities distributed with MongoDB that provides real-time reporting of database activities.
• Second, database commands return statistics regarding the current database state with greater fidelity.
• Third, MongoDB Cloud Manager15 , a hosted service, and Ops Manager, an on-premise solution available in
MongoDB Enterprise Advanced16 , provide monitoring to collect data from running MongoDB deployments as
well as providing visualization and alerts based on that data.
Each strategy can help answer different questions and is useful in different contexts. These methods are complementary.
MongoDB Reporting Tools

This section provides an overview of the reporting methods distributed with MongoDB. It also offers examples of the
kinds of questions that each method is best suited to help you address.
Utilities The MongoDB distribution includes a number of utilities that quickly return statistics about instances’
performance and activity. Typically, these are most useful for diagnosing issues and assessing normal operation.
mongostat mongostat captures and returns the counts of database operations by type (e.g. insert, query, update,
delete, etc.). These counts report on the load distribution on the server.
Use mongostat to understand the distribution of operation types and to inform capacity planning. See the
mongostat manual for details.
mongotop mongotop tracks and reports the current read and write activity of a MongoDB instance, and reports
these statistics on a per collection basis.
Use mongotop to check if your database activity and use match your expectations. See the mongotop manual
for details.
HTTP Console Deprecated since version 3.2: HTTP interface for MongoDB
MongoDB provides a web interface that exposes diagnostic and monitoring information in a simple web page. The
web interface is accessible at localhost:, where the number is 1000 more than the mongod
port .
For example, if a locally running mongod is using the default port 27017, access the HTTP console at
http://localhost:28017.
Commands MongoDB includes a number of commands that report on the state of the database.
These data may provide a finer level of granularity than the utilities discussed above. Consider using their output
in scripts and programs to develop custom alerts, or to modify the behavior of your application in response to the
activity of your instance. The db.currentOp method is another useful tool for identifying the database instance’s
in-progress operations.
15 https://cloud.mongodb.com/?jmp=docs
16 https://www.mongodb.com/products/mongodb-enterprise-advanced?jmp=docs

286

Chapter 8. Administration

MongoDB Documentation, Release 3.2.5

serverStatus The serverStatus command, or db.serverStatus() from the shell, returns a general
overview of the status of the database, detailing disk usage, memory use, connection, journaling, and index access.
The command returns quickly and does not impact MongoDB performance.
serverStatus outputs an account of the state of a MongoDB instance. This command is rarely run directly. In
most cases, the data is more meaningful when aggregated, as one would see with monitoring tools including MongoDB
Cloud Manager17 and Ops Manager18 . Nevertheless, all administrators should be familiar with the data provided by
serverStatus.
dbStats The dbStats command, or db.stats() from the shell, returns a document that addresses storage use
and data volumes. The dbStats reflect the amount of storage used, the quantity of data contained in the database,
and object, collection, and index counters.
Use this data to monitor the state and storage capacity of a specific database. This output also allows you to compare
use between databases and to determine the average document size in a database.
collStats The collStats or db.collection.stats() from the shell that provides statistics that resemble dbStats on the collection level, including a count of the objects in the collection, the size of the collection, the
amount of disk space used by the collection, and information about its indexes.
replSetGetStatus The replSetGetStatus command (rs.status() from the shell) returns an
overview of your replica set’s status. The replSetGetStatus document details the state and configuration of
the replica set and statistics about its members.
Use this data to ensure that replication is properly configured, and to check the connections between the current host
and the other members of the replica set.
Third Party Tools A number of third party monitoring tools have support for MongoDB, either directly, or through
their own plugins.
Self Hosted Monitoring Tools These are monitoring tools that you must install, configure and maintain on your
own servers. Most are open source.
Tool
Ganglia19

Plugin
mongodb-ganglia20

Ganglia

gmond_python_modules21

Motop22

None

mtop23
Munin24
Munin

None
mongo-munin25
mongomon26

Munin

munin-plugins Ubuntu PPA27

Nagios28

nagios-plugin-mongodb29

Description
Python script to report operations per second,
memory usage, btree statistics, master/slave status
and current connections.
Parses output from the serverStatus and
replSetGetStatus commands.
Realtime monitoring tool for MongoDB servers.
Shows current operations ordered by durations
every second.
A top like tool.
Retrieves server statistics.
Retrieves collection statistics (sizes, index sizes,
and each (configured) collection count for one
DB).
Some additional munin plugins not in the main
distribution.
A simple Nagios check script, written in Python.

17 https://cloud.mongodb.com/?jmp=docs
18 https://www.mongodb.com/products/mongodb-enterprise-advanced?jmp=docs
19 http://sourceforge.net/apps/trac/ganglia/wiki

8.1. Administration Concepts

287

MongoDB Documentation, Release 3.2.5

Also consider dex30 , an index and query analyzing tool for MongoDB that compares MongoDB log files and indexes
to make indexing recommendations.
See also:
Ops Manager, an on-premise solution available in MongoDB Enterprise Advanced31 .
Hosted (SaaS) Monitoring Tools These are monitoring tools provided as a hosted service, usually through a paid
subscription.
Name
MongoDB Cloud Manager32

Scout34
Server Density38
Application Performance
Management40
New Relic41

Datadog42

Notes
MongoDB Cloud Manager is a cloud-based suite of services for managing
MongoDB deployments. MongoDB Cloud Manager provides monitoring,
backup, and automation functionality. For an on-premise solution, see also Ops
Manager, available in MongoDB Enterprise Advanced33 .
Several plugins, including MongoDB Monitoring35 , MongoDB Slow
Queries36 , and MongoDB Replica Set Monitoring37 .
Dashboard for MongoDB39 , MongoDB specific alerts, replication failover
timeline and iPhone, iPad and Android mobile apps.
IBM has an Application Performance Management SaaS offering that includes
monitor for MongoDB and other applications and middleware.
New Relic offers full support for application performance management. In
addition, New Relic Plugins and Insights enable you to view monitoring
metrics from Cloud Manager in New Relic.
Infrastructure monitoring43 to visualize the performance of your MongoDB
deployments.

Process Logging

During normal operation, mongod and mongos instances report a live account of all server activity and operations to
either standard output or a log file. The following runtime settings control these options.
• quiet. Limits the amount of information written to the log or output.
20 https://github.com/quiiver/mongodb-ganglia
21 https://github.com/ganglia/gmond_python_modules
22 https://github.com/tart/motop
23 https://github.com/beaufour/mtop
24 http://munin-monitoring.org/
25 https://github.com/erh/mongo-munin
26 https://github.com/pcdummy/mongomon
27 https://launchpad.net/

chris-lea/+archive/munin-plugins

28 http://www.nagios.org/
29 https://github.com/mzupan/nagios-plugin-mongodb
30 https://github.com/mongolab/dex
31 https://www.mongodb.com/products/mongodb-enterprise-advanced?jmp=docs
32 https://cloud.mongodb.com/?jmp=docs
33 https://www.mongodb.com/products/mongodb-enterprise-advanced?jmp=docs
34 http://scoutapp.com
35 https://scoutapp.com/plugin_urls/391-mongodb-monitoring
36 http://scoutapp.com/plugin_urls/291-mongodb-slow-queries
37 http://scoutapp.com/plugin_urls/2251-mongodb-replica-set-monitoring
38 http://www.serverdensity.com
39 http://www.serverdensity.com/mongodb-monitoring/
40 http://ibmserviceengage.com
41 http://newrelic.com/
42 https://www.datadoghq.com/
43 http://docs.datadoghq.com/integrations/mongodb/

288

Chapter 8. Administration

MongoDB Documentation, Release 3.2.5

• verbosity. Increases the amount of information written to the log or output. You can also modify the logging
verbosity during runtime with the logLevel parameter or the db.setLogLevel() method in the shell.
• path. Enables logging to a file, rather than the standard output. You must specify the full path to the log file
when adjusting this setting.
• logAppend. Adds information to a log file instead of overwriting the file.
Note: You can specify these configuration operations as the command line arguments to mongod or mongos
For example:
mongod -v --logpath /var/log/mongodb/server1.log --logappend

Starts a mongod instance in verbose
/var/log/mongodb/server1.log/.

mode,

appending

data

the

log

file

The following database commands also affect logging:
• getLog. Displays recent messages from the mongod process log.
• logRotate. Rotates the log files for mongod processes only. See Rotate Log Files (page 330).
Diagnosing Performance Issues

As you develop and operate applications with MongoDB, you may want to analyze the performance of the database
as the application. Analyzing MongoDB Performance (page 310) discusses some of the operational factors that can
influence performance.
Replication and Monitoring

Beyond the basic monitoring requirements for any MongoDB instance, for replica sets, administrators must monitor
replication lag. “Replication lag” refers to the amount of time that it takes to copy (i.e. replicate) a write operation
on the primary to a secondary. Some small delay period may be acceptable, but two significant problems emerge as
replication lag grows:
• First, operations that occurred during the period of lag are not replicated to one or more secondaries. If you’re
using replication to ensure data persistence, exceptionally long delays may impact the integrity of your data set.
• Second, if the replication lag exceeds the length of the operation log (oplog) then MongoDB will have to perform
an initial sync on the secondary, copying all data from the primary and rebuilding all indexes. This is uncommon
under normal circumstances, but if you configure the oplog to be smaller than the default, the issue can arise.
Note: The size of the oplog is only configurable during the first run using the --oplogSize argument to the
mongod command, or preferably, the oplogSizeMB setting in the MongoDB configuration file. If you do not
specify this on the command line before running with the --replSet option, mongod will create a default
sized oplog.
By default, the oplog is 5 percent of total available disk space on 64-bit systems. For more information about
changing the oplog size, see the Change the Size of the Oplog (page 693)
For causes of replication lag, see Replication Lag (page 712).
Replication issues are most often the result of network connectivity issues between members, or the result of a primary
that does not have the resources to support application and replication traffic. To check the status of a replica, use the
replSetGetStatus or the following helper in the shell:

8.1. Administration Concepts

289

MongoDB Documentation, Release 3.2.5

rs.status()

The replSetGetStatus reference provides a more in-depth overview view of this output. In general, watch the
value of optimeDate, and pay particular attention to the time difference between the primary and the secondary
members.
Sharding and Monitoring

In most cases, the components of sharded clusters benefit from the same monitoring and analysis as all other MongoDB
instances. In addition, clusters require further monitoring to ensure that data is effectively distributed among nodes
and that sharding operations are functioning appropriately.
See also:
See the Sharding Concepts (page 739) documentation for more information.
Config Servers The config database maintains a map identifying which documents are on which shards. The cluster
updates this map as chunks move between shards. When a configuration server becomes inaccessible, certain sharding
operations become unavailable, such as moving chunks and starting mongos instances. However, clusters remain
accessible from already-running mongos instances.
Because inaccessible configuration servers can seriously impact the availability of a sharded cluster, you should monitor your configuration servers to ensure that the cluster remains well balanced and that mongos instances can restart.
MongoDB Cloud Manager44 and Ops Manager45 monitor config servers and can create notifications if a config server
becomes inaccessible. See the MongoDB Cloud Manager documentation46 and Ops Manager documentation47 for
more information.
Balancing and Chunk Distribution The most effective sharded cluster deployments evenly balance chunks among
the shards. To facilitate this, MongoDB has a background balancer process that distributes data to ensure that chunks
are always optimally distributed among the shards.
Issue the db.printShardingStatus() or sh.status() command to the mongos by way of the mongo
shell. This returns an overview of the entire cluster including the database name, and a list of the chunks.
Stale Locks In nearly every case, all locks used by the balancer are automatically released when they become stale.
However, because any long lasting lock can block future balancing, it’s important to ensure that all locks are legitimate.
To check the lock status of the database, connect to a mongos instance using the mongo shell. Issue the following
command sequence to switch to the config database and display all outstanding locks on the shard database:
use config
db.locks.find()

For active deployments, the above query can provide insights. The balancing process, which originates on a randomly
selected mongos, takes a special “balancer” lock that prevents other balancing activity from transpiring. Use the
following command, also to the config database, to check the status of the “balancer” lock.
db.locks.find( { _id : "balancer" } )

If this lock exists, make sure that the balancer process is actively using this lock.
44 https://cloud.mongodb.com/?jmp=docs
45 https://www.mongodb.com/products/mongodb-enterprise-advanced?jmp=docs
46 https://docs.cloud.mongodb.com/
47 https://docs.opsmanager.mongodb.com/current/application

290

Chapter 8. Administration

MongoDB Documentation, Release 3.2.5

Additional Resources

• MongoDB Production Readiness Consulting Package48
Run-time Database Configuration

On this page
•
•
•
•
•

Configure the Database (page 291)
Security Considerations (page 292)
Replication and Sharding Configuration (page 293)
Run Multiple Database Instances on the Same System (page 295)
Diagnostic Configurations (page 295)

The command line and configuration file interfaces provide MongoDB administrators with a large number of options and settings for controlling the operation of the database system. This document provides an overview
of common configurations and examples of best-practice configurations for common use cases.
While both interfaces provide access to the same collection of options and settings, this document primarily uses
the configuration file interface. If you run MongoDB using a init script or if you installed from a package for your
operating system, you likely already have a configuration file located at /etc/mongod.conf. Confirm this by
checking the contents of the /etc/init.d/mongod or /etc/rc.d/mongod script to ensure that the init scripts
start the mongod with the appropriate configuration file.
To start a MongoDB instance using this configuration file, issue a command in the following form:
mongod --config /etc/mongod.conf
mongod -f /etc/mongod.conf

Modify the values in the /etc/mongod.conf file on your system to control the configuration of your database
instance.
Configure the Database

Consider the following basic configuration which uses the YAML format:
processManagement:
fork: true
net:
bindIp: 127.0.0.1
port: 27017
storage:
dbPath: /srv/mongodb
systemLog:
destination: file
path: "/var/log/mongodb/mongod.log"
logAppend: true
storage:
journal:
enabled: true

Or, if using the older .ini configuration file format:
48 https://www.mongodb.com/products/consulting?jmp=docs#s_product_readiness

8.1. Administration Concepts

291

MongoDB Documentation, Release 3.2.5

fork = true
bind_ip = 127.0.0.1
port = 27017
quiet = true
dbpath = /srv/mongodb
logpath = /var/log/mongodb/mongod.log
logappend = true
journal = true

For most standalone servers, this is a sufficient base configuration. It makes several assumptions, but consider the
following explanation:
• fork is true, which enables a daemon mode for mongod, which detaches (i.e. “forks”) the MongoDB from
the current session and allows you to run the database as a conventional server.
• bindIp is 127.0.0.1, which forces the server to only listen for requests on the localhost IP. Only bind to
secure interfaces that the application-level systems can access with access control provided by system network
filtering (i.e. “firewall”).
New in version 2.6: mongod installed from official .deb (page 36) and .rpm (page 23) packages have the
bind_ip configuration set to 127.0.0.1 by default.
• port is 27017, which is the default MongoDB port for database instances. MongoDB can bind to any port.
You can also filter access based on port using network filtering tools.
Note: UNIX-like systems require superuser privileges to attach processes to ports lower than 1024.
• quiet is true. This disables all but the most critical entries in output/log file, and is not recommended for
production systems. If you do set this option, you can use setParameter to modify this setting during run
time.
• dbPath is /srv/mongodb, which specifies where MongoDB will store its data files. /srv/mongodb and
/var/lib/mongodb are popular locations. The user account that mongod runs under will need read and
write access to this directory.
• systemLog.path is /var/log/mongodb/mongod.log which is where mongod will write its output.
If you do not set this value, mongod writes all output to standard output (e.g. stdout.)
• logAppend is true, which ensures that mongod does not overwrite an existing log file following the server
start operation.
• storage.journal.enabled is true, which enables journaling. Journaling ensures single instance writedurability. 64-bit builds of mongod enable journaling by default. Thus, this setting may be redundant.
Given the default configuration, some of these values may be redundant. However, in many situations explicitly stating
the configuration increases overall system intelligibility.
Security Considerations

The following collection of configuration options are useful for limiting access to a mongod instance. Consider the
following settings, shown in both YAML and older configuration file format:
In YAML format
security:
authorization: enabled
net:
bindIp: 127.0.0.1,10.8.0.10,192.168.4.24

292

Chapter 8. Administration

MongoDB Documentation, Release 3.2.5

Or, if using the older older configuration file format49 :
bind_ip = 127.0.0.1,10.8.0.10,192.168.4.24
auth = true

Consider the following explanation for these configuration decisions:
• “bindIp” has three values: 127.0.0.1, the localhost interface; 10.8.0.10, a private IP address typically
used for local networks and VPN interfaces; and 192.168.4.24, a private network interface typically used
for local networks.
Because production MongoDB instances need to be accessible from multiple database servers, it is important
to bind MongoDB to multiple interfaces that are accessible from your application servers. At the same time it’s
important to limit these interfaces to interfaces controlled and protected at the network layer.
• “authorization” is true enables the authorization system within MongoDB. If enabled you will need to
log in by connecting over the localhost interface for the first time to create user credentials.
See also:
Security (page 391)
Replication and Sharding Configuration

Replication Configuration Replica set configuration is straightforward, and only requires that the replSetName
have a value that is consistent among all members of the set. Consider the following:
In YAML format
replication:
replSetName: set0

Or, if using the older configuration file format50 :
replSet = set0

Use descriptive names for sets. Once configured, use the mongo shell to add hosts to the replica set.
See also:
Replica set reconfiguration.
To enable authentication for the replica set, add the following keyFile option:
In YAML format
security:
keyFile: /srv/mongodb/keyfile

Or, if using the older configuration file format51 :
keyFile = /srv/mongodb/keyfile

Setting keyFile enables authentication and specifies a key file for the replica set member use to when authenticating
to each other. The content of the key file is arbitrary, but must be the same on all members of the replica set and
mongos instances that connect to the set. The keyfile must be less than one kilobyte in size and may only contain
characters in the base64 set and the file must not have group or “world” permissions on UNIX systems.
See also:
49 https://docs.mongodb.org/v2.4/reference/configuration-options
50 https://docs.mongodb.org/v2.4/reference/configuration-options
51 https://docs.mongodb.org/v2.4/reference/configuration-options

8.1. Administration Concepts

293

MongoDB Documentation, Release 3.2.5

The Replica Set Security (page 423) section for information on configuring authentication with replica sets.
The Replication (page 623) document for more information on replication in MongoDB and replica set configuration
in general.
Sharding Configuration Sharding requires a number of mongod instances with different configurations. The config servers store the cluster’s metadata, while the cluster distributes data among one or more shard servers.
Note: Config servers are not replica sets.
To set up one or three “config server” instances as normal (page 291) mongod instances, and then add the following
configuration option:
In YAML format
sharding:
clusterRole: configsvr
net:
bindIp: 10.8.0.12
port: 27001

Or, if using the older configuration file format52 :
configsvr = true
bind_ip = 10.8.0.12
port = 27001

This creates a config server running on the private IP address 10.8.0.12 on port 27001. Make sure that there are
no port conflicts, and that your config server is accessible from all of your mongos and mongod instances.
To set up shards, configure two or more mongod instance using your base configuration (page 291), with the
shardsvr value for the sharding.clusterRole setting:
sharding:
clusterRole: shardsvr

Or, if using the older configuration file format53 :
shardsvr = true

Finally, to establish the cluster, configure at least one mongos process with the following settings:
In YAML format:
sharding:
configDB: 10.8.0.12:27001
chunkSize: 64

Or, if using the older configuration file format54 :
configdb = 10.8.0.12:27001
chunkSize = 64

Important: Always use 3 config servers in production environments.
52 https://docs.mongodb.org/v2.4/reference/configuration-options
53 https://docs.mongodb.org/v2.4/reference/configuration-options
54 https://docs.mongodb.org/v2.4/reference/configuration-options

294

Chapter 8. Administration

MongoDB Documentation, Release 3.2.5

You can specify multiple configDB instances by specifying hostnames and ports in the form of a comma separated
list.
In general, avoid modifying the chunkSize from the default value of 64,
among all mongos instances.

and ensure this setting is consistent

See also:
The Sharding (page 733) section of the manual for more information on sharding and cluster configuration.
Run Multiple Database Instances on the Same System

In many cases running multiple instances of mongod on a single system is not recommended. On some types of
deployments 56 and for testing purposes you may need to run more than one mongod on a single system.
In these cases, use a base configuration (page 291) for each instance, but consider the following configuration values:
In YAML format:
storage:
dbPath: /srv/mongodb/db0/
processManagement:
pidFilePath: /srv/mongodb/db0.pid

Or, if using the older configuration file format57 :
dbpath = /srv/mongodb/db0/
pidfilepath = /srv/mongodb/db0.pid

The dbPath value controls the location of the mongod instance’s data directory. Ensure that each database has a
distinct and well labeled data directory. The pidFilePath controls where mongod process places it’s process id
file. As this tracks the specific mongod file, it is crucial that file be unique and well labeled to make it easy to start
and stop these processes.
Create additional init scripts and/or adjust your existing MongoDB configuration and init script as needed to control
these processes.
Diagnostic Configurations

The following configuration options control various mongod behaviors for diagnostic purposes:
• operationProfiling.mode sets the database profiler (page 312) level. The profiler is not active by
default because of the possible impact on the profiler itself on performance. Unless this setting is on, queries
are not profiled.
• operationProfiling.slowOpThresholdMs configures the threshold which determines whether a
query is “slow” for the purpose of the logging system and the profiler (page 312). The default value is 100
milliseconds. Set a lower value if the database profiler does not return useful results or a higher value to only
log the longest running queries.
• systemLog.verbosity controls the amount of logging output that mongod write to the log. Only use this
option if you are experiencing an issue that is not reflected in the normal logging level.
55 Chunk size is 64 megabytes by default, which provides the ideal balance between the most even distribution of data, for which smaller chunk
sizes are best, and minimizing chunk migration, for which larger chunk sizes are optimal.
56 Single-tenant systems with SSD or other high performance disks may provide acceptable performance levels for multiple mongod instances.
Additionally, you may find that multiple databases with small working sets may function acceptably on a single system.
57 https://docs.mongodb.org/v2.4/reference/configuration-options

8.1. Administration Concepts

295

MongoDB Documentation, Release 3.2.5

Changed in version 3.0: You can also specify verbosity level for specific components using the
systemLog.component..verbosity setting. For the available components, see component
verbosity settings.
For more information, see also Database Profiling (page 312) and Analyzing MongoDB Performance (page 310).
Production Notes

On this page
•
•
•
•
•
•
•
•
•
•
•
•

MongoDB Binaries (page 296)
MongoDB dbPath (page 297)
Concurrency (page 297)
Data Consistency (page 298)
Networking (page 298)
Hardware Considerations (page 299)
Architecture (page 302)
Compression (page 302)
Platform Specific Considerations (page 303)
Performance Monitoring (page 307)
Backups (page 307)
Additional Resources (page 307)

This page details system configurations that affect MongoDB, especially when running in production.
Note: MongoDB Cloud Manager58 , a hosted service, and Ops Manager59 , an on-premise solution, provide monitoring, backup, and automation of MongoDB instances. See the MongoDB Cloud Manager documentation60 and Ops
Manager documentation61 for more information.

MongoDB Binaries

Supported Platforms MongoDB provides builds for the following supported platforms. For running in production,
refer to the Recommended Platforms (page 297) for operating system recommendations.
Platform
Amazon Linux
Debian 7
Fedora 8+
RHEL/CentOS 6.2+
RHEL/CentOS 7.0+
SLES 11
SLES 12
Solaris 64-bit
Ubuntu 12.04
Ubuntu 14.04
Microsoft Azure
Windows Vista/Server 2008R2/2012+
OSX 10.7+

3.2
Y
Y

3.0
Y
Y
Y
Y
Y

2.6
Y
Y
Y
Y
Y
Y

2.4
Y
Y
Y
Y

2.2
Y
Y
Y
Y

Y
Y
Y
Y
Y
Y
Y
Y
Y
Y

Y
Y
Y
Y
Y
Y

Y
Y

Y
Y
Y

Y
Y

58 https://cloud.mongodb.com/?jmp=docs
59 https://www.mongodb.com/products/mongodb-enterprise-advanced?jmp=docs
60 https://docs.cloud.mongodb.com/
61 https://docs.opsmanager.mongodb.com?jmp=docs

296

Chapter 8. Administration

MongoDB Documentation, Release 3.2.5

Changed in version 3.2: MongoDB can now use the WiredTiger storage engine (page 595) on all supported platforms.
Recommended Platforms While MongoDB supports a variety of platorms, the following operating systems are
recommended for production use:
• Amazon Linux
• Debian 7.1
• RHEL / CentOS 6.2+
• SLES 11+
• Ubuntu LTS 12.04
• Ubuntu LTS 14.04
• Windows Server 2012 & 2012 R2
See also:
Platform Specific Considerations (page 303)
Use the Latest Stable Packages Be sure you have the latest stable release.
All MongoDB releases are available on the Downloads62 page. The Downloads63 page is a good place to verify the
current stable release, even if you are installing via a package manager.
Use 64-bit Builds Always use 64-bit builds for production.
Important: Starting in MongoDB 3.2, 32-bit binaries are deprecated and will be unavailable in future releases.
Although the 32-bit builds exist for Linux and Windows, they are unsuitable for production deployments. 32-bit builds
also do not support the WiredTiger storage engine. For more information, see the 32-bit limitations page (page 21)
MongoDB dbPath

The files in the dbPath directory must correspond to the configured storage engine. mongod will not start if dbPath
contains data files created by a storage engine other than the one specified by --storageEngine.
Changed in version 3.2: As of MongoDB 3.2, MongoDB uses the WiredTiger (page 595) storage engine by default.
Changed in version 3.0: MongoDB includes support for two storage engines: MMAPv1 (page 603), the storage engine
available in previous versions of MongoDB, and WiredTiger (page 595).
mongod must possess read and write permissions for the specified dbPath.
Concurrency

MMAPv1 Changed in version 3.0: Beginning with MongoDB 3.0, MMAPv1 (page 603) provides collection-level
locking: All collections have a unique readers-writer lock that allows multiple clients to modify documents in different
collections at the same time.
For MongoDB versions 2.2 through 2.6 series, each database has a readers-writer lock that allows concurrent read access to a database, but gives exclusive access to a single write operation per database. See the Concurrency (page 835)
62 http://www.mongodb.org/downloads
63 http://www.mongodb.org/downloads

8.1. Administration Concepts

297

MongoDB Documentation, Release 3.2.5

page for more information. In earlier versions of MongoDB, all write operations contended for a single readers-writer
lock for the entire mongod instance.
WiredTiger WiredTiger (page 595) supports concurrent access by readers and writers to the documents in a collection. Clients can read documents while write operations are in progress, and multiple threads can modify different
documents in a collection at the same time.
See also:
Allocate Sufficient RAM and CPU (page 299) provides information about how WiredTiger takes advantage of multiple
CPU cores and how to improve operation throughput.
Data Consistency

Journaling MongoDB uses write ahead logging to an on-disk journal. Journaling guarantees that MongoDB can
quickly recover write operations (page 114) that were written to the journal but not written to data files in cases where
mongod terminated due to a crash or other serious failure.
Leave journaling enabled in order to ensure that mongod will be able to recover its data files and keep the data files
in a valid state following a crash. See Journaling (page 606) for more information.
Read Concern New in version 3.2.
If using "majority" (page 182) read concern (page 181), use { w: "majority" } (page 180) write concern
(page 179) for write operations to ensure that a single thread can read its own writes.
To use a read concern level of "majority" (page 182), you must use the WiredTiger storage engine
and start the mongod instances with the --enableMajorityReadConcern command line option (or the
replication.enableMajorityReadConcern setting if using a configuration file).
Only replica sets using protocol version 1 (page 718) support "majority" (page 182) read concern.
Replica sets running protocol version 0 do not support "majority" (page 182) read concern.
Write Concern Write concern (page 179) describes the level of acknowledgement requested from MongoDB for
write operations. The level of the write concerns affects how quickly the write operation returns. When write operations have a weak write concern, they return quickly. With stronger write concerns, clients must wait after sending
a write operation until MongoDB confirms the write operation at the requested write concern level. With insufficient
write concerns, write operations may appear to a client to have succeeded, but may not persist in some cases of server
failure.
See the Write Concern (page 179) document for more information about choosing an appropriate write concern level
for your deployment.
Networking

Use Trusted Networking Environments Always run MongoDB in a trusted environment, with network rules that
prevent access from all unknown machines, systems, and networks. As with any sensitive system that is dependent on
network access, your MongoDB deployment should only be accessible to specific systems that require access, such as
application servers, monitoring services, and other MongoDB components.
Important: By default, authorization (page 433) is not enabled, and mongod assumes a trusted environment. Enable
authorization mode as needed. For more information on authentication mechanisms supported in MongoDB as
well as authorization in MongoDB, see Authentication (page 393) and Role-Based Access Control (page 433).

298

Chapter 8. Administration

MongoDB Documentation, Release 3.2.5

For additional information and considerations on security, refer to the documents in the Security Section (page 391),
specifically:
• Security Checklist (page 391)
• MongoDB Configuration Hardening (page 473)
• Hardening Network Infrastructure (page 474)
For Windows users, consider the Windows Server Technet Article on TCP Configuration64 when deploying MongoDB
on Windows.
Disable HTTP Interface MongoDB provides an HTTP interface to check the status of the server and, optionally,
run queries. The HTTP interface is disabled by default. Do not enable the HTTP interface in production environments.
Deprecated since version 3.2: HTTP interface for MongoDB
See HTTP Status Interface (page 473).
Manage Connection Pool Sizes Avoid overloading the connection resources of a mongod or mongos instance by
adjusting the connection pool size to suit your use case. Start at 110-115% of the typical number of current database
requests, and modify the connection pool size as needed. Refer to the connection-pool-options for adjusting the
connection pool size.
The connPoolStats command returns information regarding the number of open connections to the current
database for mongos and mongod instances in sharded clusters.
See also Allocate Sufficient RAM and CPU (page 299).
Hardware Considerations

MongoDB is designed specifically with commodity hardware in mind and has few hardware requirements or limitations. MongoDB’s core components run on little-endian hardware, primarily x86/x86_64 processors. Client libraries
(i.e. drivers) can run on big or little endian systems.
Allocate Sufficient RAM and CPU
MMAPv1 Due to its concurrency model, the MMAPv1 (page 603) storage engine does not require many CPU cores.
As such, increasing the number of cores can improve performance but does not provide significant return.
At a minimum, ensure that your mongod or mongos has access to two real cores or one physical CPU.
Increasing the amount of RAM accessible to MongoDB may help reduce the frequency of page faults.
WiredTiger The WiredTiger (page 595) storage engine is multithreaded and can take advantage of additional CPU
cores. Specifically, the total number of active threads (i.e. concurrent operations) relative to the number of available
CPUs can impact performance:
• Throughput increases as the number of concurrent active operations increases up to the number of CPUs.
• Throughput decreases as the number of concurrent active operations exceeds the number of CPUs by some
threshold amount.
64 http://technet.microsoft.com/en-us/library/dd349797.aspx

8.1. Administration Concepts

299

MongoDB Documentation, Release 3.2.5

The threshold depends on your application. You can determine the optimum number of concurrent active operations
for your application by experimenting and measuring throughput. The output from mongostat provides statistics
on the number of active reads/writes in the (ar|aw) column.
With WiredTiger, MongoDB utilizes both the WiredTiger cache and the filesystem cache.
Changed in version 3.2: Starting in MongoDB 3.2, the WiredTiger cache, by default, will use the larger of either:
• 60% of RAM minus 1 GB, or
• 1 GB.
For systems with up to 10 GB of RAM, the new default setting is less than or equal to the 3.0 default setting (For
MongoDB 3.0, the WiredTiger cache uses either 1 GB or half of the installed physical RAM, whichever is larger).
For systems with more than 10 GB of RAM, the new default setting is greater than the 3.0 setting.
Via the filesystem cache, MongoDB automatically uses all free memory that is not used by the WiredTiger cache or
by other processes. Data in the filesystem cache is compressed.
To adjust the size of the WiredTiger cache, see storage.wiredTiger.engineConfig.cacheSizeGB and
--wiredTigerCacheSizeGB. Avoid increasing the WiredTiger cache size above its default value.
Note: The storage.wiredTiger.engineConfig.cacheSizeGB only limits the size of the WiredTiger
cache, not the total amount of memory used by mongod. The WiredTiger cache is only one component of the RAM
used by MongoDB. MongoDB also automatically uses all free memory on the machine via the filesystem cache (data
in the filesystem cache is compressed).
In addition, the operating system will use any free RAM to buffer filesystem blocks.
To accommodate the additional consumers of RAM, you may have to decrease WiredTiger cache size.
The default WiredTiger cache size value assumes that there is a single mongod instance per machine. If a single machine contains multiple MongoDB instances, then you should decrease the setting to accommodate the other mongod
instances.
If you run mongod in a container (e.g. lxc, cgroups, Docker, etc.) that does not have access to all of the RAM
available in a system, you must set storage.wiredTiger.engineConfig.cacheSizeGB to a value less
than the amount of RAM available in the container. The exact amount depends on the other processes running in the
container.
To view statistics on the cache and eviction rate, see the wiredTiger.cache field returned from the
serverStatus command.
See also:
Concurrency (page 297)
Use Solid State Disks (SSDs)
(Solid State Disk).

MongoDB has good results and a good price-performance ratio with SATA SSD

Use SSD if available and economical. Spinning disks can be performant, but SSDs’ capacity for random I/O operations
works well with the update model of MMAPv1.
Commodity (SATA) spinning drives are often a good option, as the random I/O performance increase with more
expensive spinning drives is not that dramatic (only on the order of 2x). Using SSDs or increasing RAM may be more
effective in increasing I/O throughput.

300

Chapter 8. Administration

MongoDB Documentation, Release 3.2.5

MongoDB and NUMA Hardware Running MongoDB on a system with Non-Uniform Access Memory (NUMA)
can cause a number of operational problems, including slow performance for periods of time and high system process
usage.
When running MongoDB servers and clients on NUMA hardware, you should configure a memory interleave policy so
that the host behaves in a non-NUMA fashion. MongoDB checks NUMA settings on start up when deployed on Linux
(since version 2.0) and Windows (since version 2.6) machines. If the NUMA configuration may degrade performance,
MongoDB prints a warning.
See also:
• The MySQL “swap insanity” problem and the effects of NUMA65 post, which describes the effects of NUMA
on databases. The post introduces NUMA and its goals, and illustrates how these goals are not compatible
with production databases. Although the blog post addresses the impact of NUMA for MySQL, the issues for
MongoDB are similar.
• NUMA: An Overview66 .
Configuring NUMA on Windows On Windows, memory interleaving must be enabled through the machine’s
BIOS. Consult your system documentation for details.
Configuring NUMA on Linux When running MongoDB on Linux, you should disable zone reclaim in the sysctl
settings using one of the following commands:
echo 0 | sudo tee /proc/sys/vm/zone_reclaim_mode
sudo sysctl -w vm.zone_reclaim_mode=0

Then, you should use the numactl command to start the MongoDB programs (mongod, including the config servers
(page 742); mongos; and clients) in the following manner:
numactl --interleave=all

where is the path to the program you are starting, and are any optional arguments to pass to
the program.
To fully disable NUMA behavior, you must perform both operations. For more information, see the Documentation
for /proc/sys/vm/*67 .
Disk and Storage Systems
Swap Assign swap space for your systems. Allocating swap space can avoid issues with memory contention and
can prevent the OOM Killer on Linux systems from killing mongod.
For the MMAPv1 storage engine, the method mongod uses to map files to memory ensures that the operating system
will never store MongoDB data in swap space. On Windows systems, using MMAPv1 requires extra swap space due
to commitment limits. For details, see MongoDB on Windows (page 304).
For the WiredTiger storage engine, given sufficient memory pressure, WiredTiger may store data in swap space.
65 http://jcole.us/blog/archives/2010/09/28/mysql-swap-insanity-and-the-numa-architecture/
66 https://queue.acm.org/detail.cfm?id=2513149
67 http://www.kernel.org/doc/Documentation/sysctl/vm.txt

8.1. Administration Concepts

301

MongoDB Documentation, Release 3.2.5

RAID Most MongoDB deployments should use disks backed by RAID-10.
RAID-5 and RAID-6 do not typically provide sufficient performance to support a MongoDB deployment.
Avoid RAID-0 with MongoDB deployments. While RAID-0 provides good write performance, it also provides limited
availability and can lead to reduced performance on read operations, particularly when using Amazon’s EBS volumes.
Remote Filesystems With the MMAPv1 storage engine, the Network File System protocol (NFS) is not recommended as you may see performance problems when both the data files and the journal files are hosted on NFS. You
may experience better performance if you place the journal on local or iscsi volumes.
With the WiredTiger storage engine, WiredTiger objects may be stored on remote file systems if the remote file system
conforms to ISO/IEC 9945-1:1996 (POSIX.1). Because remote file systems are often slower than local file systems,
using a remote file system for storage may degrade performance.
If you decide to use NFS, add the following NFS options to your /etc/fstab file: bg, nolock, and noatime.
Separate Components onto Different Storage Devices For improved performance, consider separating your
database’s data, journal, and logs onto different storage devices, based on your application’s access and write pattern.
For the WiredTiger storage engine, you can also store the indexes on a different storage device.
storage.wiredTiger.engineConfig.directoryForIndexes.

See

Note: Using different storage devices will affect your ability to create snapshot-style backups of your data, since the
files will be on different devices and volumes.

Scheduling for Virtual Devices Local block devices attached to virtual machine instances via the hypervisor should
use a noop scheduler for best performance. The noop scheduler allows the operating system to defer I/O scheduling to
the underlying hypervisor.
Architecture

Replica Sets See the Replica Set Architectures (page 636) document for an overview of architectural considerations
for replica set deployments.
Sharded Clusters See the Sharded Cluster Production Architecture (page 745) document for an overview of recommended sharded cluster architectures for production deployments.
See also:
Design Notes (page 315)
Compression

WiredTiger can compress collection data using either snappy or zlib compression library. snappy provides a lower
compression rate but has little performance cost, whereas zlib provides better compression rate but has a higher
performance cost.
By default, WiredTiger uses snappy compression library.
To change the compression setting, see
storage.wiredTiger.collectionConfig.blockCompressor.
WiredTiger uses prefix compression on all indexes by default.

302

Chapter 8. Administration

MongoDB Documentation, Release 3.2.5

Platform Specific Considerations

Note: MongoDB uses the GNU C Library68 (glibc) if available on a system. MongoDB requires version at least
glibc-2.12-1.2.el6 to avoid a known bug with earlier versions. For best results use at least version 2.13.

MongoDB on Linux
Kernel and File Systems When running MongoDB in production on Linux, you should use Linux kernel version
2.6.36 or later, with either the XFS or EXT4 filesystem. If possible, use XFS as it generally performs better with
MongoDB.
With the WiredTiger storage engine in particular, use of XFS is strongly recommended to avoid performance issues
that have been observed when using EXT4 with WiredTiger.
• If you use the XFS file system, use at least version 2.6.25 of the Linux Kernel.
• If you use the EXT4 file system, use at least version 2.6.28 of the Linux Kernel.
• On Red Hat Enterprise Linux and CentOS, use at least version 2.6.18-194 of the Linux kernel.
fsync() on Directories
Important: MongoDB requires a filesystem that supports fsync() on directories. For example, HGFS and Virtual
Box’s shared folders do not support this operation.

Recommended Configuration For the WiredTiger and MMAPv1 storage engines, consider the following recommendations:
• Turn off atime for the storage volume containing the database files.
• Set the file descriptor limit, -n, and the user process limit (ulimit), -u, above 20,000, according to the suggestions in the ulimit (page 372) document. A low ulimit will affect MongoDB when under heavy use and can
produce errors and lead to failed connections to MongoDB processes and loss of service.
• Disable Transparent Huge Pages, as MongoDB performs better with normal (4096 bytes) virtual memory pages.
See Transparent Huge Pages Settings (page 319).
• Disable NUMA in your BIOS. If that is not possible, see MongoDB on NUMA Hardware (page 301).
• Configure SELinux on Red Hat. For more information, see Configure SELinux for MongoDB (page 25) and
Configure SELinux for MongoDB Enterprise (page 52).
For the MMAPv1 storage engine:
• Ensure that readahead settings for the block devices that store the database files are appropriate. For random
access use patterns, set low readahead values. A readahead of 32 (16 kB) often works well.
For a standard block device, you can run sudo blockdev --report to get the readahead settings and
sudo blockdev --setra to change the readahead settings. Refer to your specific operating system manual for more information.
For all MongoDB deployments:
• Use the Network Time Protocol (NTP) to synchronize time among your hosts. This is especially important in
sharded clusters.
68 http://www.gnu.org/software/libc/

8.1. Administration Concepts

303

MongoDB Documentation, Release 3.2.5

MongoDB and TLS/SSL Libraries On Linux platforms, you may observe one of the following statements in the
MongoDB log:

/libssl.so.: no version information available (required by /usr/bin/mongod
/libcrypto.so.: no version information available (required by /usr/bin/mon

These warnings indicate that the system’s TLS/SSL libraries are different from the TLS/SSL libraries that the mongod
was compiled against. Typically these messages do not require intervention; however, you can use the following
operations to determine the symbol versions that mongod expects:
objdump -T /mongod | grep " SSL_"
objdump -T /mongod | grep " CRYPTO_"

These operations will return output that resembles one the of the following lines:
0000000000000000
0000000000000000

DF *UND*
DF *UND*

0000000000000000
0000000000000000

libssl.so.10 SSL_write
OPENSSL_1.0.0 SSL_write

The last two strings in this output are the symbol version and symbol name. Compare these values with the values
returned by the following operations to detect symbol version mismatches:
objdump -T /libssl.so.1*
objdump -T /libcrypto.so.1*

This procedure is neither exact nor exhaustive: many symbols used by mongod from the libcrypto library do not
begin with CRYPTO_.
MongoDB on Windows
MongoDB 3.0 Using WiredTiger For MongoDB instances using the WiredTiger storage engine, performance on
Windows is comparable to performance on Linux.
MongoDB Using MMAPv1
Install Hotfix for MongoDB 2.6.6 and Later Microsoft has released a hotfix for Windows 7 and Windows Server
2008 R2, KB273128469 , that repairs a bug in these operating systems’ use of memory-mapped files that adversely
affects the performance of MongoDB using the MMAPv1 storage engine.
Install this hotfix to obtain significant performance improvements on MongoDB 2.6.6 and later releases in the 2.6
series, which use MMAPv1 exclusively, and on 3.0 and later when using MMAPv1 as the storage engine.
Configure Windows Page File For MMAPv1 Configure the page file such that the minimum and maximum page
file size are equal and at least 32 GB. Use a multiple of this size if, during peak usage, you expect concurrent writes to
many databases or collections. However, the page file size does not need to exceed the maximum size of the database.
A large page file is needed as Windows requires enough space to accommodate all regions of memory mapped files
made writable during peak usage, regardless of whether writes actually occur.
The page file is not used for database storage and will not receive writes during normal MongoDB operation. As such,
the page file will not affect performance, but it must exist and be large enough to accommodate Windows’ commitment
rules during peak database use.
Note:

Dynamic page file sizing is too slow to accommodate the rapidly fluctuating commit charge of an active

69 http://support.microsoft.com/kb/2731284

304

Chapter 8. Administration

MongoDB Documentation, Release 3.2.5

MongoDB deployment. This can result in transient overcommitment situations that may lead to abrupt server shutdown
with a VirtualProtect error 1455.

MongoDB on Virtual Environments This section describes considerations when running MongoDB in some of the
more common virtual environments.
For all platforms, consider Scheduling for Virtual Devices (page 302).
EC2 MongoDB is compatible with EC2. MongoDB Cloud Manager70 provides integration with Amazon Web
Services (AWS) and lets you deploy new EC2 instances directly from MongoDB Cloud Manager. See Configure AWS
Integration71 for more details.
Azure For all MongoDB deployments using Azure, you must mount the volume that hosts the mongod instance’s
dbPath with the Host Cache Preference READ/WRITE.
This applies to all Azure deployments, using any guest operating system.
If your volumes have inappropriate cache settings, MongoDB may eventually shut down with the following error:
[DataFileSync] FlushViewOfFile for failed with error 1 ...
[DataFileSync] Fatal Assertion 16387

These shut downs do not produce data loss when storage.journal.enabled is set to true. You can safely
restart mongod at any time following this event.
The performance characteristics of MongoDB may change with READ/WRITE caching enabled.
The TCP keepalive on the Azure load balancer is 240 seconds by default, which can cause it to silently drop connections if the TCP keepalive on your Azure systems is greater than this value. You should set tcp_keepalive_time
to 120 to ameliorate this problem.
On Linux systems:
• To view the keep alive setting, you can use one of the following commands:
sysctl net.ipv4.tcp_keepalive_time

Or:
cat /proc/sys/net/ipv4/tcp_keepalive_time

The value is measured in seconds.
• To change the tcp_keepalive_time value, you can use one of the following command:
sudo sysctl -w net.ipv4.tcp_keepalive_time=

Or:
echo | sudo tee /proc/sys/net/ipv4/tcp_keepalive_time

These operations do not persist across system reboots. To persist the setting, add the following line to
/etc/sysctl.conf:
net.ipv4.tcp_keepalive_time =
70 https://cloud.mongodb.com/?jmp=docs
71 https://docs.cloud.mongodb.com/tutorial/configure-aws-settings/

8.1. Administration Concepts

305

MongoDB Documentation, Release 3.2.5

On Linux, mongod and mongos processes limit the keepalive to a maximum of 300 seconds (5 minutes) on
their own sockets by overriding keepalive values greater than 5 minutes.
For Windows systems:
• To view the keep alive setting, issue the following command:
reg query HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters /v KeepAliveTime

The registry value is not present by default. The system default, used if the value is absent, is 7200000 milliseconds or 0x6ddd00 in hexadecimal.
• To change the KeepAliveTime value, use the following command in an Administrator Command Prompt,
where is expressed in hexadecimal (e.g. 0x0124c0 is 120000):
reg add HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ /v KeepAliveTime /d

Windows users should consider the Windows Server Technet Article on KeepAliveTime72 for more information
on setting keep alive for MongoDB deployments on Windows systems.
VMWare MongoDB is compatible with VMWare.
VMWare supports memory overcommitment, where you can assign more memory to your virtual machines than the
physical machine has available. When memory is overcommitted, the hypervisor reallocates memory between the
virtual machines. VMWare’s balloon driver (vmmemctl) reclaims the pages that are considered least valuable. The
balloon driver resides inside the guest operating system. When the balloon driver expands, it may induce the guest
operating system to reclaim memory from guest applications, which can interfere with MongoDB’s memory management and affect MongoDB’s performance.
You can disable the balloon driver and VMWare’s memory overcommitment feature to mitigate these problems. However, disabling the balloon driver can cause the hypervisor to use its swap, as there is no other available mechanism
to perform the memory reclamation. Accessing data in swap is much slower than accessing data in memory, which
can in turn affect performance. Instead of disabling the balloon driver and memory overcommitment features, map
and reserve the full amount of memory for the virtual machine running MongoDB. This ensures that the balloon will
not be inflated in the local operating system if there is memory pressure in the hypervisor due to an overcommitted
configuration.
When using MongoDB with VMWare, ensure that the CPU reservation does not exceed more than 2 virtual CPUs per
physical core.
Disable VMWare’s Migration with vMotion (“live migration”). The live migration of a virtual machine can cause
performance problems and affect replica set (page 644) and sharded cluster high availability (page 750) mechanisms.
It is possible to clone a virtual machine running MongoDB. You might use this function to spin up a new virtual host
to add as a member of a replica set. If you clone a VM with journaling enabled, the clone snapshot will be valid. If
not using journaling, first stop mongod, then clone the VM, and finally, restart mongod.
KVM MongoDB is compatible with KVM.
KVM supports memory overcommitment, where you can assign more memory to your virtual machines than the
physical machine has available. When memory is overcommitted, the hypervisor reallocates memory between the
virtual machines. KVM’s balloon driver reclaims the pages that are considered least valuable. The balloon driver
resides inside the guest operating system. When the balloon driver expands, it may induce the guest operating system
to reclaim memory from guest applications, which can interfere with MongoDB’s memory management and affect
MongoDB’s performance.
72 https://technet.microsoft.com/en-us/library/cc957549.aspx

306

Chapter 8. Administration

MongoDB Documentation, Release 3.2.5

You can disable the balloon driver and KVM’s memory overcommitment feature to mitigate these problems. However,
disabling the balloon driver can cause the hypervisor to use its swap, as there is no other available mechanism to
perform the memory reclamation. Accessing data in swap is much slower than accessing data in memory, which
can in turn affect performance. Instead of disabling the balloon driver and memory overcommitment features, map
and reserve the full amount of memory for the virtual machine running MongoDB. This ensures that the balloon will
not be inflated in the local operating system if there is memory pressure in the hypervisor due to an overcommitted
configuration.
When using MongoDB with KVM, ensure that the CPU reservation does not exceed more than 2 virtual CPUs per
physical core.
Performance Monitoring

iostat On Linux, use the iostat command to check if disk I/O is a bottleneck for your database. Specify a number
of seconds when running iostat to avoid displaying stats covering the time since server boot.
For example, the following command will display extended statistics and the time for each displayed report, with
traffic in MB/s, at one second intervals:
iostat -xmt 1

Key fields from iostat:
• %util: this is the most useful field for a quick check, it indicates what percent of the time the device/drive is
in use.
• avgrq-sz: average request size. Smaller number for this value reflect more random IO operations.
bwm-ng bwm-ng73 is a command-line tool for monitoring network use. If you suspect a network-based bottleneck,
you may use bwm-ng to begin your diagnostic process.
Backups

To make backups of your MongoDB database, please refer to MongoDB Backup Methods Overview (page 282).
Additional Resources

• Blog Post: Capacity Planning and Hardware Provisioning for MongoDB In Ten Minutes74
• Whitepaper: MongoDB Multi-Data Center Deployments75
• Whitepaper: Security Architecture76
• Whitepaper: MongoDB Architecture Guide77
• Presentation: MongoDB Administration 10178
• MongoDB Production Readiness Consulting Package79
73 http://www.gropp.org/?id=projects&sub=bwm-ng
74 https://www.mongodb.com/blog/post/capacity-planning-and-hardware-provisioning-mongodb-ten-minutes?jmp=docs
75 http://www.mongodb.com/lp/white-paper/multi-dc?jmp=docs
76 https://www.mongodb.com/lp/white-paper/mongodb-security-architecture?jmp=docs
77 https://www.mongodb.com/lp/whitepaper/architecture-guide?jmp=docs
78 http://www.mongodb.com/presentations/webinar-mongodb-administration-101?jmp=docs
79 https://www.mongodb.com/products/consulting?jmp=docs#s_product_readiness

8.1. Administration Concepts

307

MongoDB Documentation, Release 3.2.5

8.1.2 Data Management
These document introduce data management practices and strategies for MongoDB deployments, including strategies
for managing multi-data center deployments, managing larger file stores, and data lifecycle tools.
Data Center Awareness (page 308) Presents the MongoDB features that allow application developers and database
administrators to configure their deployments to be more data center aware or allow operational and locationbased separation.
Data Center Awareness

On this page
• Further Reading (page 309)
• Additional Resource (page 309)
MongoDB provides a number of features that allow application developers and database administrators to customize
the behavior of a sharded cluster or replica set deployment so that MongoDB may be more “data center aware,” or
allow operational and location-based separation.
MongoDB also supports segregation based on functional parameters, to ensure that certain mongod instances are
only used for reporting workloads or that certain high-frequency portions of a sharded collection only exist on specific
shards.
The following documents, found either in this section or other sections of this manual, provide information on customizing a deployment for operation- and location-based separation:
Operational Segregation in MongoDB Deployments (page 308) MongoDB lets you specify that certain application
operations use certain mongod instances.
Tag Aware Sharding (page 756) Tags associate specific ranges of shard key values with specific shards for use in
managing deployment patterns.
Manage Shard Tags (page 816) Use tags to associate specific ranges of shard key values with specific shards.
Operational Segregation in MongoDB Deployments

On this page
• Operational Overview (page 308)
• Additional Resource (page 309)

Operational Overview MongoDB includes a number of features that allow database administrators and developers
to segregate application operations to MongoDB deployments by functional or geographical groupings.
This capability provides “data center awareness,” which allows applications to target MongoDB deployments with
consideration of the physical location of the mongod instances. MongoDB supports segmentation of operations
across different dimensions, which may include multiple data centers and geographical regions in multi-data center
deployments, racks, networks, or power circuits in single data center deployments.
MongoDB also supports segregation of database operations based on functional or operational parameters, to ensure
that certain mongod instances are only used for reporting workloads or that certain high-frequency portions of a
sharded collection only exist on specific shards.

308

Chapter 8. Administration

MongoDB Documentation, Release 3.2.5

Specifically, with MongoDB, you can:
• ensure write operations propagate to specific members of a replica set, or to specific members of replica sets.
• ensure that specific members of a replica set respond to queries.
• ensure that specific ranges of your shard key balance onto and reside on specific shards.
• combine the above features in a single distributed deployment, on a per-operation (for read and write operations)
and collection (for chunk distribution in sharded clusters distribution) basis.
For full documentation of these features, see the following documentation in the MongoDB Manual:
• Read Preferences (page 651), which controls how drivers help applications target read operations to members
of a replica set.
• Write Concerns (page 179), which controls how MongoDB ensures that write operations propagate to members
of a replica set.
• Replica Set Tags (page 700), which control how applications create and interact with custom groupings of replica
set members to create custom application-specific read preferences and write concerns.
• Tag Aware Sharding (page 756), which allows MongoDB administrators to define an application-specific balancing policy, to control how documents belonging to specific ranges of a shard key distribute to shards in the
sharded cluster.
See also:
Before adding operational segregation features to your application and MongoDB deployment, become familiar with
all documentation of replication (page 623), and sharding (page 733).
Additional Resource
• Whitepaper: MongoDB Multi-Data Center Deployments80
• Webinar: Multi-Data Center Deployment81
Further Reading

• The Write Concern (page 179) and Read Preference (page 651) documents, which address capabilities related
to data center awareness.
• Deploy a Geographically Redundant Replica Set (page 672).
Additional Resource

• Whitepaper: MongoDB Multi-Data Center Deployments82
• Webinar: Multi-Data Center Deployment83
80 http://www.mongodb.com/lp/white-paper/multi-dc?jmp=docs
81 https://www.mongodb.com/presentations/webinar-multi-data-center-deployment?jmp=docs
82 http://www.mongodb.com/lp/white-paper/multi-dc?jmp=docs
83 https://www.mongodb.com/presentations/webinar-multi-data-center-deployment?jmp=docs

8.1. Administration Concepts

309

MongoDB Documentation, Release 3.2.5

8.1.3 Optimization Strategies for MongoDB
There are many factors that can affect database performance and responsiveness including index use, query structure,
data models and application design, as well as operational factors such as architecture and system configuration.
This section describes techniques for optimizing application performance with MongoDB.
Analyzing MongoDB Performance (page 310) Discusses some of the factors that can influence MongoDB’s performance.
Evaluate Performance of Current Operations (page 313) MongoDB provides introspection tools that describe the
query execution process, to allow users to test queries and build more efficient queries.
Optimize Query Performance (page 314) Introduces the use of projections (page 102) to reduce the amount of data
MongoDB sends to clients.
Design Notes (page 315) A collection of notes related to the architecture, design, and administration of MongoDBbased applications.
Analyzing MongoDB Performance

On this page
•
•
•
•
•

Locking Performance (page 310)
Memory and the MMAPv1 Storage Engine (page 311)
Number of Connections (page 311)
Database Profiling (page 312)
Additional Resources (page 313)

As you develop and operate applications with MongoDB, you may need to analyze the performance of the application
and its database. When you encounter degraded performance, it is often a function of database access strategies,
hardware availability, and the number of open database connections.
Some users may experience performance limitations as a result of inadequate or inappropriate indexing strategies, or
as a consequence of poor schema design patterns. Locking Performance (page 310) discusses how these can impact
MongoDB’s internal locking.
Performance issues may indicate that the database is operating at capacity and that it is time to add additional capacity
to the database. In particular, the application’s working set should fit in the available physical memory. See Memory
and the MMAPv1 Storage Engine (page 311) for more information on the working set.
In some cases performance issues may be temporary and related to abnormal traffic load. As discussed in Number of
Connections (page 311), scaling can help relax excessive traffic.
Database Profiling (page 312) can help you to understand what operations are causing degradation.
Locking Performance

MongoDB uses a locking system to ensure data set consistency. If certain operations are long-running or a queue
forms, performance will degrade as requests and operations wait for the lock.
Lock-related slowdowns can be intermittent. To see if the lock has been affecting your performance, refer to the
server-status-locks section and the globalLock section of the serverStatus output.
Dividing locks.timeAcquiringMicros by locks.acquireWaitCount can give an approximate average
wait time for a particular lock mode.

310

Chapter 8. Administration

MongoDB Documentation, Release 3.2.5

locks.deadlockCount provide the number of times the lock acquisitions encountered deadlocks.
If globalLock.currentQueue.total is consistently high, then there is a chance that a large number of requests are waiting for a lock. This indicates a possible concurrency issue that may be affecting performance.
If globalLock.totalTime is high relative to uptime, the database has existed in a lock state for a significant
amount of time.
Long queries can result from ineffective use of indexes; non-optimal schema design; poor query structure; system
architecture issues; or insufficient RAM resulting in page faults (page 311) and disk reads.
Memory and the MMAPv1 Storage Engine

Memory Use With the MMAPv1 (page 603) storage engine, MongoDB uses memory-mapped files to store data.
Given a data set of sufficient size, the mongod process will allocate all available memory on the system for its use.
While this is intentional and aids performance, the memory mapped files make it difficult to determine if the amount
of RAM is sufficient for the data set.
The memory usage statuses metrics of the serverStatus output can provide insight into MongoDB’s memory use.
The mem.resident field provides the amount of resident memory in use. If this exceeds the amount of system
memory and there is a significant amount of data on disk that isn’t in RAM, you may have exceeded the capacity of
your system.
You can inspect mem.mapped to check the amount of mapped memory that mongod is using. If this value is greater
than the amount of system memory, some operations will require a page faults to read data from disk.
Page Faults With the MMAPv1 storage engine, page faults can occur as MongoDB reads from or writes data to parts
of its data files that are not currently located in physical memory. In contrast, operating system page faults happen
when physical memory is exhausted and pages of physical memory are swapped to disk.
MongoDB reports its triggered page faults as the total number of page faults in one second. To check for page faults,
see the extra_info.page_faults value in the serverStatus output.
Rapid increases in the MongoDB page fault counter may indicate that the server has too little physical memory. Page
faults also can occur while accessing large data sets or scanning an entire collection.
A single page fault completes quickly and is not problematic. However, in aggregate, large volumes of page faults
typically indicate that MongoDB is reading too much data from disk.
MongoDB can often “yield” read locks after a page fault, allowing other database processes to read while mongod
loads the next page into memory. Yielding the read lock following a page fault improves concurrency, and also
improves overall throughput in high volume systems.
Increasing the amount of RAM accessible to MongoDB may help reduce the frequency of page faults. If this is not
possible, you may want to consider deploying a sharded cluster or adding shards to your deployment to distribute load
among mongod instances.
See What are page faults? (page 854) for more information.
Number of Connections

In some cases, the number of connections between the applications and the database can overwhelm the ability of the
server to handle requests. The following fields in the serverStatus document can provide insight:
• globalLock.activeClients contains a counter of the total number of clients with active operations in
progress or queued.

8.1. Administration Concepts

311

MongoDB Documentation, Release 3.2.5

• connections is a container for the following two fields:
– connections.current the total number of current clients that connect to the database instance.
– connections.available the total number of unused connections available for new clients.
If there are numerous concurrent application requests, the database may have trouble keeping up with demand. If this
is the case, then you will need to increase the capacity of your deployment.
For read-heavy applications, increase the size of your replica set and distribute read operations to secondary members.
For write-heavy applications, deploy sharding and add one or more shards to a sharded cluster to distribute load
among mongod instances.
Spikes in the number of connections can also be the result of application or driver errors. All of the officially supported
MongoDB drivers implement connection pooling, which allows clients to use and reuse connections more efficiently.
Extremely high numbers of connections, particularly without corresponding workload is often indicative of a driver or
other configuration error.
Unless constrained by system-wide limits, MongoDB has no limit on incoming connections. On Unix-based systems,
you can modify system limits using the ulimit command, or by editing your system’s /etc/sysctl file. See
UNIX ulimit Settings (page 372) for more information.
Database Profiling

MongoDB’s “Profiler” is a database profiling system that can help identify inefficient queries and operations.
The following profiling levels are available:
Level
0
1
2

Setting
Off. No profiling
On. Only includes “slow” operations
On. Includes all operations

Enable the profiler by setting the profile value using the following command in the mongo shell:
db.setProfilingLevel(1)

The slowOpThresholdMs setting defines what constitutes a “slow” operation. To set the threshold above
which the profiler considers operations “slow” (and thus, included in the level 1 profiling data), you can configure
slowOpThresholdMs at runtime as an argument to the db.setProfilingLevel() operation.
See
The documentation of db.setProfilingLevel() for more information.
By default, mongod records all “slow” queries to its log, as defined by slowOpThresholdMs.
Note: Because the database profiler can negatively impact performance, only enable profiling for strategic intervals
and as minimally as possible on production systems.
You may enable profiling on a per-mongod basis. This setting will not propagate across a replica set or sharded
cluster.
You can view the output of the profiler in the system.profile collection of your database by issuing the show
profile command in the mongo shell, or with the following operation:
db.system.profile.find( { millis : { $gt : 100 } } )

312

Chapter 8. Administration

MongoDB Documentation, Release 3.2.5

This returns all operations that lasted longer than 100 milliseconds. Ensure that the value specified here (100, in this
example) is above the slowOpThresholdMs threshold.
You must use the $query operator to access the query field of documents within system.profile.
Additional Resources

• MongoDB Ops Optimization Consulting Package84
Evaluate Performance of Current Operations

On this page
•
•
•
•

Use the Database Profiler to Evaluate Operations Against the Database (page 313)
Use db.currentOp() to Evaluate mongod Operations (page 313)
Use explain to Evaluate Query Performance (page 313)
Additional Resources (page 314)

The following sections describe techniques for evaluating operational performance.
Use the Database Profiler to Evaluate Operations Against the Database

MongoDB provides a database profiler that shows performance characteristics of each operation against the database.
Use the profiler to locate any queries or write operations that are running slow. You can use this information, for
example, to determine what indexes to create.
For more information, see Database Profiling (page 312).
Use db.currentOp() to Evaluate mongod Operations

The db.currentOp() method reports on current operations running on a mongod instance.
Use explain to Evaluate Query Performance

The cursor.explain() and db.collection.explain() methods return information on a query execution, such as the index MongoDB selected to fulfill the query and execution statistics. You can run the methods in
queryPlanner mode, executionStats mode, or allPlansExecution mode to control the amount of information returned.
Example
To use cursor.explain() on a query for documents matching the expression { a:
named records, use an operation that resembles the following in the mongo shell:

1 }, in the collection

db.records.find( { a: 1 } ).explain("executionStats")

For more information, see https://docs.mongodb.org/manual/reference/explain-results,
cursor.explain(), db.collection.explain(), and Analyze Query Performance (page 159).
84 https://www.mongodb.com/products/consulting?jmp=docs#ops_optimization

8.1. Administration Concepts

313

MongoDB Documentation, Release 3.2.5

Additional Resources

• MongoDB Performance Evaluation and Tuning Consulting Package85
Optimize Query Performance

On this page
•
•
•
•
•
•

Create Indexes to Support Queries (page 314)
Limit the Number of Query Results to Reduce Network Demand (page 315)
Use Projections to Return Only Necessary Data (page 315)
Use $hint to Select a Particular Index (page 315)
Use the Increment Operator to Perform Operations Server-Side (page 315)
Additional Resources (page 315)

Create Indexes to Support Queries

For commonly issued queries, create indexes (page 515). If a query searches multiple fields, create a compound index
(page 522). Scanning an index is much faster than scanning a collection. The indexes structures are smaller than the
documents reference, and store references in order.
Example
If you have a posts collection containing blog posts, and if you regularly issue a query that sorts on the
author_name field, then you can optimize the query by creating an index on the author_name field:
db.posts.createIndex( { author_name : 1 } )

Indexes also improve efficiency on queries that routinely sort on a given field.
Example
If you regularly issue a query that sorts on the timestamp field, then you can optimize the query by creating an
index on the timestamp field:
Creating this index:
db.posts.createIndex( { timestamp : 1 } )

Optimizes this query:
db.posts.find().sort( { timestamp : -1 } )

Because MongoDB can read indexes in both ascending and descending order, the direction of a single-key index does
not matter.
Indexes support queries, update operations, and some phases of the aggregation pipeline (page 200).
Index keys that are of the BinData type are more efficiently stored in the index if:
• the binary subtype value is in the range of 0-7 or 128-135, and
• the length of the byte array is: 0, 1, 2, 3, 4, 5, 6, 7, 8, 10, 12, 14, 16, 20, 24, or 32.
85 https://www.mongodb.com/products/consulting?jmp=docs#performance_evaluation

314

Chapter 8. Administration

MongoDB Documentation, Release 3.2.5

Limit the Number of Query Results to Reduce Network Demand

MongoDB cursors return results in groups of multiple documents. If you know the number of results you want, you
can reduce the demand on network resources by issuing the limit() method.
This is typically used in conjunction with sort operations. For example, if you need only 10 results from your query to
the posts collection, you would issue the following command:
db.posts.find().sort( { timestamp : -1 } ).limit(10)

For more information on limiting results, see limit()
Use Projections to Return Only Necessary Data

When you need only a subset of fields from documents, you can achieve better performance by returning only the
fields you need:
For example, if in your query to the posts collection, you need only the timestamp, title, author, and
abstract fields, you would issue the following command:
db.posts.find( {}, { timestamp : 1 , title : 1 , author : 1 , abstract : 1} ).sort( { timestamp : -1

For more information on using projections, see Limit Fields to Return from a Query (page 153).
Use $hint to Select a Particular Index

In most cases the query optimizer (page 108) selects the optimal index for a specific operation; however, you can force
MongoDB to use a specific index using the hint() method. Use hint() to support performance testing, or on
some queries where you must select a field or field included in several indexes.
Use the Increment Operator to Perform Operations Server-Side

Use MongoDB’s $inc operator to increment or decrement values in documents. The operator increments the value
of the field on the server side, as an alternative to selecting a document, making simple modifications in the client
and then writing the entire document to the server. The $inc operator can also help avoid race conditions, which
would result when two application instances queried for a document, manually incremented a field, and saved the
entire document back at the same time.
Additional Resources

• MongoDB Performance Evaluation and Tuning Consulting Package86
Design Notes
86 https://www.mongodb.com/products/consulting?jmp=docs#performance_evaluation

8.1. Administration Concepts

315

MongoDB Documentation, Release 3.2.5

On this page
•
•
•
•
•
•

Schema Considerations (page 316)
General Considerations (page 316)
Replica Set Considerations (page 317)
Sharding Considerations (page 317)
Analyze Performance (page 318)
Additional Resources (page 318)

This page details features of MongoDB that may be important to keep in mind when developing applications.
Schema Considerations

Dynamic Schema Data in MongoDB has a dynamic schema. Collections do not enforce document structure. This
facilitates iterative development and polymorphism. Nevertheless, collections often hold documents with highly homogeneous structures. See Data Modeling Concepts (page 252) for more information.
Some operational considerations include:
• the exact set of collections to be used;
• the indexes to be used: with the exception of the _id index, all indexes must be created explicitly;
• shard key declarations: choosing a good shard key is very important as the shard key cannot be changed once
set.
Avoid importing unmodified data directly from a relational database. In general, you will want to “roll up” certain
data into richer documents that take advantage of MongoDB’s support for embedded documents and nested arrays.
Case Sensitive Strings MongoDB strings are case sensitive. So a search for "joe" will not find "Joe".
Consider:
• storing data in a normalized case format, or
• using regular expressions ending with the i option, and/or
• using $toLower or $toUpper in the aggregation framework (page 199).
Type Sensitive Fields MongoDB data is stored in the BSON format, a binary encoded serialization of JSON-like
documents. BSON encodes additional type information. See bsonspec.org87 for more information.
Consider the following document which has a field x with the string value "123":
{ x : "123" }

Then the following query which looks for a number value 123 will not return that document:
db.mycollection.find( { x : 123 } )

General Considerations

By Default, Updates Affect one Document To update multiple documents that meet your query criteria, set the
update multi option to true or 1. See: Update Multiple Documents (page 121).
87 http://bsonspec.org/#/specification

316

Chapter 8. Administration

MongoDB Documentation, Release 3.2.5

Prior to MongoDB 2.2, you would specify the upsert and multi options in the update method as positional
boolean options. See: the update method reference documentation.
BSON Document Size Limit The BSON Document Size limit is currently set at 16 MB per document. If you
require larger documents, use GridFS (page 611).
No Fully Generalized Transactions MongoDB does not have fully generalized transactions (page 125). If you
model your data using rich documents that closely resemble your application’s objects, each logical object will be in
one MongoDB document. MongoDB allows you to modify a document in a single atomic operation. These kinds of
data modification pattern covers most common uses of transactions in other systems.
Replica Set Considerations

Use an Odd Number of Replica Set Members Replica sets (page 623) perform consensus elections. To ensure
that elections will proceed successfully, either use an odd number of members, typically three, or else use an arbiter
to ensure an odd number of votes.
Keep Replica Set Members Up-to-Date MongoDB replica sets support automatic failover (page 644). It is important for your secondaries to be up-to-date. There are various strategies for assessing consistency:
1. Use monitoring tools to alert you to lag events. See Monitoring for MongoDB (page 285) for a detailed discussion of MongoDB’s monitoring options.
2. Specify appropriate write concern.
3. If your application requires manual fail over, you can configure your secondaries as priority 0 (page 631).
Priority 0 secondaries require manual action for a failover. This may be practical for a small replica set, but
large deployments should fail over automatically.
See also:
replica set rollbacks (page 647).
Sharding Considerations

• Pick your shard keys carefully. You cannot choose a new shard key for a collection that is already sharded.
• Shard key values are immutable.
• When enabling sharding on an existing collection, MongoDB imposes a maximum size on those collections to ensure that it is possible to create chunks. For a detailed explanation of this limit, see:
.
To shard large amounts of data, create a new empty sharded collection, and ingest the data from the source
collection using an application level import operation.
• Unique indexes are not enforced across shards except for the shard key itself. See Enforce Unique Keys for
Sharded Collections (page 818).
• Consider pre-splitting (page 808) an empty sharded collection before a massive bulk import.

8.1. Administration Concepts

317

MongoDB Documentation, Release 3.2.5

Analyze Performance

• MongoDB Ops Optimization Consulting Package88

8.2 Administration Tutorials
The administration tutorials provide specific step-by-step instructions for performing common MongoDB setup, maintenance, and configuration operations.
Configuration, Maintenance, and Analysis (page 318) Describes routine management operations, including configuration and performance analysis.
Manage mongod Processes (page 323) Start, configure, and manage running mongod process.
Rotate Log Files (page 330) Archive the current log files and start new ones.
Continue reading from Configuration, Maintenance, and Analysis (page 318) for additional tutorials of fundamental MongoDB maintenance procedures.
Backup and Recovery (page 343) Outlines procedures for data backup and restoration with mongod instances and
deployments.
Backup and Restore with Filesystem Snapshots (page 343) An outline of procedures for creating MongoDB
data set backups using system-level file snapshot tool, such as LVM or native storage appliance tools.
Backup and Restore Sharded Clusters (page 355) Detailed procedures and considerations for backing up
sharded clusters and single shards.
Recover Data after an Unexpected Shutdown (page 366) Recover data from MongoDB data files that were not
properly closed or have an invalid state.
Continue reading from Backup and Recovery (page 343) for additional tutorials of MongoDB backup and recovery procedures.
MongoDB Tutorials (page 369) A complete list of tutorials in the MongoDB Manual that address MongoDB operation and use.

8.2.1 Configuration, Maintenance, and Analysis
The following tutorials describe routine management operations, including configuration and performance analysis:
Disable Transparent Huge Pages (THP) (page 319) Describes Transparent Huge Pages (THP) and provides detailed
instructions on disabling them.
Use Database Commands (page 322) The process for running database commands that provide basic database operations.
Manage mongod Processes (page 323) Start, configure, and manage running mongod process.
88 https://www.mongodb.com/products/consulting?jmp=docs#ops_optimization

318

Chapter 8. Administration

MongoDB Documentation, Release 3.2.5

Terminate Running Operations (page 325) Stop in progress MongoDB client operations using db.killOp() and
maxTimeMS().
Analyze Performance of Database Operations (page 326) Collect data that introspects the performance of query and
update operations on a mongod instance.
Rotate Log Files (page 330) Archive the current log files and start new ones.
Manage Journaling (page 332) Describes the procedures for configuring and managing MongoDB’s journaling system, which allows MongoDB to provide crash resiliency and durability.
Store a JavaScript Function on the Server (page 334) Describes how to store JavaScript functions on a MongoDB
server.
Upgrade to the Latest Revision of MongoDB (page 335) Introduces the basic process for upgrading a MongoDB deployment between different minor release versions.
Monitor MongoDB With SNMP on Linux (page 338) The SNMP extension, available in MongoDB Enterprise, allows MongoDB to provide database metrics via SNMP.
Monitor MongoDB Windows with SNMP (page 340) The SNMP extension, available in the Windows build of MongoDB Enterprise, allows MongoDB to provide database metrics via SNMP.
Troubleshoot SNMP (page 342) Outlines common errors and diagnostic processes useful for deploying MongoDB
Enterprise with SNMP support.
Disable Transparent Huge Pages (THP)

On this page
• Init Script (page 319)
• Using tuned and ktune (page 320)
• Test Your Changes (page 321)
Transparent Huge Pages (THP) is a Linux memory management system that reduces the overhead of Translation
Lookaside Buffer (TLB) lookups on machines with large amounts of memory by using larger memory pages.
However, database workloads often perform poorly with THP, because they tend to have sparse rather than contiguous
memory access patterns. You should disable THP on Linux machines to ensure best performance with MongoDB.
Init Script

Important: If you are using tuned or ktune (for example, if you are running Red Hat or CentOS 6+), you must
additionally configure them so that THP is not re-enabled. See Using tuned and ktune (page 320).

Step 1: Create the init.d script. Create the following file at /etc/init.d/disable-transparent-hugepages:
#!/bin/sh
### BEGIN INIT INFO
# Provides:
# Required-Start:
# Required-Stop:
# X-Start-Before:
# Default-Start:
# Default-Stop:

disable-transparent-hugepages
$local_fs
mongod mongodb-mms-automation-agent
2 3 4 5
0 1 6

8.2. Administration Tutorials

319

MongoDB Documentation, Release 3.2.5

# Short-Description: Disable Linux transparent huge pages
# Description:
Disable Linux transparent huge pages, to improve
#
database performance.
### END INIT INFO
case $1 in
start)
if [ -d /sys/kernel/mm/transparent_hugepage ]; then
thp_path=/sys/kernel/mm/transparent_hugepage
elif [ -d /sys/kernel/mm/redhat_transparent_hugepage ]; then
thp_path=/sys/kernel/mm/redhat_transparent_hugepage
else
return 0
fi
echo 'never' > ${thp_path}/enabled
echo 'never' > ${thp_path}/defrag
unset thp_path
;;
esac

Step 2: Make it executable. Run the following command to ensure that the init script can be used:
sudo chmod 755 /etc/init.d/disable-transparent-hugepages

Step 3: Configure your operating system to run it on boot.
init script on your Linux distribution.
Distribution
Ubuntu and Debian
SUSE
Red Hat, CentOS, Amazon Linux, and derivatives

Use the appropriate command to configure the new

Command

sudo update-rc.d disable-transparent-hugepages defa

sudo insserv /etc/init.d/disable-transparent-hugepa
sudo chkconfig --add disable-transparent-hugepages

Step 4: Override tuned and ktune, if applicable If you are using tuned or ktune (for example, if you are
running Red Hat or CentOS 6+) you must now configure them to preserve the above settings.
Using tuned and ktune

Important: If using tuned or ktune, you must perform this step in addition to installing the init script.
tuned and ktune are dynamic kernel tuning tools available on Red Hat and CentOS that can disable transparent
huge pages.
To disable transparent huge pages in tuned or ktune, you need to edit or create a new profile that sets THP to
never.
Red Hat/CentOS 6
320

Chapter 8. Administration

MongoDB Documentation, Release 3.2.5

Step 1: Create a new profile. Create a new profile from an existing default profile by copying the relevant directory.
In the example we use the default profile as the base and call our new profile no-thp.
sudo cp -r /etc/tune-profiles/default /etc/tune-profiles/no-thp

Step 2: Edit ktune.sh. Edit /etc/tune-profiles/no-thp/ktune.sh and add the following:
set_transparent_hugepages never

to the start() block of the file, before the return 0 statement.
Step 3: Enable the new profile. Finally, enable the new profile by issuing:
sudo tuned-adm profile no-thp

Red Hat/CentOS 7
Step 1: Create a new profile. Create a new tuned profile directory:
sudo mkdir /etc/tuned/no-thp

Step 2: Edit tuned.conf. Create and edit /etc/tuned/no-thp/tuned.conf so that it contains the following:
[main]
include=virtual-guest
[vm]
transparent_hugepages=never

Step 3: Enable the new profile. Finally, enable the new profile by issuing:
sudo tuned-adm profile no-thp

Test Your Changes

You can check the status of THP support by issuing the following commands:
cat /sys/kernel/mm/transparent_hugepage/enabled
cat /sys/kernel/mm/transparent_hugepage/defrag

On Red Hat Enterprise Linux, CentOS, and potentially other Red Hat-based derivatives, you may instead need to use
the following:
cat /sys/kernel/mm/redhat_transparent_hugepage/enabled
cat /sys/kernel/mm/redhat_transparent_hugepage/defrag

For both files, the correct output resembles:
always madvise [never]

8.2. Administration Tutorials

321

MongoDB Documentation, Release 3.2.5

Use Database Commands

On this page
•
•
•
•

Database Command Form (page 322)
Issue Commands (page 322)
admin Database Commands (page 322)
Command Responses (page 322)

The MongoDB command interface provides access to all non CRUD database operations. Fetching server stats,
initializing a replica set, and running a map-reduce job are all accomplished with commands.
See https://docs.mongodb.org/manual/reference/command for list of all commands sorted by function.
Database Command Form

You specify a command first by constructing a standard BSON document whose first key is the name of the command.
For example, specify the isMaster command using the following BSON document:
{ isMaster: 1 }

Issue Commands

The mongo shell provides a helper method for running commands called db.runCommand(). The following
operation in mongo runs the above command:
db.runCommand( { isMaster: 1 } )

Many drivers provide an equivalent for the db.runCommand() method. Internally, running commands with
db.runCommand() is equivalent to a special query against the $cmd collection.
Many common commands have their own shell helpers or wrappers in the mongo shell and drivers, such as the
db.isMaster() method in the mongo JavaScript shell.
You can use the maxTimeMS option to specify a time limit for the execution of a command, see Terminate a Command
(page 326) for more information on operation termination.
admin Database Commands

You must run some commands on the admin database. Normally, these operations resemble the followings:
use admin
db.runCommand( {buildInfo: 1} )

However, there’s also a command helper that automatically runs the command in the context of the admin database:
db._adminCommand( {buildInfo: 1} )

Command Responses

All commands return, at minimum, a document with an ok field indicating whether the command has succeeded:

322

Chapter 8. Administration

MongoDB Documentation, Release 3.2.5

{ 'ok': 1 }

Failed commands return the ok field with a value of 0.
Manage mongod Processes

On this page
• Start mongod Processes (page 323)
• Stop mongod Processes (page 324)
• Stop a Replica Set (page 324)
MongoDB runs as a standard program. You can start MongoDB from a command line by issuing the mongod command and specifying options. For a list of options, see the mongod reference. MongoDB can also run as a Windows
service. For details, see Configure a Windows Service for MongoDB Community Edition (page 47). To install MongoDB, see Install MongoDB (page 21).
The following examples assume the directory containing the mongod process is in your system paths. The mongod
process is the primary database process that runs on an individual server. mongos provides a coherent MongoDB
interface equivalent to a mongod from the perspective of a client. The mongo binary provides the administrative
shell.
This document discusses the mongod process; however, some portions of this document may be applicable to mongos
instances.
Start mongod Processes

By default, MongoDB stores data in the /data/db directory. On Windows, MongoDB stores data in C:\data\db.
On all platforms, MongoDB listens for connections from clients on port 27017.
To start MongoDB using all defaults, issue the following command at the system shell:
mongod

Specify a Data Directory If you want mongod to store data files at a path other than /data/db you can specify
a dbPath. The dbPath must exist before you start mongod. If it does not exist, create the directory and the
permissions so that mongod can read and write data to this path. For more information on permissions, see the
security operations documentation (page 391).
To specify a dbPath for mongod to use as a data directory, use the --dbpath option. The following invocation
will start a mongod instance and store data in the /srv/mongodb path
mongod --dbpath /srv/mongodb/

Specify a TCP Port Only a single process can listen for connections on a network interface at a time. If you run
multiple mongod processes on a single machine, or have other processes that must use this port, you must assign each
a different port to listen on for client connections.
To specify a port to mongod, use the --port option on the command line. The following command starts mongod
listening on port 12345:
mongod --port 12345

Use the default port number when possible, to avoid confusion.
8.2. Administration Tutorials

323

MongoDB Documentation, Release 3.2.5

Start mongod as a Daemon To run a mongod process as a daemon (i.e. fork), and write its output to a log file,
use the --fork and --logpath options. You must create the log directory; however, mongod will create the log
file if it does not exist.
The following command starts mongod as a daemon and records log output to /var/log/mongodb.log.
mongod --fork --logpath /var/log/mongodb.log

Additional Configuration Options For an overview of common configurations and deployments for common use
cases, see Run-time Database Configuration (page 291).
Stop mongod Processes

In a clean shutdown a mongod completes all pending operations, flushes all data to data files, and closes all data files.
Other shutdowns are unclean and can compromise the validity of the data files.
To ensure a clean shutdown, always shutdown mongod instances using one of the following methods:
Use shutdownServer() Shut down the mongod from the mongo shell using the db.shutdownServer()
method as follows:
use admin
db.shutdownServer()

Calling the same method from a init script accomplishes the same result.
For systems with authorization enabled, users may only issue db.shutdownServer() when authenticated
to the admin database or via the localhost interface on systems without authentication enabled.
Use --shutdown From the Linux command line, shut down the mongod using the --shutdown option in the
following command:
mongod --shutdown

Use CTRL-C When running the mongod instance in interactive mode (i.e. without --fork), issue Control-C
to perform a clean shutdown.
Use kill From the Linux command line, shut down a specific mongod instance using the following command:
kill

Warning: Never use kill -9 (i.e. SIGKILL) to terminate a mongod instance.

Stop a Replica Set

Procedure If the mongod is the primary in a replica set, the shutdown process for this mongod instance has the
following steps:
1. Check how up-to-date the secondaries are.
2. If no secondary is within 10 seconds of the primary, mongod will return a message that it will not shut down.
You can pass the shutdown command a timeoutSecs argument to wait for a secondary to catch up.
324

Chapter 8. Administration

MongoDB Documentation, Release 3.2.5

3. If there is a secondary within 10 seconds of the primary, the primary will step down and wait for the secondary
to catch up.
4. After 60 seconds or once the secondary has caught up, the primary will shut down.
Force Replica Set Shutdown If there is no up-to-date secondary and you want the primary to shut down, issue the
shutdown command with the force argument, as in the following mongo shell operation:
db.adminCommand({shutdown : 1, force : true})

To keep checking the secondaries for a specified number of seconds if none are immediately up-to-date, issue
shutdown with the timeoutSecs argument. MongoDB will keep checking the secondaries for the specified
number of seconds if none are immediately up-to-date. If any of the secondaries catch up within the allotted time, the
primary will shut down. If no secondaries catch up, it will not shut down.
The following command issues shutdown with timeoutSecs set to 5:
db.adminCommand({shutdown : 1, timeoutSecs : 5})

Alternately you can use the timeoutSecs argument with the db.shutdownServer() method:
db.shutdownServer({timeoutSecs : 5})

Terminate Running Operations

On this page
• Overview (page 325)
• Available Procedures (page 325)

Overview

MongoDB provides two facilitates to terminate running operations: maxTimeMS() and db.killOp(). Use these
operations as needed to control the behavior of operations in a MongoDB deployment.
Available Procedures

maxTimeMS New in version 2.6.
The maxTimeMS() method sets a time limit for an operation. When the operation reaches the specified time limit,
MongoDB interrupts the operation at the next interrupt point.
Terminate a Query
query:

From the mongo shell, use the following method to set a time limit of 30 milliseconds for this

db.location.find( { "town": { "$regex": "(Pine Lumber)",
"$options": 'i' } } ).maxTimeMS(30)

8.2. Administration Tutorials

325

MongoDB Documentation, Release 3.2.5

Terminate a Command Consider a potentially long running operation using distinct to return each distinct‘‘collection‘‘ field that has a city key:
db.runCommand( { distinct: "collection",
key: "city" } )

You can add the maxTimeMS field to the command document to set a time limit of 45 milliseconds for the operation:
db.runCommand( { distinct: "collection",
key: "city",
maxTimeMS: 45 } )

db.getLastError() and db.getLastErrorObj() will return errors for interrupted options:
{ "n" : 0,
"connectionId" : 1,
"err" : "operation exceeded time limit",
"ok" : 1 }

killOp The db.killOp() method interrupts a running operation at the next interrupt point. db.killOp()
identifies the target operation by operation ID.
db.killOp()

Warning: Terminate running operations with extreme caution. Only use db.killOp() to terminate operations
initiated by clients and do not terminate internal database operations.

Related
To return a list of running operations see db.currentOp().

Analyze Performance of Database Operations

On this page
•
•
•
•
•

Profiling Levels (page 327)
Enable Database Profiling and Set the Profiling Level (page 327)
View Profiler Data (page 328)
Profiler Overhead (page 329)
Additional Resources (page 330)

The database profiler collects fine grained data about MongoDB write operations, cursors, database commands on
a running mongod instance. You can enable profiling on a per-database or per-instance basis. The profiling level
(page 327) is also configurable when enabling profiling. The profiler is off by default.
The database profiler writes all the data it collects to the system.profile (page 377) collection, which is a capped
collection (page 6). See Database Profiler Output (page 378) for overview of the data in the system.profile
(page 377) documents created by the profiler.
This document outlines a number of key administration options for the database profiler. For additional related information, consider the following resources:
• Database Profiler Output (page 378)
• Profile Command
326

Chapter 8. Administration

MongoDB Documentation, Release 3.2.5

• db.currentOp()
Profiling Levels

The following profiling levels are available:
• 0 - the profiler is off, does not collect any data. mongod always writes operations longer than the
slowOpThresholdMs threshold to its log. This is the default profiler level.
• 1 - collects profiling data for slow operations only. By default slow operations are those slower than 100
milliseconds.
You can modify the threshold for “slow” operations with the slowOpThresholdMs runtime option or the
setParameter command. See the Specify the Threshold for Slow Operations (page 327) section for more
information.
• 2 - collects profiling data for all database operations.
Enable Database Profiling and Set the Profiling Level

You can enable database profiling from the mongo shell or through a driver using the profile command. This
section will describe how to do so from the mongo shell. See your driver documentation if you want to
control the profiler from within your application.
When you enable profiling, you also set the profiling level (page 327). The profiler records data in the
system.profile (page 377) collection. MongoDB creates the system.profile (page 377) collection in a
database after you enable profiling for that database.
To enable profiling and set the profiling level, use the db.setProfilingLevel() helper in the mongo shell,
passing the profiling level as a parameter. For example, to enable profiling for all database operations, consider the
following operation in the mongo shell:
db.setProfilingLevel(2)

The shell returns a document showing the previous level of profiling. The "ok" :
operation succeeded:

1 key-value pair indicates the

{ "was" : 0, "slowms" : 100, "ok" : 1 }

To verify the new setting, see the Check Profiling Level (page 328) section.
Specify the Threshold for Slow Operations The threshold for slow operations applies to the entire mongod instance. When you change the threshold, you change it for all databases on the instance.
Important: Changing the slow operation threshold for the database profiler also affects the profiling subsystem’s
slow operation threshold for the entire mongod instance. Always set the threshold to the highest useful value.
By default the slow operation threshold is 100 milliseconds. Databases with a profiling level of 1 will log operations
slower than 100 milliseconds.
To change the threshold, pass two parameters to the db.setProfilingLevel() helper in the mongo shell. The
first parameter sets the profiling level for the current database, and the second sets the default slow operation threshold
for the entire mongod instance.
For example, the following command sets the profiling level for the current database to 0, which disables profiling,
and sets the slow-operation threshold for the mongod instance to 20 milliseconds. Any database on the instance with
a profiling level of 1 will use this threshold:
8.2. Administration Tutorials

327

MongoDB Documentation, Release 3.2.5

db.setProfilingLevel(0,20)

Check Profiling Level To view the profiling level (page 327), issue the following from the mongo shell:
db.getProfilingStatus()

The shell returns a document similar to the following:
{ "was" : 0, "slowms" : 100 }

The was field indicates the current level of profiling.
The slowms field indicates how long an operation must exist in milliseconds for an operation to pass the “slow”
threshold. MongoDB will log operations that take longer than the threshold if the profiling level is 1. This document
returns the profiling level in the was field. For an explanation of profiling levels, see Profiling Levels (page 327).
To return only the profiling level, use the db.getProfilingLevel() helper in the mongo as in the following:
db.getProfilingLevel()

Disable Profiling To disable profiling, use the following helper in the mongo shell:
db.setProfilingLevel(0)

Enable Profiling for an Entire mongod Instance For development purposes in testing environments, you can
enable database profiling for an entire mongod instance. The profiling level applies to all databases provided by the
mongod instance.
To enable profiling for a mongod instance, pass the following parameters to mongod at startup or within the
configuration file:
mongod --profile=1 --slowms=15

This sets the profiling level to 1, which collects profiling data for slow operations only, and defines slow operations as
those that last longer than 15 milliseconds.
See also:
mode and slowOpThresholdMs.
Database Profiling and Sharding You cannot enable profiling on a mongos instance. To enable profiling in a
shard cluster, you must enable profiling for each mongod instance in the cluster.
View Profiler Data

The database profiler logs information about database operations in the system.profile (page 377) collection.
To view profiling information, query the system.profile (page 377) collection. You can use $comment to add
data to the query document to make it easier to analyze data from the profiler. To view example queries, see Profiler
Overhead (page 329).
For an explanation of the output data, see Database Profiler Output (page 378).

328

Chapter 8. Administration

MongoDB Documentation, Release 3.2.5

Example Profiler Data Queries This section displays example queries to the system.profile (page 377) collection. For an explanation of the query output, see Database Profiler Output (page 378).
To return the most recent 10 log entries in the system.profile (page 377) collection, run a query similar to the
following:
db.system.profile.find().limit(10).sort( { ts : -1 } ).pretty()

To return all operations except command operations ($cmd), run a query similar to the following:
db.system.profile.find( { op: { $ne : 'command' } } ).pretty()

To return operations for a particular collection, run a query similar to the following. This example returns operations
in the mydb database’s test collection:
db.system.profile.find( { ns : 'mydb.test' } ).pretty()

To return operations slower than 5 milliseconds, run a query similar to the following:
db.system.profile.find( { millis : { $gt : 5 } } ).pretty()

To return information from a certain time range, run a query similar to the following:
db.system.profile.find(
{
ts : {
$gt : new ISODate("2012-12-09T03:00:00Z") ,
$lt : new ISODate("2012-12-09T03:40:00Z")
}
}
).pretty()

The following example looks at the time range, suppresses the user field from the output to make it easier to read,
and sorts the results by how long each operation took to run:
db.system.profile.find(
{
ts : {
$gt : new ISODate("2011-07-12T03:00:00Z") ,
$lt : new ISODate("2011-07-12T03:40:00Z")
}
},
{ user : 0 }
).sort( { millis : -1 } )

Show the Five Most Recent Events On a database that has profiling enabled, the show profile helper in the
mongo shell displays the 5 most recent operations that took at least 1 millisecond to execute. Issue show profile
from the mongo shell, as follows:
show profile

Profiler Overhead

When enabled, profiling has a minor effect on performance. The system.profile (page 377) collection is a
capped collection with a default size of 1 megabyte. A collection of this size can typically store several thousand
profile documents, but some application may use more or less profiling data per operation.

8.2. Administration Tutorials

329

MongoDB Documentation, Release 3.2.5

Change Size of system.profile Collection on the Primary To change the size of the system.profile
(page 377) collection, you must:
1. Disable profiling.
2. Drop the system.profile (page 377) collection.
3. Create a new system.profile (page 377) collection.
4. Re-enable profiling.
For example, to create a new system.profile (page 377) collections that’s 4000000 bytes, use the following
sequence of operations in the mongo shell:
db.setProfilingLevel(0)
db.system.profile.drop()
db.createCollection( "system.profile", { capped: true, size:4000000 } )
db.setProfilingLevel(1)

Change Size of system.profile Collection on a Secondary To change the size of the system.profile
(page 377) collection on a secondary, you must stop the secondary, run it as a standalone, and then perform the
steps above. When done, restart the standalone as a member of the replica set. For more information, see Perform
Maintenance on Replica Set Members (page 695).
Additional Resources

• MongoDB Performance Evaluation and Tuning Consulting Package89
Rotate Log Files

On this page
•
•
•
•
•

Overview (page 330)
Default Log Rotation Behavior (page 331)
Log Rotation with --logRotate reopen (page 331)
Syslog Log Rotation (page 332)
Forcing a Log Rotation with SIGUSR1 (page 332)

Overview

When used with the --logpath option or systemLog.path setting, mongod and mongos instances report a
live account of all activity and operations to a log file. When reporting activity data to a log file, by default, MongoDB
only rotates logs in response to the logRotate command, or when the mongod or mongos process receives a
SIGUSR1 signal from the operating system.
MongoDB’s standard log rotation approach archives the current log file and starts a new one. To do this, the mongod
or mongos instance renames the current log file by appending a UTC timestamp to the filename, in ISODate format.
It then opens a new log file, closes the old log file, and sends all new log entries to the new log file.
89 https://www.mongodb.com/products/consulting?jmp=docs#performance_evaluation

330

Chapter 8. Administration

MongoDB Documentation, Release 3.2.5

You can also configure MongoDB to support the Linux/Unix logrotate utility by setting systemLog.logRotate
or --logRotate to reopen. With reopen, mongod or mongos closes the log file, and then reopens a log file
with the same name, expecting that another process renamed the file prior to rotation.
Finally, you can configure mongod to send log data to the syslog. using the --syslog option. In this case, you
can take advantage of alternate logrotation tools.
See also:
For information on logging, see the Process Logging (page 288) section.
Default Log Rotation Behavior

By default, MongoDB uses the --logRotate rename behavior. With rename, mongod or mongos renames
the current log file by appending a UTC timestamp to the filename, opens a new log file, closes the old log file, and
sends all new log entries to the new log file.
Step 1: Start a mongod instance.
mongod -v --logpath /var/log/mongodb/server1.log

You can also explicitly specify logRotate --rename.
Step 2: List the log files In a separate terminal, list the matching files:
ls /var/log/mongodb/server1.log*

The results should include one log file, server1.log.
Step 3: Rotate the log file. Rotate the log file by issuing the logRotate command from the admin database in a
mongo shell:
use admin
db.runCommand( { logRotate : 1 } )

Step 4: View the new log files List the new log files to view the newly-created log:
ls /var/log/mongodb/server1.log*

There should be two log files listed: server1.log, which is the log file that mongod or mongos made when it
reopened the log file, and server1.log., the renamed original log file.
Rotating log files does not modify the “old” rotated log files. When you rotate a log, you rename the server1.log
file to include the timestamp, and a new, empty server1.log file receives all new log input.
Log Rotation with --logRotate reopen

New in version 3.0.0.
Log rotation with --logRotate reopen closes and opens the log file following the typical Linux/Unix log rotate
behavior.

8.2. Administration Tutorials

331

MongoDB Documentation, Release 3.2.5

Step 1: Start a mongod instance, specifying the reopen --logRotate behavior.
mongod -v --logpath /var/log/mongodb/server1.log --logRotate reopen --logappend

You must use the --logappend option with --logRotate reopen.
Step 2: List the log files In a separate terminal, list the matching files:
ls /var/log/mongodb/server1.log*

You should rename the log file using an external process, following the typical Linux/Unix log rotate behavior.
Syslog Log Rotation

With syslog log rotation, mongod sends log data to the syslog rather than writing it to a file.
Step 1: Start a mongod instance with the --syslog option
mongod --syslog

Do not include --logpath. Since --syslog tells mongod to send log data to the syslog, specifying a
--logpath will causes an error.
To specify the facility level used when logging messages to the syslog, use the --syslogFacility option or
systemLog.syslogFacility configuration setting.
Step 2: Rotate the log. Store and rotate the log output using your systems default log rotation mechanism.
Forcing a Log Rotation with SIGUSR1

For Linux and Unix-based systems, you can use the SIGUSR1 signal to rotate the logs for a single process, as in the
following:
kill -SIGUSR1

Manage Journaling

On this page
• Procedures (page 333)

332

Chapter 8. Administration

MongoDB Documentation, Release 3.2.5

MongoDB uses write ahead logging to an on-disk journal to guarantee write operation (page 114) durability. The
MMAPv1 storage engine also requires the journal in order to provide crash resiliency.
The WiredTiger storage engine does not require journaling to guarantee a consistent state after a crash. The database
will be restored to the last consistent checkpoint (page 596) during recovery. However, if MongoDB exits unexpectedly
in between checkpoints, journaling is required to recover writes that occurred after the last checkpoint.
With journaling enabled, if mongod stops unexpectedly, the program can recover everything written to the journal.
MongoDB will re-apply the write operations on restart and maintain a consistent state. By default, the greatest extent
of lost writes, i.e., those not made to the journal, are those made in the last 100 milliseconds, plus the time it takes to
perform the actual journal writes. See commitIntervalMs for more information on the default.
Procedures

Enable Journaling For 64-bit builds of mongod, journaling is enabled by default.
To enable journaling, start mongod with the --journal command line option.

Disable Journaling

Warning: Do not disable journaling on production systems. When using the MMAPv1 storage engine withou
journal, if your mongod instance stops without shutting down cleanly unexpectedly for any reason, (e.g. pow
failure) and you are not running with journaling, then you must recover from an unaffected replica set member
backup, as described in repair (page 366).

To disable journaling, start mongod with the --nojournal command line option.
Get Commit Acknowledgment You can get commit acknowledgment with the Write Concern (page 179) and the
j (page 181) option. For details, see Write Concern (page 179).
Avoid Preallocation Lag for MMAPv1 With the MMAPv1 storage engine (page 603), MongoDB may preallocate
journal files if the mongod process determines that it is more efficient to preallocate journal files than create new
journal files as needed.
Depending on your filesystem, you might experience a preallocation lag the first time you start a mongod instance
with journaling enabled. The amount of time required to pre-allocate files might last several minutes; during this
time, you will not be able to connect to the database. This is a one-time preallocation and does not occur with future
invocations.
To avoid preallocation lag (page 608), you can preallocate files in the journal directory by copying them from another
instance of mongod.
Preallocated files do not contain data. It is safe to later remove them. But if you restart mongod with journaling,
mongod will create them again.
Example
The following sequence preallocates journal files for an instance of mongod running on port 27017 with a database
path of /data/db.
For demonstration purposes, the sequence starts by creating a set of journal files in the usual way.
1. Create a temporary directory into which to create a set of journal files:
mkdir ~/tmpDbpath

2. Create a set of journal files by staring a mongod instance that uses the temporary directory:

8.2. Administration Tutorials

333

MongoDB Documentation, Release 3.2.5

mongod --port 10000 --dbpath ~/tmpDbpath --journal

3. When you see the following log output, indicating mongod has the files, press CONTROL+C to stop the
mongod instance:
[initandlisten] waiting for connections on port 10000

4. Preallocate journal files for the new instance of mongod by moving the journal files from the data directory of
the existing instance to the data directory of the new instance:
mv ~/tmpDbpath/journal /data/db/

5. Start the new mongod instance:
mongod --port 27017 --dbpath /data/db --journal

Monitor Journal Status Use the following commands and methods to monitor journal status:
• serverStatus
The serverStatus command returns database status information that is useful for assessing performance.
• journalLatencyTest
Use journalLatencyTest to measure how long it takes on your volume to write to the disk in an appendonly fashion. You can run this command on an idle system to get a baseline sync time for journaling. You can
also run this command on a busy system to see the sync time on a busy system, which may be higher if the
journal directory is on the same volume as the data files.
The journalLatencyTest command also provides a way to check if your disk drive is buffering writes in
its local cache. If the number is very low (i.e., less than 2 milliseconds) and the drive is non-SSD, the drive
is probably buffering writes. In that case, enable cache write-through for the device in your operating system,
unless you have a disk controller card with battery backed RAM.
Change the Group Commit Interval for MMAPv1 For the MMAPv1 storage engine (page 603), you can set the
group commit interval using the --journalCommitInterval command line option. The allowed range is 2 to
300 milliseconds.
Lower values increase the durability of the journal at the expense of disk performance.
Recover Data After Unexpected Shutdown On a restart after a crash, MongoDB replays all journal files in the
journal directory before the server becomes available. If MongoDB must replay journal files, mongod notes these
events in the log output.
There is no reason to run repairDatabase in these situations.
Store a JavaScript Function on the Server
Note: Do not store application logic in the database. There are performance limitations to running JavaScript inside
of MongoDB. Application code also is typically most effective when it shares version control with the application
itself.
There is a special system collection named system.js that can store JavaScript functions for reuse.
To store a function, you can use the db.collection.save(), as in the following examples:

334

Chapter 8. Administration

MongoDB Documentation, Release 3.2.5

db.system.js.save(
{
_id: "echoFunction",
value : function(x) { return x; }
}
)
db.system.js.save(
{
_id : "myAddFunction" ,
value : function (x, y){ return x + y; }
}
);

• The _id field holds the name of the function and is unique per database.
• The value field holds the function definition.
Once you save a function in the system.js collection, you can use the function from any JavaScript context; e.g.
$where operator, mapReduce command or db.collection.mapReduce().
In the mongo shell, you can use db.loadServerScripts() to load all the scripts saved in the system.js
collection for the current database. Once loaded, you can invoke the functions directly in the shell, as in the following
example:
db.loadServerScripts();
echoFunction(3);
myAddFunction(3, 5);

Upgrade to the Latest Revision of MongoDB

On this page
•
•
•
•
•
•
•

Before Upgrading (page 335)
Upgrade Procedure (page 336)
Upgrade a MongoDB Instance (page 336)
Replace the Existing Binaries (page 336)
Upgrade Sharded Clusters (page 337)
Upgrade Replica Sets (page 337)
Additional Resources (page 338)

Revisions provide security patches, bug fixes, and new or changed features that do not contain any backward breaking
changes. Always upgrade to the latest revision in your release series. The third number in the MongoDB version
number (page 1070) indicates the revision.
Before Upgrading

• Ensure you have an up-to-date backup of your data set. See MongoDB Backup Methods (page 282).
• Consult the following documents for any special considerations or compatibility issues specific to your MongoDB release:
– The release notes, located at Release Notes (page 865).

8.2. Administration Tutorials

335

MongoDB Documentation, Release 3.2.5

– The documentation for your driver. See Drivers90 and Driver Compatibility91 pages for more information.
• If your installation includes replica sets, plan the upgrade during a predefined maintenance window.
• Before you upgrade a production environment, use the procedures in this document to upgrade a staging environment that reproduces your production environment, to ensure that your production configuration is compatible
with all changes.
Upgrade Procedure

Important: Always backup all of your data before upgrading MongoDB.
Upgrade each mongod and mongos binary separately, using the procedure described here. When upgrading a binary,
use the procedure Upgrade a MongoDB Instance (page 336).
Follow this upgrade procedure:
1. For deployments that use authentication, first upgrade all of your MongoDB drivers. To upgrade, see the
documentation for your driver as well as the Driver Compatibility92 page.
2. Upgrade sharded clusters, as described in Upgrade Sharded Clusters (page 337).
3. Upgrade any standalone instances. See Upgrade a MongoDB Instance (page 336).
4. Upgrade any replica sets that are not part of a sharded cluster, as described in Upgrade Replica Sets (page 337).
Upgrade a MongoDB Instance

To upgrade a mongod or mongos instance, use one of the following approaches:
• Upgrade the instance using the operating system’s package management tool and the official MongoDB packages. This is the preferred approach. See Install MongoDB (page 21).
• Upgrade the instance by replacing the existing binaries with new binaries. See Replace the Existing Binaries
(page 336).
Replace the Existing Binaries

Important: Always backup all of your data before upgrading MongoDB.
This section describes how to upgrade MongoDB by replacing the existing binaries. The preferred approach to an
upgrade is to use the operating system’s package management tool and the official MongoDB packages, as described
in Install MongoDB (page 21).
To upgrade a mongod or mongos instance by replacing the existing binaries:
1. Download the binaries for the latest MongoDB revision from the MongoDB Download Page93 and store the
binaries in a temporary location. The binaries download as compressed files that uncompress to the directory
structure used by the MongoDB installation.
2. Shutdown the instance.
3. Replace the existing MongoDB binaries with the downloaded binaries.
90 https://docs.mongodb.org/ecosystem/drivers
91 https://docs.mongodb.org/ecosystem/drivers/driver-compatibility-reference
92 https://docs.mongodb.org/ecosystem/drivers/driver-compatibility-reference
93 http://downloads.mongodb.org/

336

Chapter 8. Administration

MongoDB Documentation, Release 3.2.5

4. Restart the instance.
Upgrade Sharded Clusters

To upgrade a sharded cluster:
1. Disable the cluster’s balancer, as described in Disable the Balancer (page 802).
2. Upgrade each mongos instance by following the instructions below in Upgrade a MongoDB Instance
(page 336). You can upgrade the mongos instances in any order.
3. Upgrade each mongod config server (page 742) individually starting with the last config server listed in your
mongos --configdb string and working backward. To keep the cluster online, make sure at least one config
server is always running. For each config server upgrade, follow the instructions below in Upgrade a MongoDB
Instance (page 336)
Example
Given the following config string:
mongos --configdb cfg0.example.net:27019,cfg1.example.net:27019,cfg2.example.net:27019

You would upgrade the config servers in the following order:
(a) cfg2.example.net
(b) cfg1.example.net
(c) cfg0.example.net
4. Upgrade each shard.
• If a shard is a replica set, upgrade the shard using the procedure below titled Upgrade Replica Sets
(page 337).
• If a shard is a standalone instance, upgrade the shard using the procedure below titled Upgrade a MongoDB
Instance (page 336).
5. Re-enable the balancer, as described in Enable the Balancer (page 803).
Upgrade Replica Sets

To upgrade a replica set, upgrade each member individually, starting with the secondaries and finishing with the
primary. Plan the upgrade during a predefined maintenance window.
Upgrade Secondaries Upgrade each secondary separately as follows:
1. Upgrade the secondary’s mongod binary by following the instructions below in Upgrade a MongoDB Instance
(page 336).
2. After upgrading a secondary, wait for the secondary to recover to the SECONDARY state before upgrading the
next instance. To check the member’s state, issue rs.status() in the mongo shell.
The secondary may briefly go into STARTUP2 or RECOVERING. This is normal. Make sure to wait for the
secondary to fully recover to SECONDARY before you continue the upgrade.

8.2. Administration Tutorials

337

MongoDB Documentation, Release 3.2.5

Upgrade the Primary
1. Step down the primary to initiate the normal failover (page 644) procedure. Using one of the following:
• The rs.stepDown() helper in the mongo shell.
• The replSetStepDown database command.
During failover, the set cannot accept writes. Typically this takes 10-20 seconds. Plan the upgrade during a
predefined maintenance window.
Note: Stepping down the primary is preferable to directly shutting down the primary. Stepping down expedites
the failover procedure.
2. Once the primary has stepped down, call the rs.status() method from the mongo shell until you see that
another member has assumed the PRIMARY state.
3. Shut down the original primary and upgrade its instance by following the instructions below in Upgrade a
MongoDB Instance (page 336).
Additional Resources

• Getting ready for MongoDB 3.2? Get our help.94
Monitor MongoDB With SNMP on Linux

On this page
•
•
•
•
•

Overview (page 338)
Considerations (page 339)
Configuration Files (page 339)
Procedure (page 339)
Optional: Run MongoDB as SNMP Master (page 340)

Enterprise Feature
SNMP is only available in MongoDB Enterprise95 .

Overview

MongoDB Enterprise can provide database metrics via SNMP, in support of centralized data collection and aggregation. This procedure explains the setup and configuration of a mongod instance as an SNMP subagent, as well as
initializing and testing of SNMP support with MongoDB Enterprise.
See also:
Troubleshoot SNMP (page 342) and Monitor MongoDB Windows with SNMP (page 340) for complete instructions on
using MongoDB with SNMP on Windows systems.
94 https://www.mongodb.com/contact/mongodb-3-2-upgrade-services?jmp=docs
95 http://www.mongodb.com/products/mongodb-enterprise?jmp=docs

338

Chapter 8. Administration

MongoDB Documentation, Release 3.2.5

Considerations

Only mongod instances provide SNMP support. mongos and the other MongoDB binaries do not support SNMP.
Configuration Files

Changed in version 2.6.
MongoDB Enterprise contains the following configuration files to support SNMP:
• MONGOD-MIB.txt:
The management information base (MIB) file that defines MongoDB’s SNMP output.
• mongod.conf.subagent:
The configuration file to run mongod as the SNMP subagent. This file sets SNMP run-time configuration
options, including the AgentX socket to connect to the SNMP master.
• mongod.conf.master:
The configuration file to run mongod as the SNMP master. This file sets SNMP run-time configuration options.
Procedure

Step 1: Copy configuration files. Use the following sequence of commands to move the SNMP configuration files
to the SNMP service configuration directory.
First, create the SNMP configuration directory if needed and then, from the installation directory, copy the configuration files to the SNMP service configuration directory:
mkdir -p /etc/snmp/
cp MONGOD-MIB.txt /usr/share/snmp/mibs/MONGOD-MIB.txt
cp mongod.conf.subagent /etc/snmp/mongod.conf

The configuration filename is tool-dependent.
snmpd.conf.

For example, when using net-snmp the configuration file is

By default SNMP uses UNIX domain for communication between the agent (i.e. snmpd or the master) and sub-agent
(i.e. MongoDB).
Ensure that the agentXAddress specified in the SNMP configuration file for MongoDB matches the
agentXAddress in the SNMP master configuration file.
Step 2: Start MongoDB. Start mongod with the snmp-subagent to send data to the SNMP master.
mongod --snmp-subagent

Step 3: Confirm SNMP data retrieval. Use snmpwalk to collect data from mongod:
Connect an SNMP client to verify the ability to collect SNMP data from MongoDB.
Install the net-snmp96 package to access the snmpwalk client. net-snmp provides the snmpwalk SNMP client.
snmpwalk -m /usr/share/snmp/mibs/MONGOD-MIB.txt -v 2c -c mongodb 127.0.0.1: 1.3.6.1.4.1.34601
96 http://www.net-snmp.org/

8.2. Administration Tutorials

339

MongoDB Documentation, Release 3.2.5

refers to the port defined by the SNMP master, not the primary port used by mongod for client communication.
Optional: Run MongoDB as SNMP Master

You can run mongod with the snmp-master option for testing purposes. To do this, use the SNMP master configuration file instead of the subagent configuration file. From the directory containing the unpacked MongoDB installation
files:
cp mongod.conf.master /etc/snmp/mongod.conf

Additionally, start mongod with the snmp-master option, as in the following:
mongod --snmp-master

Monitor MongoDB Windows with SNMP

On this page
•
•
•
•
•

Overview (page 340)
Considerations (page 340)
Configuration Files (page 341)
Procedure (page 341)
Optional: Run MongoDB as SNMP Master (page 342)

New in version 2.6.
Enterprise Feature
SNMP is only available in MongoDB Enterprise97 .

Overview

MongoDB Enterprise can provide database metrics via SNMP, in support of centralized data collection and aggregation. This procedure explains the setup and configuration of a mongod.exe instance as an SNMP subagent, as well
as initializing and testing of SNMP support with MongoDB Enterprise.
See also:
Monitor MongoDB With SNMP on Linux (page 338) and Troubleshoot SNMP (page 342) for more information.
Considerations

Only mongod.exe instances provide SNMP support. mongos.exe and the other MongoDB binaries do not support
SNMP.
97 http://www.mongodb.com/products/mongodb-enterprise?jmp=docs

340

Chapter 8. Administration

MongoDB Documentation, Release 3.2.5

Configuration Files

Changed in version 2.6.
MongoDB Enterprise contains the following configuration files to support SNMP:
• MONGOD-MIB.txt:
The management information base (MIB) file that defines MongoDB’s SNMP output.
• mongod.conf.subagent:
The configuration file to run mongod.exe as the SNMP subagent. This file sets SNMP run-time configuration
options, including the AgentX socket to connect to the SNMP master.
• mongod.conf.master:
The configuration file to run mongod.exe as the SNMP master. This file sets SNMP run-time configuration
options.
Procedure

Step 1: Copy configuration files. Use the following sequence of commands to move the SNMP configuration files
to the SNMP service configuration directory.
First, create the SNMP configuration directory if needed and then, from the installation directory, copy the configuration files to the SNMP service configuration directory:
md C:\snmp\etc\config
copy MONGOD-MIB.txt C:\snmp\etc\config\MONGOD-MIB.txt
copy mongod.conf.subagent C:\snmp\etc\config\mongod.conf

The configuration filename is tool-dependent.
snmpd.conf.

For example, when using net-snmp the configuration file is

Edit the configuration file to ensure that the communication between the agent (i.e. snmpd or the master) and subagent (i.e. MongoDB) uses TCP.
Ensure that the agentXAddress specified in the SNMP configuration file for MongoDB matches the
agentXAddress in the SNMP master configuration file.
Step 2: Start MongoDB. Start mongod.exe with the snmp-subagent to send data to the SNMP master.
mongod.exe --snmp-subagent

Step 3: Confirm SNMP data retrieval. Use snmpwalk to collect data from mongod.exe:
Connect an SNMP client to verify the ability to collect SNMP data from MongoDB.
Install the net-snmp98 package to access the snmpwalk client. net-snmp provides the snmpwalk SNMP client.
snmpwalk -m C:\snmp\etc\config\MONGOD-MIB.txt -v 2c -c mongodb 127.0.0.1: 1.3.6.1.4.1.34601

refers to the port defined by the SNMP master, not the primary port used by mongod.exe for client
communication.
98 http://www.net-snmp.org/

8.2. Administration Tutorials

341

MongoDB Documentation, Release 3.2.5

Optional: Run MongoDB as SNMP Master

You can run mongod.exe with the snmp-master option for testing purposes. To do this, use the SNMP master
configuration file instead of the subagent configuration file. From the directory containing the unpacked MongoDB
installation files:
copy mongod.conf.master C:\snmp\etc\config\mongod.conf

Additionally, start mongod.exe with the snmp-master option, as in the following:
mongod.exe --snmp-master

Troubleshoot SNMP

On this page
• Overview (page 342)
• Issues (page 342)
New in version 2.6.
Enterprise Feature
SNMP is only available in MongoDB Enterprise.

Overview

MongoDB Enterprise can provide database metrics via SNMP, in support of centralized data collection and aggregation. This document identifies common problems you may encounter when deploying MongoDB Enterprise with
SNMP as well as possible solutions for these issues.
See Monitor MongoDB With SNMP on Linux (page 338) and Monitor MongoDB Windows with SNMP (page 340) for
complete installation instructions.
Issues

Failed to Connect The following in the mongod logfile:
Warning: Failed to connect to the agentx master agent

AgentX is the SNMP agent extensibility protocol defined in Internet RFC 274199 . It explains how to define additional
data to monitor over SNMP. When MongoDB fails to connect to the agentx master agent, use the following procedure
to ensure that the SNMP subagent can connect properly to the SNMP master.
1. Make sure the master agent is running.
2. Compare the SNMP master’s configuration file with the subagent configuration file. Ensure that the agentx
socket definition is the same between the two.
3. Check the SNMP configuration files to see if they specify using UNIX Domain Sockets. If so, confirm that the
mongod has appropriate permissions to open a UNIX domain socket.
99 http://www.ietf.org/rfc/rfc2741.txt

342

Chapter 8. Administration

MongoDB Documentation, Release 3.2.5

Error Parsing Command Line One of the following errors at the command line:
Error parsing command line: unknown option snmp-master
try 'mongod --help' for more information
Error parsing command line: unknown option snmp-subagent
try 'mongod --help' for more information

mongod binaries that are not part of the Enterprise Edition produce this error. Install the Enterprise Edition (page 49)
and attempt to start mongod again.
Other MongoDB binaries, including mongos will produce this error if you attempt to star them with snmp-master
or snmp-subagent. Only mongod supports SNMP.
Error Starting SNMPAgent The following line in the log file indicates that mongod cannot read the
mongod.conf file:
[SNMPAgent] warning: error starting SNMPAgent as master err:1

If running on Linux, ensure mongod.conf exists in the /etc/snmp directory, and ensure that the mongod UNIX
user has permission to read the mongod.conf file.
If running on Windows, ensure mongod.conf exists in C:\snmp\etc\config.

8.2.2 Backup and Recovery
The following tutorials describe backup and restoration for a mongod instance:
Backup and Restore with Filesystem Snapshots (page 343) An outline of procedures for creating MongoDB data set
backups using system-level file snapshot tool, such as LVM or native storage appliance tools.
Restore a Replica Set from MongoDB Backups (page 348) Describes procedure for restoring a replica set from an
archived backup such as a mongodump or MongoDB Cloud Manager100 Backup file.
Back Up and Restore with MongoDB Tools (page 349) Describes a procedure for exporting the contents of a
database to either a binary dump or a textual exchange format, and for importing these files into a database.
Backup and Restore Sharded Clusters (page 355) Detailed procedures and considerations for backing up sharded
clusters and single shards.
Recover Data after an Unexpected Shutdown (page 366) Recover data from MongoDB data files that were not properly closed or have an invalid state.
Backup and Restore with Filesystem Snapshots

On this page
•
•
•
•

Snapshots Overview (page 344)
Back up and Restore Using LVM on Linux (page 345)
Back up Instances with Journal Files on Separate Volume or without Journaling (page 347)
Additional Resources (page 347)

100 https://cloud.mongodb.com/?jmp=docs

8.2. Administration Tutorials

343

MongoDB Documentation, Release 3.2.5

This document describes a procedure for creating backups of MongoDB systems using system-level tools, such as
LVM or storage appliance, as well as the corresponding restoration strategies.
These filesystem snapshots, or “block-level” backup methods, use system level tools to create copies of the device
that holds MongoDB’s data files. These methods complete quickly and work reliably, but require additional system
configuration outside of MongoDB.
Changed in version 3.2: Starting in MongoDB 3.2, the data files as well as the journal files can reside on separate
volumes to create volume-level backup of MongoDB instances using the WiredTiger (page 595) storage engine. With
previous versions, for the purpose of volume-level backup of MongoDB instances using WiredTiger, the data files and
the journal must reside on a single volume.
See also:
MongoDB Backup Methods (page 282) and Back Up and Restore with MongoDB Tools (page 349).
Snapshots Overview

Snapshots work by creating pointers between the live data and a special snapshot volume. These pointers are theoretically equivalent to “hard links.” As the working data diverges from the snapshot, the snapshot process uses a
copy-on-write strategy. As a result the snapshot only stores modified data.
After making the snapshot, you mount the snapshot image on your file system and copy data from the snapshot. The
resulting backup contains a full copy of all data.
Considerations
Valid Database at the Time of Snapshot The database must be valid when the snapshot takes place. This means
that all writes accepted by the database need to be fully written to disk: either to the journal or to data files.
If all writes are not on disk when the backup occurs, the backup will not reflect these changes.
For the MMAPv1 storage engine (page 603), if writes are in progress when the backup occurs, the data files will reflect
an inconsistent state. With journaling (page 607), all data-file states resulting from in-progress writes are recoverable;
without journaling, you must flush all pending writes to disk before running the backup operation and must ensure
that no writes occur during the entire backup procedure. If you do use journaling, the journal must reside on the same
volume as the data.
For the WiredTiger storage engine (page 595), the data files reflect a consistent state as of the last checkpoint
(page 596), which occurs with every 2 GB of data or every minute.
Entire Disk Image Snapshots create an image of an entire disk image. Unless you need to back up your entire
system, consider isolating your MongoDB data files, journal (if applicable), and configuration on one logical disk that
doesn’t contain any other data.
Alternately, store all MongoDB data files on a dedicated device so that you can make backups without duplicating
extraneous data.
Site Failure Precaution Ensure that you copy data from snapshots onto other systems. This ensures that data is safe
from site failures.
No Incremental Backups This tutorial does not include procedures for incremental backups. Although different
snapshots methods provide different capability, the LVM method outlined below does not provide any capacity for
capturing incremental backups.

344

Chapter 8. Administration

MongoDB Documentation, Release 3.2.5

Snapshots With Journaling If your mongod instance has journaling enabled, then you can use any kind of file
system or volume/block level snapshot tool to create backups.
If you manage your own infrastructure on a Linux-based system, configure your system with LVM to provide your disk
packages and provide snapshot capability. You can also use LVM-based setups within a cloud/virtualized environment.
Note: Running LVM provides additional flexibility and enables the possibility of using snapshots to back up MongoDB.

Snapshots with Amazon EBS in a RAID 10 Configuration If your deployment depends on Amazon’s Elastic
Block Storage (EBS) with RAID configured within your instance, it is impossible to get a consistent state across all
disks using the platform’s snapshot tool. As an alternative, you can do one of the following:
• Flush all writes to disk and create a write lock to ensure consistent state during the backup process.
If you choose this option see Back up Instances with Journal Files on Separate Volume or without Journaling
(page 347).
• Configure LVM to run and hold your MongoDB data files on top of the RAID within your system.
If you choose this option, perform the LVM backup operation described in Create a Snapshot (page 345).
Back up and Restore Using LVM on Linux

This section provides an overview of a simple backup process using LVM on a Linux system. While the tools, commands, and paths may be (slightly) different on your system the following steps provide a high level overview of the
backup operation.
Note: Only use the following procedure as a guideline for a backup system and infrastructure. Production backup
systems must consider a number of application specific requirements and factors unique to specific environments.

Create a Snapshot Changed in version 3.2: Starting in MongoDB 3.2, for the purpose of volume-level backup
of MongoDB instances using WiredTiger, the data files and the journal are no longer required to reside on a single
volume.
To create a snapshot with LVM, issue a command as root in the following format:
lvcreate --size 100M --snapshot --name mdb-snap01 /dev/vg0/mongodb

This command creates an LVM snapshot (with the --snapshot option) named mdb-snap01 of the mongodb
volume in the vg0 volume group.
This example creates a snapshot named mdb-snap01 located at /dev/vg0/mdb-snap01. The location and
paths to your systems volume groups and devices may vary slightly depending on your operating system’s LVM
configuration.
The snapshot has a cap of at 100 megabytes, because of the parameter --size 100M. This size does not reflect the total amount of the data on the disk, but rather the quantity of differences between the current state of
/dev/vg0/mongodb and the creation of the snapshot (i.e. /dev/vg0/mdb-snap01.)
Warning: Ensure that you create snapshots with enough space to account for data growth, particularly for the
period of time that it takes to copy data out of the system or to a temporary image.
If your snapshot runs out of space, the snapshot image becomes unusable. Discard this logical volume and create
another.

8.2. Administration Tutorials

345

MongoDB Documentation, Release 3.2.5

The snapshot will exist when the command returns. You can restore directly from the snapshot at any time or by
creating a new logical volume and restoring from this snapshot to the alternate image.
While snapshots are great for creating high quality backups very quickly, they are not ideal as a format for storing
backup data. Snapshots typically depend and reside on the same storage infrastructure as the original disk images.
Therefore, it’s crucial that you archive these snapshots and store them elsewhere.
Archive a Snapshot After creating a snapshot, mount the snapshot and copy the data to separate storage. Your
system might try to compress the backup images as you move them offline. Alternatively, take a block level copy of
the snapshot image, such as with the following procedure:
umount /dev/vg0/mdb-snap01
dd if=/dev/vg0/mdb-snap01 | gzip > mdb-snap01.gz

The above command sequence does the following:
• Ensures that the /dev/vg0/mdb-snap01 device is not mounted. Never take a block level copy of a filesystem or filesystem snapshot that is mounted.
• Performs a block level copy of the entire snapshot image using the dd command and compresses the result in a
gzipped file in the current working directory.
Warning: This command will create a large gz file in your current working directory. Make sure that you
run this command in a file system that has enough free space.

Restore a Snapshot
mands:

To restore a snapshot created with the above method, issue the following sequence of com-

lvcreate --size 1G --name mdb-new vg0
gzip -d -c mdb-snap01.gz | dd of=/dev/vg0/mdb-new
mount /dev/vg0/mdb-new /srv/mongodb

The above sequence does the following:
• Creates a new logical volume named mdb-new, in the /dev/vg0 volume group. The path to the new device
will be /dev/vg0/mdb-new.
Warning: This volume will have a maximum size of 1 gigabyte. The original file system must have had a
total size of 1 gigabyte or smaller, or else the restoration will fail.
Change 1G to your desired volume size.
• Uncompresses and unarchives the mdb-snap01.gz into the mdb-new disk image.
• Mounts the mdb-new disk image to the /srv/mongodb directory. Modify the mount point to correspond to
your MongoDB data file location, or other location as needed.
Note: The restored snapshot will have a stale mongod.lock file. If you do not remove this file from the snapshot, and MongoDB may assume that the stale lock file indicates an unclean shutdown. If you’re running with
storage.journal.enabled enabled, and you do not use db.fsyncLock(), you do not need to remove
the mongod.lock file. If you use db.fsyncLock() you will need to remove the lock.

Restore Directly from a Snapshot
sequence of commands:

346

To restore a backup without writing to a compressed gz file, use the following

Chapter 8. Administration

MongoDB Documentation, Release 3.2.5

umount /dev/vg0/mdb-snap01
lvcreate --size 1G --name mdb-new vg0
dd if=/dev/vg0/mdb-snap01 of=/dev/vg0/mdb-new
mount /dev/vg0/mdb-new /srv/mongodb

Remote Backup Storage

You can implement off-system backups using the combined process (page 346) and SSH.

This sequence is identical to procedures explained above, except that it archives and compresses the backup on a
remote system using SSH.
Consider the following procedure:
umount /dev/vg0/mdb-snap01
dd if=/dev/vg0/mdb-snap01 | ssh username@example.com gzip > /opt/backup/mdb-snap01.gz
lvcreate --size 1G --name mdb-new vg0
ssh username@example.com gzip -d -c /opt/backup/mdb-snap01.gz | dd of=/dev/vg0/mdb-new
mount /dev/vg0/mdb-new /srv/mongodb

Back up Instances with Journal Files on Separate Volume or without Journaling

Changed in version 3.2: Starting in MongoDB 3.2, for the purpose of volume-level backup of MongoDB instances
using WiredTiger, the data files and the journal are no longer required to reside on a single volume.
If your mongod instance is either running without journaling or has the journal files on a separate volume, you must
flush all writes to disk and lock the database to prevent writes during the backup process. If you have a replica set
configuration, then for your backup use a secondary which is not receiving reads (i.e. hidden member).
Important:
In the following procedure to create backups, you must issue the db.fsyncLock() and
db.fsyncUnlock() operations on the same connection. The client that issues db.fsyncLock() is solely responsible for issuing a db.fsyncUnlock() operation and must be able to handle potential error conditions so that
it can perform the db.fsyncUnlock() before terminating the connection.

Step 1: Flush writes to disk and lock the database to prevent further writes.
the database, issue the db.fsyncLock() method in the mongo shell:

To flush writes to disk and to “lock”

db.fsyncLock();

Step 2: Perform the backup operation described in Create a Snapshot.
Step 3: After the snapshot completes, unlock the database. To unlock the database after the snapshot has completed, use the following command in the mongo shell:
db.fsyncUnlock();

Additional Resources

See also MongoDB Cloud Manager101 for seamless automation, backup, and monitoring.
101 https://cloud.mongodb.com/?jmp=docs

8.2. Administration Tutorials

347

MongoDB Documentation, Release 3.2.5

Restore a Replica Set from MongoDB Backups

On this page
• Restore Database into a Single Node Replica Set (page 348)
• Add Members to the Replica Set (page 348)
This procedure outlines the process for taking MongoDB data and restoring that data into a new replica set. Use this
approach for seeding test deployments from production backups as well as part of disaster recovery.
You cannot restore a single data set to three new mongod instances and then create a replica set. In this situation
MongoDB will force the secondaries to perform an initial sync. The procedures in this document describe the correct
and efficient ways to deploy a replica set.
You can also use mongorestore to restore database files using data created with mongodump. See Back Up and
Restore with MongoDB Tools (page 349) for more information.
Restore Database into a Single Node Replica Set

Step 1: Obtain backup MongoDB Database files. The backup files may come from a file system snapshot
(page 343). The MongoDB Cloud Manager102 produces MongoDB database files for stored snapshots103 and point in
time snapshots104 . For Ops Manager, an on-premise solution available in MongoDB Enterprise Advanced105 , see also
the Ops Manager Backup overview106 .
Step 2: Start a mongod using data files from the backup as the data path. Start a mongod instance for a new
single-node replica set. Specify the path to the backup data files with --dbpath option and the replica set name with
the --replSet option. For config server replica set (CSRS) (page 743), include the --configsvr option.
mongod --dbpath /data/db --replSet

Step 3: Connect a mongo shell to the mongod instance. For example, to connect to a mongod running on
localhost on the default port of 27017, simply issue:
mongo

Step 4: Initiate the new replica set. Use rs.initiate() on one and only one member of the replica set:
rs.initiate()

MongoDB initiates a set that consists of the current member and that uses the default replica set configuration.
Add Members to the Replica Set

MongoDB provides two options for restoring secondary members of a replica set:
• Manually copy the database files to each data directory.
102 https://cloud.mongodb.com/?jmp=docs
103 https://docs.cloud.mongodb.com/tutorial/restore-from-snapshot/
104 https://docs.cloud.mongodb.com/tutorial/restore-from-point-in-time-snapshot/
105 https://www.mongodb.com/products/mongodb-enterprise-advanced?jmp=docs
106 https://docs.opsmanager.mongodb.com/current/core/backup-overview

348

Chapter 8. Administration

MongoDB Documentation, Release 3.2.5

• Allow initial sync (page 658) to distribute data automatically.
The following sections outlines both approaches.
Note: If your database is large, initial sync can take a long time to complete. For large databases, it might be
preferable to copy the database files onto each host.

Copy Database Files and Restart mongod Instance Use the following sequence of operations to “seed” additional
members of the replica set with the restored data by copying MongoDB data files directly.
Step 1: Shut down the mongod instance that you restored. Use --shutdown or db.shutdownServer()
to ensure a clean shut down.
Step 2: Copy the primary’s data directory to each secondary. Copy the primary’s data directory into the dbPath
of the other members of the replica set. The dbPath is /data/db by default.
Step 3: Start the mongod instance that you restored.
Step 4: Add the secondaries to the replica set. In a mongo shell connected to the primary, add the secondaries to
the replica set using rs.add(). See Deploy a Replica Set (page 667) for more information about deploying a replica
set.
Update Secondaries using Initial Sync Use the following sequence of operations to “seed” additional members of
the replica set with the restored data using the default initial sync operation.
Step 1: Ensure that the data directories on the prospective replica set members are empty.
Step 2: Add each prospective member to the replica set. When you add a member to the replica set, Initial Sync
(page 658) copies the data from the primary to the new member.
Back Up and Restore with MongoDB Tools

On this page
• Binary BSON Dumps (page 350)
• Human Intelligible Import/Export Formats (page 352)
This document describes the process for creating backups and restoring data using the utilities provided with MongoDB.
Because all of these tools primarily operate by interacting with a running mongod instance, they can impact the
performance of your running database.
Not only do they create traffic for a running database instance, they also force the database to read all data through
memory. When MongoDB reads infrequently used data, it can supplant more frequently accessed data, causing a
deterioration in performance for the database’s regular workload.
No matter how you decide to import or export your data, consider the following guidelines:

8.2. Administration Tutorials

349

MongoDB Documentation, Release 3.2.5

• Label files so that you can identify the contents of the export or backup as well as the point in time the export/backup reflect.
• Do not create or apply exports if the backup process itself will have an adverse effect on a production system.
• Make sure that the backups reflect a consistent data state. Export or backup processes can impact data integrity
(i.e. type fidelity) and consistency if updates continue during the backup process.
• Test backups and exports by restoring and importing to ensure that the backups are useful.
See also:
MongoDB Backup Methods (page 282) or MongoDB Cloud Manager Backup documentation107 for more information
on backing up MongoDB instances. Additionally, consider the following references for the MongoDB import/export
tools:
• mongoimport
• mongoexport
• mongorestore
• mongodump
Binary BSON Dumps

The mongorestore and mongodump utilities work with BSON (page 12) data dumps, and are useful for creating
backups of small deployments. For resilient and non-disruptive backups, use a file system or block-level disk snapshot
function, such as the methods described in the MongoDB Backup Methods (page 282) document.
Use these tools for backups if other backup methods, such as the MongoDB Cloud Manager108 or file system snapshots
(page 343) are unavailable.
Backup a Database with mongodump
Exclude local Database mongodump excludes the content of the local database in its output.
Required Access To run mongodump against a MongoDB deployment that has access control (page 433) enabled,
you must have privileges that grant find (page 501) action for each database to back up. The built-in backup
(page 491) role provides the required privileges to perform backup of any and all databases.
Changed in version 3.2.1: The backup (page 491) role provides additional privileges to back up the
system.profile (page 377) collections that exist when running with database profiling (page 312). Previously,
users required an additional read access on this collection.
Basic mongodump Operations The mongodump utility backs up data by connecting to a running mongod or
mongos instance.
The utility can create a backup for an entire server, database or collection, or can use a query to backup just part of a
collection.
When you run mongodump without any arguments, the command connects to the MongoDB instance on the local
system (e.g. 127.0.0.1 or localhost) on port 27017 and creates a database backup named dump/ in the
current directory.
107 https://docs.cloud.mongodb.com/tutorial/nav/backup-use/
108 https://cloud.mongodb.com/?jmp=docs

350

Chapter 8. Administration

MongoDB Documentation, Release 3.2.5

To backup data from a mongod or mongos instance running on the same machine and on the default port of 27017,
use the following command:
mongodump

The data format used by mongodump from version 2.2 or later is incompatible with earlier versions of mongod. Do
not use recent versions of mongodump to back up older data stores.
You can also specify the --host and --port of the MongoDB instance that the mongodump should connect to.
For example:
mongodump --host mongodb.example.net --port 27017

mongodump will write BSON files that hold a copy of data accessible via the mongod listening on port 27017 of
the mongodb.example.net host. See Create Backups from Non-Local mongod Instances (page 351) for more
information.
To specify a different output directory, you can use the --out or -o option:
mongodump --out /data/backup/

To limit the amount of data included in the database dump, you can specify --db and --collection as options to
mongodump. For example:
mongodump --collection myCollection --db test

This operation creates a dump of the collection named myCollection from the database test in a dump/ subdirectory of the current working directory.
mongodump overwrites output files if they exist in the backup data folder. Before running the mongodump command
multiple times, either ensure that you no longer need the files in the output folder (the default is the dump/ folder) or
rename the folders or files.
Point in Time Operation Using Oplogs Use the --oplog option with mongodump to collect the oplog entries
to build a point-in-time snapshot of a database within a replica set. With --oplog, mongodump copies all the data
from the source database as well as all of the oplog entries from the beginning to the end of the backup procedure. This
operation, in conjunction with mongorestore --oplogReplay, allows you to restore a backup that reflects the
specific moment in time that corresponds to when mongodump completed creating the dump file.
Create Backups from Non-Local mongod Instances The --host and --port options for mongodump allow
you to connect to and backup from a remote host. Consider the following example:

mongodump --host mongodb1.example.net --port 3017 --username user --password pass --out /opt/backup/m

On any mongodump command you may, as above, specify username and password credentials to specify database
authentication.
Restore a Database with mongorestore
Access Control To restore data to a MongoDB deployment that has access control (page 433) enabled, the restore
(page 492) role provides access to restore any database if the backup data does not include system.profile
(page 377) collection data.
If the backup data includes system.profile (page 377) collection data and the target database does not contain
the system.profile (page 377) collection, mongorestore attempts to create the collection even though the
program does not actually restore system.profile documents. As such, the user requires additional privileges to

8.2. Administration Tutorials

351

MongoDB Documentation, Release 3.2.5

perform createCollection (page 501) and convertToCapped (page 504) actions on the system.profile
(page 377) collection for a database.
If running mongorestore with --oplogReplay, additional privilege user-defined role (page 442) that has
anyAction (page 505) on anyResource (page 500) and grant only to users who must run mongorestore with
--oplogReplay.
Basic mongorestore Operations The mongorestore utility restores a binary backup created by
mongodump. By default, mongorestore looks for a database backup in the dump/ directory.
The mongorestore utility restores data by connecting to a running mongod or mongos directly.
mongorestore can restore either an entire database backup or a subset of the backup.
To use mongorestore to connect to an active mongod or mongos, use a command with the following prototype
form:
mongorestore --port

Consider the following example:
mongorestore dump-2013-10-25/

Here, mongorestore imports the database backup in the dump-2013-10-25 directory to the mongod instance
running on the localhost interface.
Restore Point in Time Oplog Backup If you created your database dump using the --oplog option to ensure a
point-in-time snapshot, call mongorestore with the --oplogReplay option, as in the following example:
mongorestore --oplogReplay

You may also consider using the mongorestore --objcheck option to check the integrity of objects while
inserting them into the database, or you may consider the mongorestore --drop option to drop each collection
from the database before restoring from backups.
Restore Backups to Non-Local mongod Instances By default, mongorestore connects to a MongoDB instance
running on the localhost interface (e.g. 127.0.0.1) and on the default port (27017). If you want to restore to a
different host or port, use the --host and --port options.
Consider the following example:

mongorestore --host mongodb1.example.net --port 3017 --username user --password pass /opt/backup/mong

As above, you may specify username and password connections if your mongod requires authentication.
Human Intelligible Import/Export Formats

MongoDB’s mongoimport and mongoexport tools allow you to work with your data in a human-readable Extended JSON (page 16) or CSV format. This is useful for simple ingestion to or from a third-party system, and when
you want to backup or export a small subset of your data. For more complex data migration tasks, you may want to
write your own import and export scripts using a client driver to interact with the database.
The examples in this section use the MongoDB tools mongoimport and mongoexport. These tools may also be
useful for importing data into a MongoDB database from third party applications.

352

Chapter 8. Administration

MongoDB Documentation, Release 3.2.5

If you want to simply copy a database or collection from one instance to another, consider using the copydb,
clone, or cloneCollection commands, which may be more suited to this task. The mongo shell provides
the db.copyDatabase() method.
Warning: Avoid using mongoimport and mongoexport for full instance production backups. They do not
reliably preserve all rich BSON data types, because JSON can only represent a subset of the types supported by
BSON. Use mongodump and mongorestore as described in MongoDB Backup Methods (page 282) for this
kind of functionality.

Collection Export with mongoexport
Export in CSV Format Changed in version 3.0.0: mongoexport removed the --csv option.
--type=csv option to specify CSV format for the output.

Use the

In the following example, mongoexport exports data from the collection contacts collection in the users
database in CSV format to the file /opt/backups/contacts.csv.
The mongod instance that mongoexport connects to is running on the localhost port number 27017.
When you export in CSV format, you must specify the fields in the documents to export. The operation specifies the
name and address fields to export.

mongoexport --db users --collection contacts --type=csv --fields name,address --out /opt/backups/cont

For CSV exports only, you can also specify the fields in a file containing the line-separated list of fields to export. The
file must have only one field per line.
For example, you can specify the name and address fields in a file fields.txt:
name
address

Then, using the --fieldFile option, specify the fields to export with the file:

mongoexport --db users --collection contacts --type=csv --fieldFile fields.txt --out /opt/backups/con

Changed in version 3.0.0: mongoexport removed the --csv option and replaced with the --type option.
Export in JSON Format This example creates an export of the contacts collection from the MongoDB instance
running on the localhost port number 27017. This writes the export to the contacts.json file in JSON format.
mongoexport --db sales --collection contacts --out contacts.json

Export from Remote Host Running with Authentication The following example exports the contacts collection from the marketing database, which requires authentication.
This data resides on the MongoDB instance located on the host mongodb1.example.net running on port 37017,
which requires the username user and the password pass.

mongoexport --host mongodb1.example.net --port 37017 --username user --password pass --collection con

Export Query Results You can export only the results of a query by supplying a query filter with the --query
option, and limit the results to a single database using the “--db” option.
For instance, this command returns all documents in the sales database’s contacts collection that contain a field
named field with a value of 1.
8.2. Administration Tutorials

353

MongoDB Documentation, Release 3.2.5

mongoexport --db sales --collection contacts --query '{"field": 1}'

You must enclose the query in single quotes (e.g. ’) to ensure that it does not interact with your shell environment.
Collection Import with mongoimport
Simple Usage mongoimport restores a database from a backup taken with mongoexport. Most of the arguments to mongoexport also exist for mongoimport.
In the following example, mongoimport imports the data in the JSON data from the contacts.json file into
the collection contacts in the users database.
mongoimport --db users --collection contacts --file contacts.json

Import JSON to Remote Host Running with Authentication In the following example, mongoimport imports
data from the file /opt/backups/mdb1-examplenet.json into the contacts collection within the database
marketing on a remote MongoDB database with authentication enabled.
mongoimport connects to the mongod instance running on the host mongodb1.example.net over port
37017. It authenticates with the username user and the password pass.

mongoimport --host mongodb1.example.net --port 37017 --username user --password pass --collection con

CSV Import In the following example, mongoimport imports the csv formatted data in the
/opt/backups/contacts.csv file into the collection contacts in the users database on the MongoDB instance running on the localhost port numbered 27017.
Specifying --headerline instructs mongoimport to determine the name of the fields using the first line in the
CSV file.

mongoimport --db users --collection contacts --type csv --headerline --file /opt/backups/contacts.csv

mongoimport uses the input file name, without the extension, as the collection name if -c or --collection is
unspecified. The following example is therefore equivalent:
mongoimport --db users --type csv --headerline --file /opt/backups/contacts.csv

Use the “--ignoreBlanks” option to ignore blank fields. For CSV and TSV imports, this option provides the
desired functionality in most cases because it avoids inserting fields with null values into your collection.
Additional Resources

• Backup and its Role in Disaster Recovery White Paper109
• Cloud Backup through MongoDB Cloud Manager110
• Blog Post: Backup vs. Replication, Why you Need Both111
• Backup Service with Ops Manager, an on-premise solution available in MongoDB Enterprise Advanced112
109 https://www.mongodb.com/lp/white-paper/backup-disaster-recovery?jmp=docs
110 https://cloud.mongodb.com/?jmp=docs
111 http://www.mongodb.com/blog/post/backup-vs-replication-why-do-you-need-both?jmp=docs
112 https://www.mongodb.com/products/mongodb-enterprise-advanced?jmp=docs

354

Chapter 8. Administration

MongoDB Documentation, Release 3.2.5

Backup and Restore Sharded Clusters
The following tutorials describe backup and restoration for sharded clusters:
Backup a Small Sharded Cluster with mongodump (page 355) If your sharded cluster holds a small data set, you
can use mongodump to capture the entire backup in a reasonable amount of time.
Backup a Sharded Cluster with Filesystem Snapshots (page 356) Use file system snapshots back up each component in the sharded cluster individually. The procedure involves stopping the cluster balancer. If your system
configuration allows file system backups, this might be more efficient than using MongoDB tools.
Backup a Sharded Cluster with Database Dumps (page 359) Create backups using mongodump to back up each
component in the cluster individually.
Schedule Backup Window for Sharded Clusters (page 362) Limit the operation of the cluster balancer to provide a
window for regular backup operations.
Restore a Single Shard (page 362) An outline of the procedure and consideration for restoring a single shard from a
backup.
Restore a Sharded Cluster (page 363) An outline of the procedure and consideration for restoring an entire sharded
cluster from backup.
Backup a Small Sharded Cluster with mongodump

On this page
•
•
•
•

Overview (page 355)
Considerations (page 355)
Procedure (page 356)
Additional Resources (page 356)

Overview If your sharded cluster holds a small data set, you can connect to a mongos using mongodump. You can
create backups of your MongoDB cluster, if your backup infrastructure can capture the entire backup in a reasonable
amount of time and if you have a storage system that can hold the complete MongoDB data set.
See MongoDB Backup Methods (page 282) and Backup and Restore Sharded Clusters (page 355) for complete information on backups in MongoDB and backups of sharded clusters in particular.
Important: By default mongodump issue its queries to the non-primary nodes.

Considerations If you use mongodump without specifying a database or collection, mongodump will capture
collection data and the cluster meta-data from the config servers (page 742).
You cannot use the --oplog option for mongodump when capturing data from mongos. As a result, if you need
to capture a backup that reflects a single moment in time, you must stop all writes to the cluster for the duration of the
backup operation.
To run mongodump against a MongoDB deployment that has access control (page 433) enabled, you must have
privileges that grant find (page 501) action for each database to back up. The built-in backup (page 491) role
provides the required privileges to perform backup of any and all databases.
Changed in version 3.2.1: The backup (page 491) role provides additional privileges to back up the
system.profile (page 377) collections that exist when running with database profiling (page 312). Previously,
users required an additional read access on this collection.
8.2. Administration Tutorials

355

MongoDB Documentation, Release 3.2.5

Procedure
Capture Data You can perform a backup of a sharded cluster by connecting mongodump to a mongos. Use the
following operation at your system’s prompt:
mongodump --host mongos3.example.net --port 27017

mongodump will write BSON files that hold a copy of data stored in the sharded cluster accessible via the mongos
listening on port 27017 of the mongos3.example.net host.
Restore Data Backups created with mongodump do not reflect the chunks or the distribution of data in the sharded
collection or collections. Like all mongodump output, these backups contain separate directories for each database
and BSON files for each collection in that database.
You can restore mongodump output to any MongoDB instance, including a standalone, a replica set, or a new sharded
cluster. When restoring data to sharded cluster, you must deploy and configure sharding before restoring data from
the backup. See Deploy a Sharded Cluster (page 765) for more information.
Additional Resources See also MongoDB Cloud Manager113 for seamless automation, backup, and monitoring.
Backup a Sharded Cluster with Filesystem Snapshots

On this page
•
•
•
•

Overview (page 356)
Considerations (page 356)
Procedure (page 357)
Additional Resources (page 359)

Changed in version 3.2: Starting in MongoDB 3.2, the procedure can be used with the MMAPv1 (page 603) and
the WiredTiger (page 595) storage engines. With previous versions of MongoDB, the procedure applied to MMAPv1
(page 603) only.
Overview This document describes a procedure for taking a backup of all components of a sharded cluster. This procedure uses file system snapshots to capture a copy of the mongod instance. An alternate procedure uses mongodump
to create binary database dumps when file-system snapshots are not available. See Backup a Sharded Cluster with
Database Dumps (page 359) for the alternate procedure.
Important: To capture a point-in-time backup from a sharded cluster you must stop all writes to the cluster. On a
running production system, you can only capture an approximation of point-in-time snapshot.
For more information on backups in MongoDB and backups of sharded clusters in particular, see MongoDB Backup
Methods (page 282) and Backup and Restore Sharded Clusters (page 355).
Considerations
113 https://cloud.mongodb.com/?jmp=docs

356

Chapter 8. Administration

MongoDB Documentation, Release 3.2.5

Balancer It is essential that you stop the balancer (page 758) before capturing a backup.
If the balancer is active while you capture backups, the backup artifacts may be incomplete and/or have duplicate data,
as chunks may migrate while recording backups.
Precision In this procedure, you will stop the cluster balancer and take a backup up of the config database, and
then take backups of each shard in the cluster using a file-system snapshot tool. If you need an exact moment-in-time
snapshot of the system, you will need to stop all application writes before taking the filesystem snapshots; otherwise
the snapshot will only approximate a moment in time.
For approximate point-in-time snapshots, you can minimize the impact on the cluster by taking the backup from a
secondary member of each replica set shard.
Consistency If the journal and data files are on the same logical volume, you can use a single point-in-time snapshot
to capture a consistent copy of the data files.
If the journal and data files are on different file systems, you must use db.fsyncLock() and
db.fsyncUnlock() to ensure that the data files do not change, providing consistency for the purposes of creating backups.
Procedure
Step 1: Disable the balancer. To disable the balancer (page 758), connect the mongo shell to a mongos instance
and run sh.stopBalancer() in the config database.
use config
sh.stopBalancer()

For more information, see the Disable the Balancer (page 802) procedure.
Step 2: If necessary, lock one secondary member of each replica set. If your secondary does not have journaling
enabled or its journal and data files are on different volumes, you must lock the secondary’s mongod instance before
capturing a backup.
If your secondary has journaling enabled and its journal and data files are on the same volume, you may skip this step.
Important: If your deployment requires this step, you must perform it on one secondary of each shard and, if
your sharded cluster uses a replica set for the config servers, one secondary of the config server replica set (CSRS)
(page 743).
Ensure that the oplog has sufficient capacity to allow these secondaries to catch up to the state of the primaries after
finishing the backup procedure. See Oplog Size (page 657) for more information.
Lock shard replica set secondary. For each shard replica set in the sharded cluster, connect a mongo shell to the
secondary member’s mongod instance and run db.fsyncLock().
db.fsyncLock()

When calling db.fsyncLock(), ensure that the connection is kept open to allow a subsequent call to
db.fsyncUnlock().

8.2. Administration Tutorials

357

MongoDB Documentation, Release 3.2.5

Lock config server replica set secondary. If locking a secondary of the CSRS, confirm that the member has replicated data up to some control point. To verify, first connect a mongo shell to the CSRS primary and perform a write
operation with "majority" (page 180) write concern on a control collection:
use config
db.BackupControl.findAndModify(
{
query: { _id: 'BackupControlDocument' },
update: { $inc: { counter : 1 } },
new: true,
upsert: true,
writeConcern: { w: 'majority', wtimeout: 15000 } }
}
);

The operation should return the modified (or inserted) control document:
{ "_id" : "BackupControlDocument", "counter" : 1 }

Query the CSRS secondary member for the returned control document. Connect a mongo shell to the CSRS secondary
to lock and use db.collection.find() to query for the control document:
rs.slaveOk();
use config;
db.BackupControl.find(
{ "_id" : "BackupControlDocument", "counter" : 1 }
).readConcern('majority');

If the secondary member contains the latest control document, it is safe to lock the member. Otherwise, wait until the
member contains the document or select a different secondary member that contains the latest control document.
To lock the secondary member, run db.fsyncLock() on the member:
db.fsyncLock()

When calling db.fsyncLock(), ensure that the connection is kept open to allow a subsequent call to
db.fsyncUnlock().
Step 3: Back up one of the config servers.
Note: Backing up a config server (page 742) backs up the sharded cluster’s metadata. You only need to back up one
config server, as they all hold the same data. If you are using CSRS config servers, perform this step against the locked
config server.
To create a file-system snapshot of the config server, follow the procedure in Create a Snapshot (page 345).
Step 4: Back up a replica set member for each shard.
this step against the locked secondary.

If you locked a member of the replica set shards, perform

You may back up the shards in parallel. For each shard, create a snapshot, using the procedure in Backup and Restore
with Filesystem Snapshots (page 343).
Step 5: Unlock all locked replica set members. If you locked any mongod instances to capture the backup, unlock
them.
To unlock the replica set members, use db.fsyncUnlock() method in the mongo shell. For each locked member,
use the same mongo shell used to lock the instance.

358

Chapter 8. Administration

MongoDB Documentation, Release 3.2.5

db.fsyncUnlock()

Step 6: Enable the balancer. To re-enable to balancer, connect the mongo shell to a mongos instance and run
sh.setBalancerState().
sh.setBalancerState(true)

Additional Resources See also MongoDB Cloud Manager114 for seamless automation, backup, and monitoring.
Backup a Sharded Cluster with Database Dumps

On this page
•
•
•
•
•

Overview (page 359)
Prerequisites (page 359)
Consideration (page 359)
Procedure (page 360)
Additional Resources (page 361)

Changed in version 3.2: Starting in MongoDB 3.2, the following procedure can be used with the MMAPv1 (page 603)
and the WiredTiger (page 595) storage engines. With previous versions of MongoDB, the procedure applied to
MMAPv1 (page 603) only.
Overview This document describes a procedure for taking a backup of all components of a sharded cluster. This
procedure uses mongodump to create dumps of the mongod instance. An alternate procedure uses file system snapshots to capture the backup data, and may be more efficient in some situations if your system configuration allows file
system backups.
For more information on backups in MongoDB and backups of sharded clusters in particular, see MongoDB Backup
Methods (page 282) and Backup and Restore Sharded Clusters (page 355).
Prerequisites
Important: To capture a point-in-time backup from a sharded cluster you must stop all writes to the cluster. On a
running production system, you can only capture an approximation of point-in-time snapshot.

Access Control The backup (page 491) role provides the required privileges to perform backup on a sharded
cluster that has access control enabled.
Changed in version 3.2.1: The backup (page 491) role provides additional privileges to back up the
system.profile (page 377) collections that exist when running with database profiling (page 312). Previously,
users required an additional read access on this collection.
Consideration To create these backups of a sharded cluster, you will stop the cluster balancer and take a backup of
the config database, and then take backups of each shard in the cluster using mongodump to capture the backup data.
To capture a more exact moment-in-time snapshot of the system, you will need to stop all application writes before
taking the filesystem snapshots; otherwise the snapshot will only approximate a moment in time.
114 https://cloud.mongodb.com/?jmp=docs

8.2. Administration Tutorials

359

MongoDB Documentation, Release 3.2.5

For approximate point-in-time snapshots, you can minimize the impact on the cluster by taking the backup from a
secondary member of each replica set shard.
Procedure
Step 1: Disable the balancer process. To disable the balancer (page 758), connect the mongo shell to a mongos
instance and run sh.stopBalancer() in the config database.
use config
sh.stopBalancer()

For more information, see the Disable the Balancer (page 802) procedure.
Warning: If you do not stop the balancer, the backup could have duplicate data or omit data as chunks migrate
while recording backups.

Step 2: Lock one secondary member of each replica set. Lock a secondary member of each replica set in the
sharded cluster, and, if your sharded cluster uses a replica set for the config servers, one secondary of the config server
replica set (CSRS) (page 743).
Ensure that the oplog has sufficient capacity to allow these secondaries to catch up to the state of the primaries after
finishing the backup procedure. See Oplog Size (page 657) for more information.
Lock shard replica set secondary. For each shard replica set in the sharded cluster, connect a mongo shell to the
secondary member’s mongod instance and run db.fsyncLock().
db.fsyncLock()

When calling db.fsyncLock(), ensure that the connection is kept open to allow a subsequent call to
db.fsyncUnlock().
Lock config server replica set secondary. If locking a secondary of the CSRS, confirm that the member has replicated data up to some control point. To verify, first connect a mongo shell to the CSRS primary and perform a write
operation with "majority" (page 180) write concern on a control collection:
use config
db.BackupControl.findAndModify(
{
query: { _id: 'BackupControlDocument' },
update: { $inc: { counter : 1 } },
new: true,
upsert: true,
writeConcern: { w: 'majority', wtimeout: 15000 } }
}
);

The operation should return either the newly inserted document or the updated document:
{ "_id" : "BackupControlDocument", "counter" : 1 }

Query the CSRS secondary member for the returned control document. Connect a mongo shell to the CSRS secondary
to lock and use db.collection.find() to query for the control document:

360

Chapter 8. Administration

MongoDB Documentation, Release 3.2.5

rs.slaveOk();
use config;
db.BackupControl.find(
{ "_id" : "BackupControlDocument", "counter" : 1 }
).readConcern('majority');

When calling db.fsyncLock(), ensure that the connection is kept open to allow a subsequent call to
db.fsyncUnlock().
Step 3: Backup one config server. Run mongodump against a config server mongod instance to back up the
cluster’s metadata. You only need to back up one config server. If you are using CSRS config servers and locked a
config server secondary in the previous step, perform this step against the locked config server.
Use mongodump with the --oplog option to backup one of the config servers (page 742).
mongodump --oplog

If your deployment uses CSRS config servers, unlock the config server node before proceeding to the next step. To
unlock the CSRS member, use db.fsyncUnlock() method in the mongo shell used to lock the instance.
db.fsyncUnlock()

Step 4: Back up a replica set member for each shard. Back up the locked replica set members of the shards using
mongodump with the --oplog option. You may back up the shards in parallel.
mongodump --oplog

Step 5: Unlock replica set members for each shard. To unlock the replica set members, use
db.fsyncUnlock() method in the mongo shell. For each locked member, use the same mongo shell used to
lock the instance.
db.fsyncUnlock()

Allow these members to catch up with the state of the primary.
Step 6: Re-enable the balancer process. To re-enable to balancer, connect the mongo shell to a mongos instance
and run sh.setBalancerState().
use config
sh.setBalancerState(true)

Additional Resources See also MongoDB Cloud Manager115 for seamless automation, backup, and monitoring.
115 https://cloud.mongodb.com/?jmp=docs

8.2. Administration Tutorials

361

MongoDB Documentation, Release 3.2.5

Schedule Backup Window for Sharded Clusters

On this page
• Overview (page 362)
• Procedure (page 362)

Overview In a sharded cluster, the balancer process is responsible for distributing sharded data around the cluster,
so that each shard has roughly the same amount of data.
However, when creating backups from a sharded cluster it is important that you disable the balancer while taking
backups to ensure that no chunk migrations affect the content of the backup captured by the backup procedure. Using
the procedure outlined in the section Disable the Balancer (page 802) you can manually stop the balancer process
temporarily. As an alternative you can use this procedure to define a balancing window so that the balancer is always
disabled during your automated backup operation.
Procedure If you have an automated backup schedule, you can disable all balancing operations for a period of time.
For instance, consider the following command:

use config
db.settings.update( { _id : "balancer" }, { $set : { activeWindow : { start : "06:00", stop : "23:00"

This operation configures the balancer to run between 6:00am and 11:00pm, server time. Schedule your backup
operation to run and complete outside of this time. Ensure that the backup can complete outside the window when
the balancer is running and that the balancer can effectively balance the collection among the shards in the window
allotted to each.
Restore a Single Shard

On this page
• Overview (page 362)
• Procedure (page 362)

Overview Restoring a single shard from backup with other unaffected shards requires a number of special considerations and practices. This document outlines the additional tasks you must perform when restoring a single shard.
Consider the following resources on backups in general as well as backup and restoration of sharded clusters specifically:
• Backup and Restore Sharded Clusters (page 355)
• Restore a Sharded Cluster (page 363)
• MongoDB Backup Methods (page 282)
Procedure Always restore sharded clusters as a whole. When you restore a single shard, keep in mind that the
balancer process might have moved chunks to or from this shard since the last backup. If that’s the case, you must
manually move those chunks, as described in this procedure.

362

Chapter 8. Administration

MongoDB Documentation, Release 3.2.5

Step 1: Restore the shard as you would any other mongod instance. See MongoDB Backup Methods (page 282)
for overviews of these procedures.
Step 2: Manage the chunks. For all chunks that migrate away from this shard, you do not need to do anything at
this time. You do not need to delete these documents from the shard because the chunks are automatically filtered out
from queries by mongos. You can remove these documents from the shard, if you like, at your leisure.
For chunks that migrate to this shard after the most recent backup, you must manually recover the chunks using backups of other shards, or some other source. To determine what chunks have moved, view the changelog collection
in the Config Database (page 823).
Restore a Sharded Cluster

On this page
• Overview (page 363)
• Procedures (page 363)

Overview You can restore a sharded cluster either from snapshots (page 343) or from BSON database dumps
(page 359) created by the mongodump tool. This document describes procedures to
• Restore a Sharded Cluster with Filesystem Snapshots (page 363)
• Restore a Sharded Cluster with Database Dumps (page 365)
Procedures
Restore a Sharded Cluster with Filesystem Snapshots The following procedure outlines the steps to restore a
sharded cluster from filesystem snapshots. To create filesystem snapshots of sharded clusters, see Backup a Sharded
Cluster with Filesystem Snapshots (page 356).
Step 1: Shut down the entire cluster. Stop all mongos and mongod processes, including all shards and all config
servers. To stop all members, connect to each member and issue following operations:
use admin
db.shutdownServer()

Step 2: Restore the data files. On each server, extract the data files to the location where the mongod instance will
access them and restore the following:
• Data files for each server in each shard.
For each shard replica set, restore all the members of the replica set. See Restore a Replica Set from MongoDB
Backups (page 348).
• Data files for each config server.
Changed in version 3.2: If restoring to a config server replica set (CSRS) (page 743), restore the members of the
replica set. See Restore a Replica Set from MongoDB Backups (page 348).
Else, if restoring to 3 mirrored config servers, restore the files on each config server mongod instance as you
would a standalone node.
8.2. Administration Tutorials

363

MongoDB Documentation, Release 3.2.5

See also:
Restore a Snapshot (page 346).
Step 3: Restart the config servers.
• If restoring to a config server replica set (page 743), restart each member of the CSRS.
mongod --configsvr --replSet --dbpath --port 27019

• Or, if restoring to a three mirrored mongod instances, start exactly three mongod config server instances.
mongod --configsvr --dbpath --port 27019

Step 4: Start one mongos instance.
• If using a CSRS (page 743) deployment, start mongos with the --configdb option set to the replica set name
and seed list of the CSRS started in the step Restart the config servers. (page ??)
• Or, if using three mirrored config servers, start mongos with the --configdb option set to the hostnames
(and port numbers) of the config servers started in the step Restart the config servers. (page ??)
Step 5: If shard hostnames have changed, update the config database. If shard hostnames have changed, connect a mongo shell to the mongos instance and update the shards (page 828) collection in the Config Database
(page 823) to reflect the new hostnames.
Step 6: Clear per-shard sharding recovery information. If the backup data was from a deployment using CSRS
(page 743), clear out the no longer applicable recovery information on each shard. For each shard:
1. Restart the replica set members for the shard with the recoverShardingState parameter set to false.
Include additional options as required for your specific configuration.
mongod --setParameter=recoverShardingState=false --replSet

2. Connect mongo shell to the primary of the replica set and delete from the admin.system.version collection the document where _id equals minOpTimeRecovery id. Use write concern "majority".
use admin
db.system.version.remove(
{ _id: "minOpTimeRecovery" },
{ writeConcern: { w: "majority" } }
)

3. Shut down the replica set members for the shard.
Step 7: Restart all the shard mongod instances. Do not include the recoverShardingState parameter.
Step 8: Restart the other mongos instances.
• If using a CSRS deployment, specify for --configdb the config server replica set name and a seed list of the
CSRS started in the step Restart the config servers. (page ??)
• Or, if using three mirrored config servers, specify for --configdb the hostnames (and port numbers) of the
config servers started in the step Restart the config servers. (page ??) All mongos must specify the same
--configdb string.

364

Chapter 8. Administration

MongoDB Documentation, Release 3.2.5

Step 9: Verify that the cluster is operational. Connect to a mongos instance from a mongo shell and use the
db.printShardingStatus() method to ensure that the cluster is operational.
db.printShardingStatus()
show collections

Restore a Sharded Cluster with Database Dumps The following procedure outlines the steps to restore a sharded
cluster from the BSON database dumps created by mongodump. For information on using mongodump to backup
sharded clusters, see Backup a Sharded Cluster with Database Dumps (page 359).
Changed in version 3.0: mongorestore requires a running MongoDB instances.
Earlier versions of
mongorestore did not require a running MongoDB instances and instead used the --dbpath option. For instructions specific to your version of mongorestore, refer to the appropriate version of the manual.
Step 1: Deploy a new replica set for each shard. For each shard, deploy a new replica set:
1. Start a new mongod for each member of the replica set. Include any other configuration as appropriate.
2. Connect a mongo to one of the mongod instances. In the mongo shell:
(a) Run rs.initiate().
(b) Use rs.add() to add the other members of the replica set.
For detailed instructions on deploying a replica set, see Deploy a Replica Set (page 667).
Step 2: Deploy new config servers.
Replica Set (page 766).

To deploy config servers as replica set (CSRS), see Deploy the Config Server

To deploy config servers as 3 mirrored mongod instances, see Start 3 Mirrored Config Servers (Deprecated)
(page 769).
Step 3: Start the mongos instances. Start the mongos instances, specifying the new config servers with
--configdb. Include any other configuration as appropriate.
For sharded clusters with CSRS, see Start the mongos Instances (page 767).
For sharded clusters with 3 mirrored config servers, see Start the mongos Instances (Deprecated) (page 770).
Step 4: Add shards to the cluster. Connect a mongo shell to a mongos instance. Use sh.addShard() to add
each replica sets as a shard.
For detailed instructions in adding shards to the cluster, see Add Shards to the Cluster (page 767).
Step 5: Shut down the mongos instances. Once the new sharded cluster is up, shut down all mongos instances.
Step 6: Restore the shard data. For each shard, use mongorestore to restore the data dump to the primary’s
data directory. Include the --drop option to drop the collections before restoring and, because the backup procedure
(page 359) included the --oplog option, include the --oplogReplay option for mongorestore.
For example, on the primary for ShardA, run the mongorestore. Specify any other configuration as appropriate.
mongorestore --drop --oplogReplay /data/dump/shardA

After you have finished restoring all the shards, shut down all shard instances.

8.2. Administration Tutorials

365

MongoDB Documentation, Release 3.2.5

Step 7: Restore the config server data.
mongorestore --drop --oplogReplay /data/dump/configData

Step 8: Start one mongos instance.
• If using a CSRS (page 743) deployment, start mongos with the --configdb option set to the replica set name
and seed list of the CSRS started in the step Deploy new config servers. (page ??)
• Or, if using three mirrored config servers, start mongos with the --configdb option set to the hostnames
(and port numbers) of the config servers started in the step Deploy new config servers. (page ??)
Step 9: If shard hostnames have changed, update the config database. If shard hostnames have changed, connect a mongo shell to the mongos instance and update the shards (page 828) collection in the Config Database
(page 823) to reflect the new hostnames.
Step 10: Restart all the shard mongod instances. Do not include the recoverShardingState parameter.
Step 11: Restart the other mongos instances.
• If using a CSRS deployment, specify for --configdb the config server replica set name and a seed list of the
CSRS started in the step Deploy new config servers. (page ??)
• Or, if using three mirrored config servers, specify for --configdb the hostnames (and port numbers) of the
config servers started in the step Deploy new config servers. (page ??) All mongos must specify the same
--configdb string.
Step 12: Verify that the cluster is operational. Connect to a mongos instance from a mongo shell and use the
db.printShardingStatus() method to ensure that the cluster is operational.
db.printShardingStatus()
show collections

See also:
MongoDB Backup Methods (page 282), Backup and Restore Sharded Clusters (page 355)
Recover Data after an Unexpected Shutdown

On this page
• Process (page 367)
• Procedures (page 368)
• mongod.lock (page 369)
If MongoDB does not shutdown cleanly, the on-disk representation of the data files will likely reflect an inconsistent
state which could lead to data corruption. 116
116 You can also use the db.collection.validate() method to test the integrity of a single collection. However, this process is time
consuming, and without journaling you can safely assume that the data is in an invalid state and you should either run the repair operation or resync
from an intact member of the replica set.

366

Chapter 8. Administration

MongoDB Documentation, Release 3.2.5

To prevent data inconsistency and corruption, always shut down the database cleanly and use the durability journaling.
MongoDB writes data to the journal, by default, every 100 milliseconds, such that MongoDB can always recover to a
consistent state even in the case of an unclean shutdown due to power loss or other system failure.
If you are not running as part of a replica set and do not have journaling enabled, use the following procedure to
recover data that may be in an inconsistent state. If you are running as part of a replica set, you should always restore
from a backup or restart the mongod instance with an empty dbPath and allow MongoDB to perform an initial sync
to restore the data.
To ensure a clean shut down, use one of the following methods:
• db.shutdownServer() from the mongo shell,
• Your system’s init script,
• “Control-C” when running mongod in interactive mode,
• kill $(pidof mongod); or kill -2 $(pidof mongod),
• On Linux, the mongod --shutdown option.
See also:
The Administration (page 281) documents, including Replica Set Syncing (page 656), and the documentation on the
--repair repairPath and storage.journal.enabled settings.
Process

Indications When you are aware of a mongod instance running without journaling that stops unexpectedly and
you’re not running with replication, you should always run the repair operation before starting MongoDB again. If
you’re using replication, then restore from a backup and allow replication to perform an initial sync (page 656) to
restore data.
If the mongod.lock file in the data directory specified by dbPath, /data/db by default, is not a zero-byte file,
then mongod will refuse to start, and you will find a message that contains the following line in your MongoDB log
our output:
Unclean shutdown detected.

This indicates that you need to run mongod with the --repair option. If you run repair when the mongodb.lock
file exists in your dbPath, or the optional --repairpath, you will see a message that contains the following line:
old lock file: /data/db/mongod.lock. probably means unclean shutdown

If you see this message, as a last resort you may remove the lockfile and run the repair operation before starting the
database normally, as in the following procedure:

Overview

Warning: Recovering a member of a replica set.
Do not use this procedure to recover a member of a replica set. Instead you should either restore from a backup
(page 282) or perform an initial sync using data from an intact member of the set, as described in Resync a Member
of a Replica Set (page 699).

There are two processes to repair data files that result from an unexpected shutdown:
• Use the --repair option in conjunction with the --repairpath option. mongod will read the existing
data files, and write the existing data to new data files.
You do not need to remove the mongod.lock file before using this procedure.

8.2. Administration Tutorials

367

MongoDB Documentation, Release 3.2.5

• Use the --repair option. mongod will read the existing data files, write the existing data to new files and
replace the existing, possibly corrupt, files with new files.
You must remove the mongod.lock file before using this procedure.
Note: --repair functionality is also available in the shell with the db.repairDatabase() helper for the
repairDatabase command.

Procedures

Important: Always Run mongod as the same user to avoid changing the permissions of the MongoDB data files.

Repair Data Files and Preserve Original Files To repair your data files using the --repairpath option to
preserve the original data files unmodified.
Step 1: Start mongod using the option to replace the original files with the repaired files. Start the mongod
instance using the --repair option and the --repairpath option. Issue a command similar to the following:
mongod --dbpath /data/db --repair --repairpath /data/db0

When this completes, the new repaired data files will be in the /data/db0 directory.
Step 2: Start mongod with the new data directory. Start mongod using the following invocation to point the
dbPath at /data/db0:
mongod --dbpath /data/db0

Once you confirm that the data files are operational you may delete or archive the old data files in the /data/db
directory. You may also wish to move the repaired files to the old database location or update the dbPath to indicate
the new location.
Repair Data Files without Preserving Original Files To repair your data files without preserving the original files,
do not use the --repairpath option, as in the following procedure:
Warning: After you remove the mongod.lock file you must run the --repair process before using your
database.

Step 1: Remove the stale lock file. For example:
rm /data/db/mongod.lock

Replace /data/db with your dbPath where your MongoDB instance’s data files reside.
Step 2: Start mongod using the option to replace the original files with the repaired files. Start the mongod
instance using the --repair option, which replaces the original data files with the repaired data files. Issue a
command similar to the following:
mongod --dbpath /data/db --repair

When this completes, the repaired data files will replace the original data files in the /data/db directory.
368

Chapter 8. Administration

MongoDB Documentation, Release 3.2.5

Step 3: Start mongod as usual.

Start mongod using the following invocation to point the dbPath at /data/db:

mongod --dbpath /data/db

mongod.lock

In normal operation, you should never remove the mongod.lock file and start mongod. Instead consider the one
of the above methods to recover the database and remove the lock files. In dire situations you can remove the lockfile,
and start the database using the possibly corrupt files, and attempt to recover data from the database; however, it’s
impossible to predict the state of the database in these situations.
If you are not running with journaling, and your database shuts down unexpectedly for any reason, you should always
proceed as if your database is in an inconsistent and likely corrupt state. If at all possible restore from backup
(page 282) or, if running as a replica set, restore by performing an initial sync using data from an intact member of the
set, as described in Resync a Member of a Replica Set (page 699).

8.2.3 MongoDB Tutorials
This page lists the tutorials available as part of the MongoDB Manual. In addition to these tutorial in the manual,
MongoDB provides Getting Started Guides in various driver editions. If there is a process or pattern that you would
like to see included here, please open a Jira Case117 .
Installation
• Install MongoDB Community Edition From Tarball (page 39)
• Install MongoDB Community Edition on Red Hat Enterprise or CentOS Linux (page 23)
• Install MongoDB Community Edition on Debian (page 36)
• Install MongoDB Community Edition on Ubuntu (page 33)
• Install MongoDB Community Edition on Amazon Linux (page 30)
• Install MongoDB Community Edition on SUSE (page 27)
• Install MongoDB Community Edition on OS X (page 42)
• Install MongoDB Community Edition on Windows (page 44)
Administration
Replica Sets

• Deploy a Replica Set (page 667)
• Convert a Standalone to a Replica Set (page 678)
• Add Members to a Replica Set (page 679)
• Remove Members from Replica Set (page 682)
• Replace a Replica Set Member (page 684)
• Adjust Priority for Replica Set Member (page 685)
117 https://jira.mongodb.org/browse/DOCS

8.2. Administration Tutorials

369

MongoDB Documentation, Release 3.2.5

• Resync a Member of a Replica Set (page 699)
• Deploy a Geographically Redundant Replica Set (page 672)
• Change the Size of the Oplog (page 693)
• Force a Member to Become Primary (page 697)
• Change Hostnames in a Replica Set (page 706)
• Add an Arbiter to Replica Set (page 677)
• Convert a Secondary to an Arbiter (page 691)
• Configure a Secondary’s Sync Target (page 710)
• Configure a Delayed Replica Set Member (page 689)
• Configure a Hidden Replica Set Member (page 687)
• Configure Non-Voting Replica Set Member (page 690)
• Prevent Secondary from Becoming Primary (page 686)
• Configure Replica Set Tag Sets (page 700)
• Manage Chained Replication (page 705)
• Reconfigure a Replica Set with Unavailable Members (page 704)
• Recover Data after an Unexpected Shutdown (page 366)
• Troubleshoot Replica Sets (page 711)
Sharding

• Deploy a Sharded Cluster (page 765)
• Convert a Replica Set to a Sharded Cluster (page 775)
• Add Shards to a Cluster (page 773)
• Remove Shards from an Existing Sharded Cluster (page 805)
• Migrate Config Servers with the Same Hostname (page 792)
• Migrate Config Servers with Different Hostnames (page 793)
• Replace a Config Server (page 791)
• Migrate a Sharded Cluster to Different Hardware (page 794)
• Backup Cluster Metadata (page 797)
• Backup a Small Sharded Cluster with mongodump (page 355)
• Backup a Sharded Cluster with Filesystem Snapshots (page 356)
• Backup a Sharded Cluster with Database Dumps (page 359)
• Restore a Single Shard (page 362)
• Restore a Sharded Cluster (page 363)
• Schedule Backup Window for Sharded Clusters (page 362)
• Manage Shard Tags (page 816)

370

Chapter 8. Administration

MongoDB Documentation, Release 3.2.5

Basic Operations

• Use Database Commands (page 322)
• Recover Data after an Unexpected Shutdown (page 366)
• Expire Data from Collections by Setting TTL (page 567)
• Analyze Performance of Database Operations (page 326)
• Rotate Log Files (page 330)
• Manage mongod Processes (page 323)
• Back Up and Restore with MongoDB Tools (page 349)
• Backup and Restore with Filesystem Snapshots (page 343)
Security

• Configure Linux iptables Firewall for MongoDB (page 475)
• Configure Windows netsh Firewall for MongoDB (page 479)
• Enable Client Access Control (page 435)
• Enable Internal Authentication (page 425)
• Manage Users and Roles (page 441)
• Configure MongoDB with Kerberos Authentication on Linux (page 409)
• Create a Vulnerability Report (page 512)
Development Patterns
• Perform Two Phase Commits (page 164)
• Create an Auto-Incrementing Sequence Field (page 173)
• Enforce Unique Keys for Sharded Collections (page 818)
• Aggregation with the Zip Code Data Set (page 206)
• Aggregation with User Preference Data (page 209)
• Model Data to Support Keyword Search (page 273)
• Limit Number of Elements in an Array after an Update (page 156)
• Perform Incremental Map-Reduce (page 219)
• Troubleshoot the Map Function (page 221)
• Troubleshoot the Reduce Function (page 222)
• Store a JavaScript Function on the Server (page 334)

8.2. Administration Tutorials

371

MongoDB Documentation, Release 3.2.5

Text Search Patterns
• Specify a Language for Text Index (page 538)
• Specify Name for text Index (page 540)
• Control Search Results with Weights (page 541)
• Limit the Number of Entries Scanned (page 542)
Data Modeling Patterns
• Model One-to-One Relationships with Embedded Documents (page 259)
• Model One-to-Many Relationships with Embedded Documents (page 260)
• Model One-to-Many Relationships with Document References (page 261)
• Model Data for Atomic Operations (page 272)
• Model Tree Structures with Parent References (page 264)
• Model Tree Structures with Child References (page 266)
• Model Tree Structures with Materialized Paths (page 269)
• Model Tree Structures with Nested Sets (page 270)
See also:
The MongoDB Manual contains administrative documentation and tutorials though out several sections. See Replica
Set Tutorials (page 665) and Sharded Cluster Tutorials (page 764) for additional tutorials and information.

8.3 Administration Reference
UNIX ulimit Settings (page 372) Describes user resources limits (i.e. ulimit) and introduces the considerations
and optimal configurations for systems that run MongoDB deployments.
System Collections (page 376) Introduces the internal collections that MongoDB uses to track per-database metadata,
including indexes, collections, and authentication credentials.
Database Profiler Output (page 378) Describes the data collected by MongoDB’s operation profiler, which introspects operations and reports data for analysis on performance and behavior.
Server-side JavaScript (page 383) Describes MongoDB’s support for executing JavaScript code for server-side operations.
Exit Codes and Statuses (page 385) Lists the unique codes returned by mongos and mongod processes upon exit.

8.3.1 UNIX ulimit Settings
On this page
• Resource Utilization (page 373)
• Review and Set Resource Limits (page 374)

372

Chapter 8. Administration

MongoDB Documentation, Release 3.2.5

Most UNIX-like operating systems, including Linux and OS X, provide ways to limit and control the usage of system
resources such as threads, files, and network connections on a per-process and per-user basis. These “ulimits” prevent
single users from using too many system resources. Sometimes, these limits have low default values that can cause a
number of issues in the course of normal MongoDB operation.
Note: Red Hat Enterprise Linux and CentOS 6 place a max process limitation of 1024 which overrides ulimit settings. Create a file named /etc/security/limits.d/99-mongodb-nproc.conf with new soft nproc
and hard nproc values to increase the process limit. See /etc/security/limits.d/90-nproc.conf file
as an example.

Resource Utilization
mongod and mongos each use threads and file descriptors to track connections and manage internal operations. This
section outlines the general resource utilization patterns for MongoDB. Use these figures in combination with the
actual information about your deployment and its use to determine ideal ulimit settings.
Generally, all mongod and mongos instances:
• track each incoming connection with a file descriptor and a thread.
• track each internal thread or pthread as a system process.
mongod

• 1 file descriptor for each data file in use by the mongod instance.
• 1 file descriptor for each journal file used by the mongod instance when storage.journal.enabled is
true.
• In replica sets, each mongod maintains a connection to all other members of the set.
mongod uses background threads for a number of internal processes, including TTL collections (page 567), replication, and replica set health checks, which may require a small number of additional resources.
mongos

In addition to the threads and file descriptors for client connections, mongos must maintain connects to all config
servers and all shards, which includes all members of all replica sets.
For mongos, consider the following behaviors:
• mongos instances maintain a connection pool to each shard so that the mongos can reuse connections and
quickly fulfill requests without needing to create new connections.
• You can limit the number of incoming connections using the maxIncomingConnections run-time option.
By restricting the number of incoming connections you can prevent a cascade effect where the mongos creates
too many connections on the mongod instances.
Note: Changed in version 2.6: MongoDB removed the upward limit on the maxIncomingConnections
setting.

8.3. Administration Reference

373

MongoDB Documentation, Release 3.2.5

Review and Set Resource Limits
ulimit

You can use the ulimit command at the system prompt to check system limits, as in the following example:
$ ulimit -a
-t: cpu time (seconds)
-f: file size (blocks)
-d: data seg size (kbytes)
-s: stack size (kbytes)
-c: core file size (blocks)
-m: resident set size (kbytes)
-u: processes
-n: file descriptors
-l: locked-in-memory size (kb)
-v: address space (kb)
-x: file locks
-i: pending signals
-q: bytes in POSIX msg queues
-e: max nice
-r: max rt priority
-N 15:

unlimited
unlimited
unlimited
8192
0
unlimited
192276
21000
40000
unlimited
unlimited
192276
819200
30
65
unlimited

ulimit refers to the per-user limitations for various resources. Therefore, if your mongod instance executes as
a user that is also running multiple processes, or multiple mongod processes, you might see contention for these
resources. Also, be aware that the processes value (i.e. -u) refers to the combined number of distinct processes
and sub-process threads.
You can change ulimit settings by issuing a command in the following form:
ulimit -n

There are both “hard” and the “soft” ulimits that affect MongoDB’s performance. The “hard” ulimit refers to
the maximum number of processes that a user can have active at any time. This is the ceiling: no non-root process
can increase the “hard” ulimit. In contrast, the “soft” ulimit is the limit that is actually enforced for a session or
process, but any process can increase it up to “hard” ulimit maximum.
A low “soft” ulimit can cause can’t create new thread, closing connection errors if the number
of connections grows too high. For this reason, it is extremely important to set both ulimit values to the recommended values.
ulimit will modify both “hard” and “soft” values unless the -H or -S modifiers are specified when modifying limit
values.
For many distributions of Linux you can change values by substituting the -n option for any possible value in the
output of ulimit -a. On OS X, use the launchctl limit command. See your operating system documentation
for the precise procedure for changing system limits on running systems.
After changing the ulimit settings, you must restart the process to take advantage of the modified settings. You can
use the /proc file system to see the current limitations on a running process.
Depending on your system’s configuration, and default settings, any change to system limits made using ulimit
may revert following system a system restart. Check your distribution and operating system documentation for more
information.
Note: SUSE Linux Enterprise Server and potentially other SUSE distributions ship with virtual memory address
space limited to 8 GB by default. You must adjust this in order to prevent virtual memory allocation failures as the
database grows.

374

Chapter 8. Administration

MongoDB Documentation, Release 3.2.5

The SLES packages for MongoDB adjust these limits in the default scripts, but you will need to make this change
manually if you are using custom scripts and/or the tarball release rather than the SLES packages.

Recommended ulimit Settings

Every deployment may have unique requirements and settings; however, the following thresholds and settings are
particularly important for mongod and mongos deployments:
• -f (file size): unlimited
• -t (cpu time): unlimited
• -v (virtual memory): unlimited 118
• -n (open files): 64000
• -m (memory size): unlimited 1

119

• -u (processes/threads): 64000
Always remember to restart your mongod and mongos instances after changing the ulimit settings to ensure that
the changes take effect.
Linux distributions using Upstart

For Linux distributions that use Upstart, you can specify limits within service scripts if you start mongod and/or
mongos instances as Upstart services. You can do this by using limit stanzas120 .
Specify the Recommended ulimit Settings (page 375), as in the following example:
limit
limit
limit
limit
limit

fsize unlimited unlimited
cpu unlimited unlimited
as unlimited unlimited
nofile 64000 64000
nproc 64000 64000

#
#
#
#
#

(file size)
(cpu time)
(virtual memory size)
(open files)
(processes/threads)

Each limit stanza sets the “soft” limit to the first value specified and the “hard” limit to the second.
After changing limit stanzas, ensure that the changes take effect by restarting the application services, using the
following form:
restart

Linux distributions using systemd

For Linux distributions that use systemd, you can specify limits within the [Service] sections of service scripts
if you start mongod and/or mongos instances as systemd services. You can do this by using resource limit directives121 .
Specify the Recommended ulimit Settings (page 375), as in the following example:
118 If you limit virtual or resident memory size on a system running MongoDB the operating system will refuse to honor additional allocation
requests.
119 The -m parameter to ulimit has no effect on Linux systems with kernel versions more recent than 2.4.30. You may omit -m if you wish.
120 http://upstart.ubuntu.com/wiki/Stanzas#limit
121 http://www.freedesktop.org/software/systemd/man/systemd.exec.html#LimitCPU=

8.3. Administration Reference

375

MongoDB Documentation, Release 3.2.5

[Service]
# Other directives omitted
# (file size)
LimitFSIZE=infinity
# (cpu time)
LimitCPU=infinity
# (virtual memory size)
LimitAS=infinity
# (open files)
LimitNOFILE=64000
# (processes/threads)
LimitNPROC=64000

Each systemd limit directive sets both the “hard” and “soft” limits to the value specified.
After changing limit stanzas, ensure that the changes take effect by restarting the application services, using the
following form:
systemctl restart

/proc File System

Note: This section applies only to Linux operating systems.
The /proc file-system stores the per-process limits in the file system object located at /proc//limits,
where is the process’s PID or process identifier. You can use the following bash function to return the content
of the limits object for a process or processes with a given name:
return-limits(){
for process in $@; do
process_pids=`ps -C $process -o pid --no-headers | cut -d " " -f 2`
if [ -z $@ ]; then
echo "[no $process running]"
else
for pid in $process_pids; do
echo "[$process #$pid -- limits]"
cat /proc/$pid/limits
done
fi
done
}

You can copy and paste this function into a current shell session or load it as part of a script. Call the function with
one the following invocations:
return-limits mongod
return-limits mongos
return-limits mongod mongos

8.3.2 System Collections

376

Chapter 8. Administration

MongoDB Documentation, Release 3.2.5

On this page
• Synopsis (page 377)
• Collections (page 377)

Synopsis
MongoDB stores system information in collections that use the .system.* namespace, which MongoDB reserves for internal use. Do not create collections that begin with system.
MongoDB also stores some additional instance-local metadata in the local database (page 723), specifically for replication purposes.
Collections
System collections include these collections stored in the admin database:
admin.system.roles
New in version 2.6.
The admin.system.roles (page 377) collection stores custom roles that administrators create and assign
to users to provide access to specific resources.
admin.system.users
Changed in version 2.6.
The admin.system.users (page 377) collection stores the user’s authentication credentials as well as any
roles assigned to the user. Users may define authorization roles in the admin.system.roles (page 377)
collection.
admin.system.version
New in version 2.6.
Stores the schema version of the user credential documents.
System collections also include these collections stored directly in each database:
.system.namespaces
Deprecated since version 3.0: Access this data using listCollections.
The .system.namespaces (page 377) collection contains information about all of the
database’s collections.
.system.indexes
Deprecated since version 3.0: Access this data using listIndexes.
The .system.indexes (page 377) collection lists all the indexes in the database.
.system.profile
The .system.profile (page 377) collection stores database profiling information. For information on profiling, see Database Profiling (page 312).
.system.js
The .system.js (page 377) collection holds special JavaScript code for use in server side
JavaScript (page 383). See Store a JavaScript Function on the Server (page 334) for more information.

8.3. Administration Reference

377

MongoDB Documentation, Release 3.2.5

8.3.3 Database Profiler Output
On this page
• Example system.profile Document (page 378)
• Output Reference (page 380)
The database profiler captures data information about read and write operations, cursor operations, and database commands. To configure the database profile and set the thresholds for capturing profile data, see the Analyze Performance
of Database Operations (page 326) section.
The database profiler writes data in the system.profile (page 377) collection, which is a capped collection. To
view the profiler’s output, use normal MongoDB queries on the system.profile (page 377) collection.
Note: Because the database profiler writes data to the system.profile (page 377) collection in a database, the
profiler will profile some write activity, even for databases that are otherwise read-only.

Example system.profile Document
The documents in the system.profile (page 377) collection have the following form. This example document
reflects a find operation:
{
"op" : "query",
"ns" : "test.c",
"query" : {
"find" : "c",
"filter" : {
"a" : 1
}
},
"keysExamined" : 2,
"docsExamined" : 2,
"cursorExhausted" : true,
"keyUpdates" : 0,
"writeConflicts" : 0,
"numYield" : 0,
"locks" : {
"Global" : {
"acquireCount" : {
"r" : NumberLong(2)
}
},
"Database" : {
"acquireCount" : {
"r" : NumberLong(1)
}
},
"Collection" : {
"acquireCount" : {
"r" : NumberLong(1)
}
}
},
"nreturned" : 2,

378

Chapter 8. Administration

MongoDB Documentation, Release 3.2.5

"responseLength" : 108,
"millis" : 0,
"execStats" : {
"stage" : "FETCH",
"nReturned" : 2,
"executionTimeMillisEstimate" : 0,
"works" : 3,
"advanced" : 2,
"needTime" : 0,
"needYield" : 0,
"saveState" : 0,
"restoreState" : 0,
"isEOF" : 1,
"invalidates" : 0,
"docsExamined" : 2,
"alreadyHasObj" : 0,
"inputStage" : {
"stage" : "IXSCAN",
"nReturned" : 2,
"executionTimeMillisEstimate" : 0,
"works" : 3,
"advanced" : 2,
"needTime" : 0,
"needYield" : 0,
"saveState" : 0,
"restoreState" : 0,
"isEOF" : 1,
"invalidates" : 0,
"keyPattern" : {
"a" : 1
},
"indexName" : "a_1",
"isMultiKey" : false,
"isUnique" : false,
"isSparse" : false,
"isPartial" : false,
"indexVersion" : 1,
"direction" : "forward",
"indexBounds" : {
"a" : [
"[1.0, 1.0]"
]
},
"keysExamined" : 2,
"dupsTested" : 0,
"dupsDropped" : 0,
"seenInvalidated" : 0
}
},
"ts" : ISODate("2015-09-03T15:26:14.948Z"),
"client" : "127.0.0.1",
"allUsers" : [ ],
"user" : ""
}

8.3. Administration Reference

379

MongoDB Documentation, Release 3.2.5

Output Reference
For any single operation, the documents created by the database profiler will include a subset of the following fields.
The precise selection of fields in these documents depends on the type of operation.
Changed in version 3.2.0: system.profile.query.skip replaces the system.profile.ntoskip field.
Changed in version 3.2.0: The information in the system.profile.ntoreturn field has been replaced
by two separate fields, system.profile.query.limit and system.profile.query.batchSize.
Older drivers or older versions of the mongo shell may still use ntoreturn; this will appear as
system.profile.query.ntoreturn.
Note: For the output specific to the version of your MongoDB, refer to the appropriate version of the MongoDB
Manual.
system.profile.op
The type of operation. The possible values are:
•insert
•query
•update
•remove
•getmore
•command
system.profile.ns
The namespace the operation targets. Namespaces in MongoDB take the form of the database, followed by a
dot (.), followed by the name of the collection.
system.profile.query
The query document (page 140) used, or for an insert operation, the inserted document. If the document exceeds
50 kilobytes, the value is a string summary of the object. If the string summary exceeds 50 kilobytes, the string
summary is truncated, denoted with an ellipsis (...) at the end of the string.
Changed in version 3.0.4: For "getmore" (page 380) operations on cursors returned from a
db.collection.find() or a db.collection.aggregate(), the query (page 380) field contains
respectively the query predicate or the issued aggregate command document. For details on the aggregate
command document, see the aggregate reference page.
system.profile.command
The command operation. If the command document exceeds 50 kilobytes, the value is a string summary of the
object. If the string summary exceeds 50 kilobytes, the string summary is truncated, denoted with an ellipsis
(...) at the end of the string.
system.profile.updateobj
The document passed in during an update (page 148) operation. If the document exceeds 50 kilobytes, the value is a string summary of the object. If the string summary exceeds 50 kilobytes, the string
summary is truncated, denoted with an ellipsis (...) at the end of the string.
system.profile.cursorid
The ID of the cursor accessed by a query and getmore operations.
system.profile.keysExamined
Changed in version 3.2.0: Renamed from system.profile.nscanned.
The number of index (page 515) keys that MongoDB scanned in order to carry out the operation.

380

Chapter 8. Administration

MongoDB Documentation, Release 3.2.5

In general, if keysExamined (page 380) is much higher than nreturned (page 382), the database is scanning many index keys to find the result documents. Consider creating or adjusting indexes to improve query
performance..
system.profile.docsExamined
Changed in version 3.2.0: Renamed from system.profile.nscannedObjects.
The number of documents in the collection that MongoDB scanned in order to carry out the operation.
system.profile.moved
Changed in version 3.0.0: Only appears when using the MMAPv1 storage engine.
This field appears with a value of true when an update operation moved one or more documents to a new
location on disk. If the operation did not result in a move, this field does not appear. Operations that result in a
move take more time than in-place updates and typically occur as a result of document growth.
system.profile.nmoved
Changed in version 3.0.0: Only appears when using the MMAPv1 storage engine.
The number of documents the operation moved on disk. This field appears only if the operation resulted in a
move. The field’s implicit value is zero, and the field is present only when non-zero.
system.profile.hasSortStage
Changed in version 3.2.0: Renamed from system.profile.scanAndOrder.
hasSortStage (page 381) is a boolean that is true when a query cannot use the ordering in the index to
return the requested sorted results; i.e. MongoDB must sort the documents after it receives the documents from
a cursor. The field only appears when the value is true.
system.profile.ndeleted
The number of documents deleted by the operation.
system.profile.ninserted
The number of documents inserted by the operation.
system.profile.nMatched
New in version 2.6.
The number of documents that match the system.profile.query (page 380) condition for the update
operation.
system.profile.nModified
New in version 2.6.
The number of documents modified by the update operation.
system.profile.upsert
A boolean that indicates the update operation’s upsert option value. Only appears if upsert is true.
system.profile.keyUpdates
The number of index (page 515) keys the update changed in the operation. Changing an index key carries a
small performance cost because the database must remove the old key and inserts a new key into the B-tree
index.
system.profile.writeConflicts
New in version 3.0.0.
The number of conflicts encountered during the write operation; e.g. an update operation attempts to modify
the same document as another update operation. See also write conflict.
system.profile.numYield
The number of times the operation yielded to allow other operations to complete. Typically, operations yield
when they need access to data that MongoDB has not yet fully read into memory. This allows other operations

8.3. Administration Reference

381

MongoDB Documentation, Release 3.2.5

that have data in memory to complete while MongoDB reads in data for the yielding operation. For more
information, see the FAQ on when operations yield (page 837).
system.profile.locks
New in version 3.0.0: locks (page 382) replaces the lockStats field.
The system.profile.locks (page 382) provides information for various lock types and lock modes
(page 836) held during the operation.
The possible lock types are:
Lock Type Description
Global
Represents global lock.
MMAPV1Journal
Represents MMAPv1 storage engine specific lock to synchronize journal writes; for
non-MMAPv1 storage engines, the mode for MMAPV1Journal is empty.
Database Represents database lock.
CollectionRepresents collection lock.
Metadata Represents metadata lock.
oplog
Represents lock on the oplog.
The possible locking modes for the lock types are as follows:
Lock Mode
R
W
r
w

Description
Represents Shared (S) lock.
Represents Exclusive (X) lock.
Represents Intent Shared (IS) lock.
Represents Intent Exclusive (IX) lock.

The returned lock information for the various lock types include:
system.profile.locks.acquireCount
Number of times the operation acquired the lock in the specified mode.
system.profile.locks.acquireWaitCount
Number of times the operation had to wait for the acquireCount (page 382) lock acquisitions because
the locks were held in a conflicting mode. acquireWaitCount (page 382) is less than or equal to
acquireCount (page 382).
system.profile.locks.timeAcquiringMicros
Cumulative time in microseconds that the operation had to wait to acquire the locks.
timeAcquiringMicros (page 382) divided by acquireWaitCount (page 382) gives an approximate average wait time for the particular lock mode.
system.profile.locks.deadlockCount
Number of times the operation encountered deadlocks while waiting for lock acquisitions.
For more information on lock modes, see What type of locking does MongoDB use? (page 836).
system.profile.nreturned
The number of documents returned by the operation.
system.profile.responseLength
The length in bytes of the operation’s result document. A large responseLength (page 382) can affect
performance. To limit the size of the result document for a query operation, you can use any of the following:
•Projections (page 153)
•The limit() method
•The batchSize() method

382

Chapter 8. Administration

MongoDB Documentation, Release 3.2.5

Note: When MongoDB writes query profile information to the log, the responseLength (page 382) value
is in a field named reslen.
system.profile.millis
The time in milliseconds from the perspective of the mongod from the beginning of the operation to the end of
the operation.
system.profile.execStats
Changed in version 3.0.
A document that contains the execution statistics of the query operation. For other operations, the value is an
empty document.
The system.profile.execStats (page 383) presents the statistics as a tree; each node provides the
statistics for the operation executed during that stage of the query operation.
Note: The following fields list for execStats (page 383) is not meant to be exhaustive as the returned fields
vary per stage.
system.profile.execStats.stage
New in version 3.0: stage (page 383) replaces the type field.
The descriptive name for the operation performed as part of the query execution; e.g.
•COLLSCAN for a collection scan
•IXSCAN for scanning index keys
•FETCH for retrieving documents
system.profile.execStats.inputStages
New in version 3.0: inputStages (page 383) replaces the children field.
An array that contains statistics for the operations that are the input stages of the current stage.
system.profile.ts
The timestamp of the operation.
system.profile.client
The IP address or hostname of the client connection where the operation originates.
For some operations, such as db.eval(), the client is 0.0.0.0:0 instead of an actual client.
system.profile.allUsers
An array of authenticated user information (user name and database) for the session. See also Users (page 394).
system.profile.user
The authenticated user who ran the operation. If the operation was not run by an authenticated user, this field’s
value is an empty string.

8.3.4 Server-side JavaScript

8.3. Administration Reference

383

MongoDB Documentation, Release 3.2.5

On this page
•
•
•
•

Overview (page 384)
Running .js files via a mongo shell Instance on the Server (page 384)
Concurrency (page 384)
Disable Server-Side Execution of JavaScript (page 384)

Overview
MongoDB provides the following commands, methods, and operator that perform server-side execution of JavaScript
code:
• mapReduce and the corresponding mongo shell method db.collection.mapReduce(). mapReduce
operations map, or associate, values to keys, and for keys with multiple values, reduce the values for each key
to a single object. For more information, see Map-Reduce (page 214).
• $where operator that evaluates a JavaScript expression or a function in order to query for documents.
You can also specify a JavaScript file to the mongo shell to run on the server. For more information, see Running .js
files via a mongo shell Instance on the Server (page 384)
JavaScript in MongoDB
Although these methods use JavaScript, most interactions with MongoDB do not use JavaScript but use an
idiomatic driver in the language of the interacting application.
You can also disable server-side execution of JavaScript. For details, see Disable Server-Side Execution of JavaScript
(page 384).
Running .js files via a mongo shell Instance on the Server
You can specify a JavaScript (.js) file to a mongo shell instance to execute the file on the server. This is a good
technique for performing batch administrative work. When you run mongo shell on the server, connecting via the
localhost interface, the connection is fast with low latency.
For more information, see Write Scripts for the mongo Shell (page 84).
Concurrency
Changed in version 3.2: MongoDB 3.2 uses SpiderMonkey as the JavaScript engine for the mongo shell. For information on this change, see JavaScript Changes in MongoDB 3.2 (page 899).
Refer to the individual method or operator documentation for any concurrency information. See also the concurrency
table (page 837).
Disable Server-Side Execution of JavaScript
You can disable all server-side execution of JavaScript, by passing the --noscripting option on the command
line or setting security.javascriptEnabled in a configuration file.
See also:
Store a JavaScript Function on the Server (page 334)

384

Chapter 8. Administration

MongoDB Documentation, Release 3.2.5

8.3.5 Exit Codes and Statuses
MongoDB will return one of the following codes and statuses when exiting. Use this guide to interpret logs and when
troubleshooting issues with mongod and mongos instances.
0
Returned by MongoDB applications upon successful exit.
2
The specified options are in error or are incompatible with other options.
3
Returned by mongod if there is a mismatch between hostnames specified on the command line and in the
local.sources (page 725) collection. mongod may also return this status if oplog collection in the local
database is not readable.
4
The version of the database is different from the version supported by the mongod (or mongod.exe) instance.
The instance exits cleanly. Restart mongod with the --upgrade option to upgrade the database to the version
supported by this mongod instance.
5
Returned by mongod if a moveChunk operation fails to confirm a commit.
12
Returned by the mongod.exe process on Windows when it receives a Control-C, Close, Break or Shutdown
event.
14
Returned by MongoDB applications which encounter an unrecoverable error, an uncaught exception or uncaught
signal. The system exits without performing a clean shut down.
20
Message: ERROR: wsastartup failed
Returned by MongoDB applications on Windows following an error in the WSAStartup function.
Message: NT Service Error
Returned by MongoDB applications for Windows due to failures installing, starting or removing the NT Service
for the application.
45
Returned when a MongoDB application cannot open a file or cannot obtain a lock on a file.
47
MongoDB applications exit cleanly following a large clock skew (32768 milliseconds) event.
48
mongod exits cleanly if the server socket closes. The server socket is on port 27017 by default, or as specified
to the --port run-time option.
49
Returned by mongod.exe or mongos.exe on Windows when either receives a shutdown message from the
Windows Service Control Manager.
100
Returned by mongod when the process throws an uncaught exception.

8.3. Administration Reference

385

MongoDB Documentation, Release 3.2.5

8.4 Production Checklist
On this page
• Additional Resources (page 390)
The following checklists provide recommendations that will help you avoid issues in your production MongoDB
deployment.

8.4.1 Operations Checklist
On this page
•
•
•
•
•
•
•
•
•
•

Filesystem (page 386)
Replication (page 386)
Sharding (page 387)
Journaling: MMAPv1 Storage Engine (page 387)
Hardware (page 387)
Deployments to Cloud Hardware (page 387)
Operating System Configuration (page 388)
Backups (page 388)
Monitoring (page 389)
Load Balancing (page 389)

The following checklist, along with the Development (page 389) list, provides recommendations to help you avoid
issues in your production MongoDB deployment.
Filesystem
• Align your disk partitions with your RAID configuration.
• Avoid using NFS drives for your dbPath. Using NFS drives can result in degraded and unstable performance.
See: Remote Filesystems (page 302) for more information.
– VMWare users should use VMWare virtual drives over NFS.
• Linux/Unix: format your drives into XFS or EXT4. If possible, use XFS as it generally performs better with
MongoDB.
– With the WiredTiger storage engine, use of XFS is strongly recommended to avoid performance issues
found when using EXT4 with WiredTiger.
– If using RAID, you may need to configure XFS with your RAID geometry.
• Windows: use the NTFS file system. Do not use any FAT file system (i.e. FAT 16/32/exFAT).
Replication
• Verify that all non-hidden replica set members are identically provisioned in terms of their RAM, CPU, disk,
network setup, etc.
• Configure the oplog size (page 693) to suit your use case:

386

Chapter 8. Administration

MongoDB Documentation, Release 3.2.5

– The replication oplog window should cover normal maintenance and downtime windows to avoid the need
for a full resync.
– The replication oplog window should cover the time needed to restore a replica set member, either by an
initial sync or by restoring from the last backup.
• Ensure that your replica set includes at least three data-bearing nodes with w:majority write concern
(page 179). Three data-bearing nodes are required for replica set-wide data durability.
• Use hostnames when configuring replica set members, rather than IP addresses.
• Ensure full bidirectional network connectivity between all mongod instances.
• Ensure that each host can resolve itself.
• Ensure that your replica set contains an odd number of voting members.
• Ensure that mongod instances have 0 or 1 votes.
• For high availability, deploy your replica set into a minimum of three data centers.
Sharding
• Place your config servers (page 742) on dedicated hardware for optimal performance in large clusters. Ensure
that the hardware has enough RAM to hold the data files entirely in memory and that it has dedicated storage.
• Use NTP to synchronize the clocks on all components of your sharded cluster.
• Ensure full bidirectional network connectivity between mongod, mongos and config servers.
• Use CNAMEs to identify your config servers to the cluster so that you can rename and renumber your config
servers without downtime.
Journaling: MMAPv1 Storage Engine
• Ensure that all instances use journaling (page 606).
• Place the journal on its own low-latency disk for write-intensive workloads. Note that this will affect snapshotstyle backups as the files constituting the state of the database will reside on separate volumes.
Hardware
• Use RAID10 and SSD drives for optimal performance.
• SAN and Virtualization:
– Ensure that each mongod has provisioned IOPS for its dbPath, or has its own physical drive or LUN.
– Avoid dynamic memory features, such as memory ballooning, when running in virtual environments.
– Avoid placing all replica set members on the same SAN, as the SAN can be a single point of failure.
Deployments to Cloud Hardware
• Windows Azure: Adjust the TCP keepalive (tcp_keepalive_time) to 100-120. The default TTL for TCP
connections on Windows Azure load balancers is too slow for MongoDB’s connection pooling behavior.

8.4. Production Checklist

387

MongoDB Documentation, Release 3.2.5

• Use MongoDB version 2.6.4 or later on systems with high-latency storage, such as Windows Azure, as these
versions include performance improvements for those systems. See: Azure Deployment Recommendations122
for more information.
Operating System Configuration
Linux

• Turn off transparent hugepages and defrag. See Transparent Huge Pages Settings (page 319) for more information.
• Adjust the readahead settings (page 303) on the devices storing your database files to suit your use case. If your
working set is bigger that the available RAM, and the document access pattern is random, consider lowering the
readahead to 32 or 16. Evaluate different settings to find an optimal value that maximizes the resident memory
and lowers the number of page faults.
• Use the noop or deadline disk schedulers for SSD drives.
• Use the noop disk scheduler for virtualized drives in guest VMs.
• Disable NUMA or set vm.zone_reclaim_mode to 0 and run mongod instances with node interleaving. See:
MongoDB and NUMA Hardware (page 301) for more information.
• Adjust the ulimit values on your hardware to suit your use case. If multiple mongod or mongos instances
are running under the same user, scale the ulimit values accordingly. See: UNIX ulimit Settings (page 372)
for more information.
• Use noatime for the dbPath mount point.
• Configure sufficient file handles (fs.file-max), kernel pid limit (kernel.pid_max), and maximum
threads per process (kernel.threads-max) for your deployment. For large systems, the following values provide a good starting point:
– fs.file-max value of 98000,
– kernel.pid_max value of 64000, and
– kernel.threads-max value of 64000
• Ensure that your system has swap space configured. Refer to your operating system’s documentation for details
on appropriate sizing.
• Ensure that the system default TCP keepalive is set correctly. A value of 300 often provides better performance
for replica sets and sharded clusters. See: Does TCP keepalive time affect MongoDB Deployments? (page 857)
in the Frequently Asked Questions for more information.
Windows

• Consider disabling NTFS “last access time” updates. This is analogous to disabling atime on Unix-like systems.
Backups
• Schedule periodic tests of your back up and restore process to have time estimates on hand, and to verify its
functionality.
122 https://docs.mongodb.org/ecosystem/platforms/windows-azure

388

Chapter 8. Administration

MongoDB Documentation, Release 3.2.5

Monitoring
• Use MongoDB Cloud Manager123 or Ops Manager, an on-premise solution available in MongoDB Enterprise
Advanced124 or another monitoring system to monitor key database metrics and set up alerts for them. Include
alerts for the following metrics:
– lock percent (for the MMAPv1 storage engine (page 603))
– replication lag
– replication oplog window
– assertions
– queues
– page faults
• Monitor hardware statistics for your servers. In particular, pay attention to the disk use, CPU, and available disk
space.
In the absence of disk space monitoring, or as a precaution:
– Create a dummy 4 GB file on the storage.dbPath drive to ensure available space if the disk becomes
full.
– A combination of cron+df can alert when disk space hits a high-water mark, if no other monitoring tool
is available.
Load Balancing
• Configure load balancers to enable “sticky sessions” or “client affinity”, with a sufficient timeout for existing
connections.
• Avoid placing load balancers between MongoDB cluster or replica set components.

8.4.2 Development
On this page
•
•
•
•
•

Data Durability (page 389)
Schema Design (page 390)
Replication (page 390)
Sharding (page 390)
Drivers (page 390)

The following checklist, along with the Operations Checklist (page 386), provides recommendations to help you avoid
issues in your production MongoDB deployment.
Data Durability
• Ensure that your replica set includes at least three data-bearing nodes with w:majority write concern
(page 179). Three data-bearing nodes are required for replica-set wide data durability.
123 https://cloud.mongodb.com/?jmp=docs
124 https://www.mongodb.com/products/mongodb-enterprise-advanced?jmp=docs

8.4. Production Checklist

389

MongoDB Documentation, Release 3.2.5

• Ensure that all instances use journaling (page 606).
Schema Design
• Ensure that your schema design does not rely on indexed arrays that grow in length without bound. Typically,
best performance can be achieved when such indexed arrays have fewer than 1000 elements.
Replication
• Do not use secondary reads to scale overall read throughput. See: Can I use more replica nodes to scale125 for
an overview of read scaling. For information about secondary reads, see: Read Preference (page 651).
Sharding
• Ensure that your shard key distributes the load evenly on your shards. See: Considerations for Selecting Shard
Keys (page 771) for more information.
• Use targeted queries (page 752) for workloads that need to scale with the number of shards.
• Always read from primary nodes for non-targeted queries that may be sensitive to stale or orphaned data126 .
• Pre-split and manually balance chunks (page 808) when inserting large data sets into a new non-hashed sharded
collection. Pre-splitting and manually balancing enables the insert load to be distributed among the shards,
increasing performance for the initial load.
Drivers
• Make use of connection pooling. Most MongoDB drivers support connection pooling. Adjust the connection
pool size to suit your use case, beginning at 110-115% of the typical number of concurrent database requests.
• Ensure that your applications handle transient write and read errors during replica set elections.
• Ensure that your applications handle failed requests and retry them if applicable. Drivers do not automatically
retry failed requests.
• Use exponential backoff logic for database request retries.
• Use cursor.maxTimeMS() for reads and wtimeout (page 181) for writes if you need to cap execution time
for database operations.

8.4.3 Additional Resources
• MongoDB Production Readiness Consulting Package127
• MongoDB Ops Optimization Consulting Package128

125 http://askasya.com/post/canreplicashelpscaling
126 http://blog.mongodb.org/post/74730554385/background-indexing-on-secondaries-and-orphaned
127 https://www.mongodb.com/products/consulting?jmp=docs#s_product_readiness
128 https://www.mongodb.com/products/consulting?jmp=docs#ops_optimization

390

Chapter 8. Administration

CHAPTER 9

Security

On this page
• Additional Resources (page 514)
Maintaining a secure MongoDB deployment requires administrators to implement controls to ensure that users and
applications have access to only the data that they require. MongoDB provides features that allow administrators to
implement these controls and restrictions for any MongoDB deployment.
If you are already familiar with security and MongoDB security practices, consider the Security Checklist (page 391)
for a collection of recommended actions to protect a MongoDB deployment.

9.1 Security Checklist
On this page
•
•
•
•
•
•
•
•
•
•

Enable Access Control and Enforce Authentication (page 391)
Configure Role-Based Access Control (page 392)
Encrypt Communication (page 392)
Limit Network Exposure (page 392)
Audit System Activity (page 392)
Encrypt and Protect Data (page 392)
Run MongoDB with a Dedicated User (page 392)
Run MongoDB with Secure Configuration Options (page 393)
Request a Security Technical Implementation Guide (where applicable) (page 393)
Consider Security Standards Compliance (page 393)

This documents provides a list of security measures that you should implement to protect your MongoDB installation.

9.1.1 Enable Access Control and Enforce Authentication
Enable access control and specify the authentication mechanism. You can use the default MongoDB authentication
mechanism or an existing external framework. Authentication requires that all clients and servers provide valid credentials before they can connect to the system. In clustered deployments, enable authentication for each MongoDB
server.
See Authentication (page 393) and Enable Client Access Control (page 435).
391

MongoDB Documentation, Release 3.2.5

9.1.2 Configure Role-Based Access Control
Create a user administrator first, then create additional users. Create a unique MongoDB user for each person and
application that accesses the system.
Create roles that define the exact access a set of users needs. Follow a principle of least privilege. Then create users
and assign them only the roles they need to perform their operations. A user can be a person or a client application.
See Role-Based Access Control (page 433) and Manage Users and Roles (page 441), .

9.1.3 Encrypt Communication
Configure MongoDB to use TLS/SSL for all incoming and outgoing connections. Use TLS/SSL to encrypt communication between mongod and mongos components of a MongoDB client as well as between all applications and
MongoDB.
See Configure mongod and mongos for TLS/SSL (page 451).

9.1.4 Limit Network Exposure
Ensure that MongoDB runs in a trusted network environment and limit the interfaces on which MongoDB instances
listen for incoming connections. Allow only trusted clients to access the network interfaces and ports on which
MongoDB instances are available.
See Security Hardening (page 472) and the bindIp setting.

9.1.5 Audit System Activity
Track access and changes to database configurations and data. MongoDB Enterprise1 includes a system auditing
facility that can record system events (e.g. user operations, connection events) on a MongoDB instance. These audit
records permit forensic analysis and allow administrators to verify proper controls.
See Auditing (page 466) and Configure Auditing (page 467).

9.1.6 Encrypt and Protect Data
Encrypt MongoDB data on each host using file-system, device, or physical encryption. Protect MongoDB data using
file-system permissions. MongoDB data includes data files, configuration files, auditing logs, and key files.

9.1.7 Run MongoDB with a Dedicated User
Run MongoDB processes with a dedicated operating system user account. Ensure that the account has permissions to
access data but no unnecessary permissions.
See Install MongoDB (page 21) for more information on running MongoDB.
1 http://www.mongodb.com/products/mongodb-enterprise?jmp=docs

392

Chapter 9. Security

MongoDB Documentation, Release 3.2.5

9.1.8 Run MongoDB with Secure Configuration Options
MongoDB supports the execution of JavaScript code for certain server-side operations: mapReduce, group, and
$where. If you do not use these operations, disable server-side scripting by using the --noscripting option on
the command line.
Use only the MongoDB wire protocol on production deployments.
Do not enable the following, all
of which enable the web server interface: net.http.enabled, net.http.JSONPEnabled, and
net.http.RESTInterfaceEnabled. Leave these disabled, unless required for backwards compatibility.
Deprecated since version 3.2: HTTP interface for MongoDB
Keep input validation enabled. MongoDB enables input validation by default through the wireObjectCheck
setting. This ensures that all documents stored by the mongod instance are valid BSON.
See Security Hardening (page 472) for more information on hardening MongoDB configuration.

9.1.9 Request a Security Technical Implementation Guide (where applicable)
The Security Technical Implementation Guide (STIG) contains security guidelines for deployments within the United
States Department of Defense. MongoDB Inc. provides its STIG, upon request, for situations where it is required.
Please request a copy2 for more information.

9.1.10 Consider Security Standards Compliance
For applications requiring HIPAA or PCI-DSS compliance, please refer to the MongoDB Security Reference Architecture3 to learn more about how you can use the key security capabilities to build compliant application infrastructure.

9.2 Authentication
On this page
•
•
•
•

Authentication Methods (page 393)
Authentication Mechanisms (page 394)
Internal Authentication (page 394)
Authentication on Sharded Clusters (page 394)

Authentication is the process of verifying the identity of a client. When access control, i.e. authorization (page 433),
is enabled, MongoDB requires all clients to authenticate themselves in order to determine their access.
Although authentication and authorization (page 433) are closely connected, authentication is distinct from authorization. Authentication verifies the identity of a user; authorization determines the verified user’s access to resources and
operations.

9.2.1 Authentication Methods
To authenticate a user (page 394), MongoDB provides the db.auth() method.
For the mongo shell and the MongoDB tools, you can also authenticate a user by passing in the user authentication
information from the command line.
2 http://www.mongodb.com/lp/contact/stig-requests
3 http://info.mongodb.com/rs/mongodb/images/MongoDB_Security_Architecture_WP.pdf

9.2. Authentication

393

MongoDB Documentation, Release 3.2.5

9.2.2 Authentication Mechanisms
MongoDB supports a number of authentication mechanisms (page 398) that clients can use to verify their identity.
These mechanisms allow MongoDB to integrate into your existing authentication system.
MongoDB supports multiple authentication mechanisms:
• SCRAM-SHA-1 (page 399)
• MongoDB Challenge and Response (MONGODB-CR) (page 400)
Changed in version 3.0: New challenge-response users created in 3.0 will use SCRAM-SHA-1. If using 2.6 user
data, MongoDB 3.0 will continue to use the MONGODB-CR.
• x.509 Certificate Authentication (page 401).
In addition to supporting the aforementioned mechanisms, MongoDB Enterprise also supports the following mechanisms:
• LDAP proxy authentication (page 406), and
• Kerberos authentication (page 406).

9.2.3 Internal Authentication
In addition to verifying the identity of a client, MongoDB can require members of replica sets and sharded clusters to
authenticate their membership (page 423) to their respective replica set or sharded cluster. See Internal Authentication
(page 423) for more information.

9.2.4 Authentication on Sharded Clusters
In sharded clusters, clients generally authenticate directly to the mongos instances. However, some maintenance
operations may require authenticating directly to a specific shard. For more information on authentication and sharded
clusters, see Sharded Cluster Users (page 395).
Users

On this page
•
•
•
•
•
•

User Management Interface (page 394)
Authentication Database (page 395)
Authenticate a User (page 395)
Centralized User Data (page 395)
Sharded Cluster Users (page 395)
Localhost Exception (page 396)

To authenticate a client in MongoDB, you must add a corresponding user to MongoDB.
User Management Interface

To add a user, MongoDB provides the db.createUser() method. When adding a user, you can assign roles
(page 433) to the user in order to grant privileges.

394

Chapter 9. Security

MongoDB Documentation, Release 3.2.5

Note: The first user created in the database should be a user administrator who has the privileges to manage other
users. See Enable Client Access Control (page 435).
You can also update existing users, such as to change password and grant or revoke roles. For a full list of user
management methods, see user-management-methods.
Authentication Database

When adding a user, you create the user in a specific database. This database is the authentication database for the
user.
A user can have privileges across different databases; i.e. a user’s privileges are not limited to the authentication
database. By assigning to the user roles in other databases, a user created in one database can have permissions to act
on other databases. For more information on roles, see Role-Based Access Control (page 433).
The user’s name and authentication database serve as a unique identifier for that user. That is, if two users have the
same name but are created in different databases, they are two separate users. If you intend to have a single user with
permissions on multiple databases, create a single user with roles in the applicable databases instead of creating the
user multiple times in different databases.
Authenticate a User

To authenticate a user, either
• Use the command line authentication options (e.g. -u, -p, --authenticationDatabase) when connecting to the mongod or mongos instance, or
• Connect first to the mongod or mongos instance, and then run the authenticate command or the
db.auth() method against the authentication database.
To authenticate, the client must authenticate the user against the user’s authentication database.
For instance, if using the mongo shell as a client, you can specify the authentication database for the user with the
--authenticationDatabase option.
Centralized User Data

Changed in version 2.6.
MongoDB stores all user information, including name (page 497), password (page 497), and the user’s
authentication database (page 497), in the system.users (page 497) collection in the admin database.
Do not access this collection directly but instead use the user management commands.
Sharded Cluster Users

To create users for a sharded cluster, connect to the mongos instance and add the users. Clients then authenticate
these users through the mongos instances.
Changed in version 2.6: MongoDB stores these sharded cluster user data in the admin database of the config servers.
Previously, the credentials for authenticating to a database on a sharded cluster resided on the primary shard (page 742)
for that database.

9.2. Authentication

395

MongoDB Documentation, Release 3.2.5

Shard Local Users However, some maintenance operations, such as cleanupOrphaned, compact,
rs.reconfig(), require direct connections to specific shards in a sharded cluster. To perform these operations,
you must connect directly to the shard and authenticate as a shard local administrative user.
To create a shard local administrative user, connect directly to the shard and create the user. MongoDB stores shard
local users in the admin database of the shard itself.
These shard local users are completely independent from the users added to the sharded cluster via mongos. Shard
local users are local to the shard and are inaccessible by mongos.
Direct connections to a shard should only be for shard-specific maintenance and configuration. In general, clients
should connect to the sharded cluster through the mongos.
Localhost Exception

The localhost exception allows you to enable access control and then create the first user in the system. With the
localhost exception, after you enable access control, connect to the localhost interface and create the first user in
the admin database. The first user must have privileges to create other users, such as a user with the userAdmin
(page 488) or userAdminAnyDatabase (page 493) role.
Changed in version 3.0: The localhost exception changed so that these connections only have access to create the first
user on the admin database. In previous versions, connections that gained access using the localhost exception had
unrestricted access to the MongoDB instance.
The localhost exception applies only when there are no users created in the MongoDB instance.
In the case of a sharded cluster, the localhost exception applies to each shard individually as well as to the cluster as
a whole. Once you create a sharded cluster and add a user administrator through the mongos instance, you must still
prevent unauthorized access to the individual shards. Follow one of the following steps for each shard in your cluster:
• Create an administrative user, or
• Disable the localhost exception at startup.
enableLocalhostAuthBypass parameter to 0.

disable

the

localhost

exception,

set

the

On this page

Add Users

• Overview (page 396)
• Prerequisites (page 397)
• Examples (page 397)
– Username/Password Authentication (page 397)
– Kerberos Authentication (page 397)
– LDAP Authentication (page 398)
– x.509 Client Certificate Authentication (page 398)

Overview MongoDB employs role-based access control (RBAC) to determine access for users. A user is granted
one or more roles (page 434) that determine the user’s access or privileges to MongoDB resources (page 498) and the
actions (page 500) that user can perform. A user should have only the minimal set of privileges required to ensure a
system of least privilege.
Each application and user of a MongoDB system should map to a distinct user. This access isolation facilitates access
revocation and ongoing user maintenance.

396

Chapter 9. Security

MongoDB Documentation, Release 3.2.5

Prerequisites If you have enabled access control for your deployment, you can use the localhost exception
(page 396) to create the first user in the system. This first user must have privileges to create other users. As of
MongoDB 3.0, with the localhost exception, you can only create users on the admin database. Once you create
the first user, you must authenticate as that user to add subsequent users. Enable Client Access Control (page 435)
provides more detail about adding users when enabling access control for a deployment.
For routine user creation, you must possess the following permissions:
• To create a new user in a database, you must have the createUser (page 501) action (page 500) on that
database resource (page 499).
• To grant roles to a user, you must have the grantRole (page 502) action (page 500) on the role’s database.
The userAdmin (page 488) and userAdminAnyDatabase (page 493) built-in roles provide createUser
(page 501) and grantRole (page 502) actions on their respective resources (page 498).
Examples To create a user in a MongoDB deployment, you connect to the deployment, and then use the
db.createUser() method or createUser command to add the user.
Username/Password Authentication The following operation creates a user in the reporting database with the
specified name, password, and roles.
use reporting
db.createUser(
{
user: "reportsUser",
pwd: "12345678",
roles: [
{ role: "read", db: "reporting" },
{ role: "read", db: "products" },
{ role: "read", db: "sales" },
{ role: "readWrite", db: "accounts" }
]
}
)

Enable Client Access Control (page 435) provides more details about enforcing authentication for your MongoDB
deployment.
Kerberos Authentication Users that will authenticate to MongoDB using an external authentication mechanism,
such as Kerberos, must be created in the $external database, which allows mongos or mongod to consult an
external source for authentication.
For Kerberos authentication, you must add the Kerberos principal as the username. You do not need to specify a
password.
The following operation adds the Kerberos principal reportingapp@EXAMPLE.NET with read-only access to the
records database.
use $external
db.createUser(
{
user: "reportingapp@EXAMPLE.NET",
roles: [
{ role: "read", db: "records" }
]
}
)

9.2. Authentication

397

MongoDB Documentation, Release 3.2.5

Configure MongoDB with Kerberos Authentication on Linux (page 409) and Configure MongoDB with Kerberos Authentication on Windows (page 412) provide more details about setting up Kerberos authentication for your MongoDB
deployment.
LDAP Authentication Users that will authenticate to MongoDB using an external authentication mechanism, such
as LDAP, must be created in the $external database, which allows mongos or mongod to consult an external
source for authentication.
For LDAP authentication, you must specify a username. You do not need to specify the password, as that is handled
by the LDAP service.
The following operation adds the reporting user with read-only access to the records database.
use $external
db.createUser(
{
user: "reporting",
roles: [
{ role: "read", db: "records" }
]
}
)

Authenticate Using SASL and LDAP with ActiveDirectory (page 417) and Authenticate Using SASL and LDAP with
OpenLDAP (page 420) provide more detail about using authenticating using LDAP.
x.509 Client Certificate Authentication Users that will authenticate to MongoDB using an external authentication
mechanism, such as x.509 Client Certificate Authentication, must be created in the $external database, which
allows mongos or mongod to consult an external source for authentication.
For x.509 Client Certificate authentication, you must add the value of the subject from the client certificate as a
MongoDB user. Each unique x.509 client certificate corresponds to a single MongoDB user. You do not need to
specify a password.

The following operation adds the client certificate subject CN=myName,OU=myOrgUnit,O=myOrg,L=myLocality,ST=myStat
user with read-only access to the records database.
use $external
db.createUser(
{
user: "CN=myName,OU=myOrgUnit,O=myOrg,L=myLocality,ST=myState,C=myCountry",
roles: [
{ role: "read", db: "records" }
]
}
)

Use x.509 Certificates to Authenticate Clients (page 403) provides details about setting up x.509 Client Certificate
authentication for your MongoDB deployment.
Authentication Mechanisms

398

Chapter 9. Security

MongoDB Documentation, Release 3.2.5

On this page
• Default Authentication Mechanism (page 399)
• Specify Authentication Mechanism (page 399)
MongoDB supports the following authentication mechanisms:
• SCRAM-SHA-1 (page 399)
• MongoDB Challenge and Response (MONGODB-CR) (page 400)
Changed in version 3.0: New challenge-response users created in 3.0 will use SCRAM-SHA-1. If using 2.6 user
data, MongoDB 3.0 will continue to use the MONGODB-CR.
• x.509 Certificate Authentication (page 401).
In addition, MongoDB Enterprise also provides supports for additional mechanisms. See Enterprise Authentication
Mechanisms (page 405) for additional mechanisms available in MongoDB Enterprise.
Default Authentication Mechanism

Changed in version 3.0.
MongoDB uses the SCRAM-SHA-1 (page 399) as the default challenge and response authentication mechanism. Previous versions used MONGODB-CR (page 400) as the default.
Specify Authentication Mechanism

To specify the authentication mechanism to use, set the authenticationMechanisms parameter for mongod
and mongos.
Clients specify the authentication mechanism in the db.auth() method. For the mongo shell and the MongoDB
tools, you can also specify the authentication mechanism from the command line.

On this page
SCRAM-SHA-1

• SCRAM-SHA-1 Advantages (page 400)
• SCRAM-SHA-1 and MongoDB-CR User Credentials (page 400)
• Additional Information (page 400)

New in version 3.0.
SCRAM-SHA-1 is the default authentication mechanism for MongoDB. SCRAM-SHA-1 is an IETF standard, RFC
58024 , that defines best practice methods for implementation of challenge-response mechanisms for authenticating
users with passwords.
SCRAM-SHA-1 verifies the supplied user credentials against the user’s name (page 497), password (page 497) and
authentication database (page 497). The authentication database is the database where the user was created,
and together with the user’s name, serves to identify the user.
Note: A driver upgrade is necessary to use the SCRAM-SHA-1 authentication mechanism if your current driver
version does not support SCRAM-SHA-1. See required driver versions (page 958) for details.
4 https://tools.ietf.org/html/rfc5802

9.2. Authentication

399

MongoDB Documentation, Release 3.2.5

SCRAM-SHA-1 Advantages MongoDB’s implementation of SCRAM-SHA-1 represents an improvement in security over the previously-used MONGODB-CR, providing:
• A tunable work factor (iterationCount),
• Per-user random salts rather than server-wide salts,
• A cryptographically stronger hash function (SHA-1 rather than MD5), and
• Authentication of the server to the client as well as the client to the server.
SCRAM-SHA-1 and MongoDB-CR User Credentials SCRAM-SHA-1 is the default mechanism for MongoDB
versions beginning with the 3.0 series. However, if you are upgrading a MongoDB 2.6 instances that already have users
credentials, MongoDB will continue to use MONGODB-CR for challenge-response authentication until you upgrade the
authentication schema.
Even when using the MONGODB-CR authentication mechanism, clients and drivers that support MongoDB 3.0 features
(see Driver Compatibility Changes (page 950)) will use the SCRAM communication protocol. That is, MONGODB-CR
authentication mechanism also implies SCRAM-SHA-1 (page 399).
For details on upgrading the authentication schema model to SCRAM-SHA-1, see Upgrade to SCRAM-SHA-1
(page 957).
Warning: The procedure to upgrade to SCRAM-SHA-1 discards the MONGODB-CR credentials used by 2.6. As
such, the procedure is irreversible, short of restoring from backups.
The procedure also disables MONGODB-CR as an authentication mechanism.

Additional Information
• Blog Post: Improved Password-Based Authentication in MongoDB 3.0: SCRAM Explained (Part 1)5
• Blog Post: Improved Password-Based Authentication in MongoDB 3.0: SCRAM Explained (Part 2)6

On this page
MONGODB-CR

• MONGODB-CR and SCRAM-SHA-1 (page 400)

MONGODB-CR is a challenge-response mechanism that authenticates users through passwords. MONGODB-CR verifies supplied user credentials against the user’s name (page 497), password (page 497) and authentication
database (page 497). The authentication database is the database where the user was created, and the user’s database
and the user’s name together serve to identify the user.
MONGODB-CR and SCRAM-SHA-1 Changed in version 3.0.
MongoDB no longer defaults to MONGODB-CR and instead uses SCRAM-SHA-1 as the default authentication mechanism.
Even when using the MONGODB-CR authentication mechanism, clients and drivers that support MongoDB 3.0 features
(see Driver Compatibility Changes (page 950)) will use the SCRAM communication protocol. That is, MONGODB-CR
authentication mechanism also implies SCRAM-SHA-1 (page 399).
5 https://www.mongodb.com/blog/post/improved-password-based-authentication-mongodb-30-scram-explained-part-1?jmp=docs
6 https://www.mongodb.com/blog/post/improved-password-based-authentication-mongodb-30-scram-explained-part-2?jmp=docs

400

Chapter 9. Security

MongoDB Documentation, Release 3.2.5

On this page
x.509

• Certificate Authority (page 401)
• Client x.509 Certificates (page 401)
• Member x.509 Certificates (page 402)

New in version 2.6.
MongoDB supports x.509 certificate authentication for client authentication and internal authentication of the members
of replica sets and sharded clusters.
x.509 certificate authentication requires a secure TLS/SSL connection (page 451).
Certificate Authority For production use, your MongoDB deployment should use valid certificates generated and
signed by a single certificate authority. You or your organization can generate and maintain an independent certificate
authority, or use certificates generated by a third-party SSL vendor. Obtaining and managing certificates is beyond the
scope of this documentation.
Client x.509 Certificates To authenticate to servers, clients can use x.509 certificates instead of usernames and
passwords.
Client Certificate Requirements The client certificate must have the following properties:
• A single Certificate Authority (CA) must issue the certificates for both the client and the server.
• Client certificates must contain the following fields:
keyUsage = digitalSignature
extendedKeyUsage = clientAuth

• Each unique MongoDB user must have a unique certificate.
• A client x.509 certificate’s subject, which contains the Distinguished Name (DN), must differ from that of a
Member x.509 Certificate (page 430). Specifically, the subjects must differ with regards to at least one of the
following attributes: Organization (O), the Organizational Unit (OU) or the Domain Component (DC).
Warning: If a client x.509 certificate’s subject has the same O, OU, and DC combination as the Member
x.509 Certificate (page 430), the client will be identified as a cluster member and granted full permission on
the system.

MongoDB User and $external Database To authenticate with a client certificate, you must first add the value
of the subject from the client certificate as a MongoDB user. Each unique x.509 client certificate corresponds to a
single MongoDB user; i.e. you cannot use a single client certificate to authenticate more than one MongoDB user.
Add the user in the $external database; i.e. the Authentication Database (page 395) is the $external database
Authenticate To authenticate using x.509 client certificate, connect to MongoDB over TLS/SSL connection; i.e.
include the --ssl and --sslPEMKeyFile command line options.
Then in the $external database, use db.auth() to authenticate the user corresponding to the client certificate
(page 401).
For an example, see Use x.509 Certificates to Authenticate Clients (page 403)

9.2. Authentication

401

MongoDB Documentation, Release 3.2.5

Member x.509 Certificates For internal authentication, members of sharded clusters and replica sets can use x.509
certificates instead of keyfiles, which use MONGODB-CR (page 400) authentication mechanism.
Member Certificate Requirements The member certificate, used for internal authentication to verify membership
to the sharded cluster or a replica set, must have the following properties:
• A single Certificate Authority (CA) must issue all the x.509 certificates for the members of a sharded cluster or
a replica set.
• The Distinguished Name (DN), found in the member certificate’s subject, must specify a non-empty value
for at least one of the following attributes: Organization (O), the Organizational Unit (OU) or the Domain
Component (DC).
• The Organization attributes (O‘s), the Organizational Unit attributes (OU‘s), and the Domain Components (DC‘s)
must match those from the certificates for the other cluster members. To match, the certificate must match all
specifications of these attributes, or even the non-specification of these attributes. The order of the attributes
does not matter.
In the following example, the two DN‘s contain matching specifications for O, OU as well as the non-specification
of the DC attribute.
CN=host1,OU=Dept1,O=MongoDB,ST=NY,C=US
C=US, ST=CA, O=MongoDB, OU=Dept1, CN=host2

However, the following two DN‘s contain a mismatch for the OU attribute since one contains two OU specifications and the other, only one specification.
CN=host1,OU=Dept1,OU=Sales,O=MongoDB
CN=host2,OU=Dept1,O=MongoDB

• Either the Common Name (CN) or one of the Subject Alternative Name (SAN) entries must match the hostname
of the server, used by the other members of the cluster.
For example, the certificates for a cluster could have the following subjects:
subject= CN=,OU=Dept1,O=MongoDB,ST=NY,C=US
subject= CN=,OU=Dept1,O=MongoDB,ST=NY,C=US
subject= CN=,OU=Dept1,O=MongoDB,ST=NY,C=US

• If the certificate includes the Extended Key Usage (extendedKeyUsage) setting, the value must include
clientAuth (“TLS Web Client Authentication”).
extendedKeyUsage = clientAuth

402

Chapter 9. Security

MongoDB Documentation, Release 3.2.5

If no clusterFile certificate is specified for internal member authentication, MongoDB will attempt to use the
PEMKeyFile certificate for member authentication. In order to use PEMKeyFile certificate for internal authentication as well as for client authentication, then the PEMKeyFile certificate must either:
• Omit extendedKeyUsage or
• Specify extendedKeyUsage values that include clientAuth in addition to serverAuth.
For an example of x.509 internal authentication, see Use x.509 Certificate for Membership Authentication (page 430).

On this page
Use x.509 Certificates to Authenticate Clients

• Prerequisites (page 403)
• Procedures (page 403)

New in version 2.6.
MongoDB supports x.509 certificate authentication for use with a secure TLS/SSL connection (page 451). The x.509
client authentication allows clients to authenticate to servers with certificates (page 403) rather than with a username
and password.
To use x.509 authentication for the internal authentication of replica set/sharded cluster members, see Use x.509
Certificate for Membership Authentication (page 430).
Prerequisites
Important: A full description of TLS/SSL, PKI (Public Key Infrastructure) certificates, in particular x.509 certificates, and Certificate Authority is beyond the scope of this document. This tutorial assumes prior knowledge of
TLS/SSL as well as access to valid x.509 certificates.

Certificate Authority For production use, your MongoDB deployment should use valid certificates generated and
signed by a single certificate authority. You or your organization can generate and maintain an independent certificate
authority, or use certificates generated by a third-party SSL vendor. Obtaining and managing certificates is beyond the
scope of this documentation.
Client x.509 Certificate The client certificate must have the following properties:
• A single Certificate Authority (CA) must issue the certificates for both the client and the server.
• Client certificates must contain the following fields:
keyUsage = digitalSignature
extendedKeyUsage = clientAuth

Procedures
9.2. Authentication

403

MongoDB Documentation, Release 3.2.5

Configure MongoDB Server
Use Command-line Options You can configure the MongoDB server from the command line, e.g.:

mongod --clusterAuthMode x509 --sslMode requireSSL --sslPEMKeyFile
CAFile:

For backwards compatibility, you can also specify the configuration using the older configuration file format7 , e.g.:
clusterAuthMode = x509
sslMode = requireSSL
sslPEMKeyFile =
sslCAFile =

Include any additional options, TLS/SSL or otherwise, that are required for your specific configuration.
Add x.509 Certificate subject as a User To authenticate with a client certificate, you must first add the value of
the subject from the client certificate as a MongoDB user. Each unique x.509 client certificate corresponds to a
single MongoDB user; i.e. you cannot use a single client certificate to authenticate more than one MongoDB user.
Note: The RDNs in the subject string must be compatible with the RFC22538 standard.
1. You can retrieve the RFC2253 formatted subject from the client certificate with the following command:
openssl x509 -in -inform PEM -subject -nameopt RFC2253

The command returns the subject string as well as certificate:
subject= CN=myName,OU=myOrgUnit,O=myOrg,L=myLocality,ST=myState,C=myCountry
-----BEGIN CERTIFICATE----# ...
-----END CERTIFICATE-----

2. Add the RFC2253 compliant value of the subject as a user. Omit spaces as needed.
For example, in the mongo shell, to add the user with both the readWrite role in the test database and the
userAdminAnyDatabase role which is defined only in the admin database:
7 https://docs.mongodb.org/v2.4/reference/configuration-options
8 https://www.ietf.org/rfc/rfc2253.txt

404

Chapter 9. Security

MongoDB Documentation, Release 3.2.5

db.getSiblingDB("$external").runCommand(
{
createUser: "CN=myName,OU=myOrgUnit,O=myOrg,L=myLocality,ST=myState,C=myCountry",
roles: [
{ role: 'readWrite', db: 'test' },
{ role: 'userAdminAnyDatabase', db: 'admin' }
],
writeConcern: { w: "majority" , wtimeout: 5000 }
}
)

In the above example, to add the user with the readWrite role in the test database, the role specification
document specified ’test’ in the db field. To add userAdminAnyDatabase role for the user, the above
example specified ’admin’ in the db field.
Note:
Some roles are defined only in the admin database, including: clusterAdmin,
readAnyDatabase,
readWriteAnyDatabase,
dbAdminAnyDatabase,
and
userAdminAnyDatabase. To add a user with these roles, specify ’admin’ in the db.
See Manage Users and Roles (page 441) for details on adding a user with roles.
Authenticate with a x.509 Certificate To authenticate with a client certificate, you must first add a MongoDB user
that corresponds to the client certificate. See Add x.509 Certificate subject as a User (page 404).
To authenticate, use the db.auth() method in the $external database, specifying "MONGODB-X509" for the
mechanism field, and the user that corresponds to the client certificate (page 404) for the user field.
For example, if using the mongo shell,
1. Connect mongo shell to the mongod set up for SSL:

mongo --ssl --sslPEMKeyFile --sslCAFile @

For every user you want to authenticate using Kerberos, you must create a corresponding user in MongoDB in the
$external database.
For examples of adding a user to MongoDB as well as authenticating as that user, see Configure MongoDB with
Kerberos Authentication on Linux (page 409) and Configure MongoDB with Kerberos Authentication on Windows
(page 412).
See also:
Manage Users and Roles (page 441) for general information regarding creating and managing users in MongoDB.
Service Principal Every MongoDB mongod and mongos instance (or mongod.exe or mongos.exe on Windows) must have an associated service principal. Service principal names have the form:
/@

For MongoDB, the defaults to mongodb. For example, if m1.example.com is a MongoDB server,
and example.com maintains the EXAMPLE.COM Kerberos realm, then m1 should have the service principal name
mongodb/m1.example.com@EXAMPLE.COM.
To specify a different value for , use serviceName during the start up of mongod or mongos (or
mongod.exe or mongos.exe). mongo shell or other clients may also specify a different service principal name
using serviceName.
Service principal names must be reachable over the network using the fully qualified domain name (FQDN) part of its
service principal name.
By default, Kerberos attempts to identify hosts using the /etc/kerb5.conf file before using DNS to resolve hosts.
On Windows, if running MongoDB as a service, see Assign Service Principal Name to MongoDB Windows Service
(page 414).
Linux Keytab Files Linux systems can store Kerberos authentication keys for a service principal (page 407) in
keytab files. Each Kerberized mongod and mongos instance running on Linux must have access to a keytab file
containing keys for its service principal (page 407).
To keep keytab files secure, use file permissions that restrict access to only the user that runs the mongod or mongos
process.

9.2. Authentication

407

MongoDB Documentation, Release 3.2.5

Tickets On Linux, MongoDB clients can use Kerberos’s kinit program to initialize a credential cache for authenticating the user principal to servers.
Windows Active Directory Unlike on Linux systems, mongod and mongos instances running on Windows do
not require access to keytab files. Instead, the mongod and mongos instances read their server credentials from a
credential store specific to the operating system.
However, from the Windows Active Directory, you can export a keytab file for use on Linux systems. See Ktpass11
for more information.
Authenticate With Kerberos To configure MongoDB for Kerberos support and authenticate, see Configure MongoDB with Kerberos Authentication on Linux (page 409) and Configure MongoDB with Kerberos Authentication on
Windows (page 412).
Operational Considerations
The HTTP Console The MongoDB HTTP Console12 interface does not support Kerberos authentication.
Deprecated since version 3.2: HTTP interface for MongoDB
DNS Each host that runs a mongod or mongos instance must have both A and PTR DNS records to provide forward
and reverse lookup.
Without A and PTR DNS records, the host cannot resolve the components of the Kerberos domain or the Key Distribution Center (KDC).
System Time Synchronization To successfully authenticate, the system time for each mongod and mongos instance must be within 5 minutes of the system time of the other hosts in the Kerberos infrastructure.
Kerberized MongoDB Environments
Driver Support The following MongoDB drivers support Kerberos authentication:
• C13
• C++14
• Java15
• C#16
• Node.js17
• PHP18
• Python19
11 http://technet.microsoft.com/en-us/library/cc753771.aspx
12 https://docs.mongodb.org/ecosystem/tools/http-interfaces/#http-console
13 https://api.mongodb.org/c/current/authentication.html#kerberos
14 https://docs.mongodb.org/ecosystem/tutorial/authenticate-with-cpp-driver/
15 https://docs.mongodb.org/ecosystem/tutorial/authenticate-with-java-driver/
16 http://mongodb.github.io/mongo-csharp-driver/2.0/reference/driver/authentication/#gssapi-kerberos
17 http://mongodb.github.io/node-mongodb-native/2.0/tutorials/enterprise_features/
18 http://php.net/manual/en/mongoclient.construct.php
19 http://api.mongodb.org/python/current/examples/authentication.html

408

Chapter 9. Security

MongoDB Documentation, Release 3.2.5

• Ruby20
Use with Additional MongoDB Authentication Mechanism Although MongoDB supports the use of Kerberos authentication with other authentication mechanisms, only add the other mechanisms as necessary. See
the Incorporate Additional Authentication Mechanisms section in Configure MongoDB with Kerberos Authentication on Linux (page 409) and Configure MongoDB with Kerberos Authentication on Windows
(page 412) for details.

On this page
Configure MongoDB with Kerberos Authentication on Linux

•
•
•
•
•

Overview (page 409)
Prerequisites (page 409)
Procedure (page 409)
Additional Considerations (page 411)
Additional Resources (page 412)

New in version 2.4.
Overview MongoDB Enterprise supports authentication using a Kerberos service (page 406). Kerberos is an industry standard authentication protocol for large client/server system.
Prerequisites Setting up and configuring a Kerberos deployment is beyond the scope of this document. This tutorial
assumes you have configured a Kerberos service principal (page 407) for each mongod and mongos instance in your
MongoDB deployment, and you have a valid keytab file (page 407) for for each mongod and mongos instance.
To verify MongoDB Enterprise binaries:
mongod --version

In the output from this command, look for the string modules:
to confirm your system has MongoDB Enterprise.

subscription or modules:

enterprise

Procedure The following procedure outlines the steps to add a Kerberos user principal to MongoDB, configure
a standalone mongod instance for Kerberos support, and connect using the mongo shell and authenticate the user
principal.
Step 1: Start mongod without Kerberos.
support.

For the initial addition of Kerberos users, start mongod without Kerberos

If a Kerberos user is already in MongoDB and has the privileges required to create a user, you can start mongod with
Kerberos support.
Step 2: Connect to mongod. Connect via the mongo shell to the mongod instance. If mongod has --auth
enabled, ensure you connect with the privileges required to create a user.
20 https://docs.mongodb.org/ecosystem/tutorial/ruby-driver-tutorial/#gssapi-kerberos-mechanism

9.2. Authentication

409

MongoDB Documentation, Release 3.2.5

Step 3: Add Kerberos Principal(s) to MongoDB. Add a Kerberos principal, @ or /@, to MongoDB in the $external database.
Specify the Kerberos realm in all uppercase. The $external database allows mongod to consult an external source
(e.g. Kerberos) to authenticate. To specify the user’s privileges, assign roles (page 433) to the user.
The following example adds the Kerberos principal application/reporting@EXAMPLE.NET with read-only
access to the records database:
use $external
db.createUser(
{
user: "application/reporting@EXAMPLE.NET",
roles: [ { role: "read", db: "records" } ]
}
)

Add additional principals as needed. For every user you want to authenticate using Kerberos, you must
create a corresponding user in MongoDB. For more information about creating and managing users, see
https://docs.mongodb.org/manual/reference/command/nav-user-management.
Step 4: Start mongod with Kerberos support. To start mongod with Kerberos support, set the environmental
variable KRB5_KTNAME to the path of the keytab file and the mongod parameter authenticationMechanisms
to GSSAPI in the following form:
env KRB5_KTNAME= \
mongod \
--setParameter authenticationMechanisms=GSSAPI

For example, the following starts a standalone mongod instance with Kerberos support:
env KRB5_KTNAME=/opt/mongodb/mongod.keytab \
/opt/mongodb/bin/mongod --auth \
--setParameter authenticationMechanisms=GSSAPI \
--dbpath /opt/mongodb/data

The path to your mongod as well as your keytab file (page 407) may differ. Modify or include additional mongod
options as required for your configuration. The keytab file (page 407) must be only accessible to the owner of the
mongod process.
With the official .deb or .rpm packages, you can set the KRB5_KTNAME in a environment settings file. See
KRB5_KTNAME (page 411) for details.
Step 5: Connect mongo shell to mongod and authenticate. Connect the mongo shell client as the Kerberos principal application/reporting@EXAMPLE.NET. Before connecting, you must have used Kerberos’s kinit
program to get credentials for application/reporting@EXAMPLE.NET.
You can connect and authenticate from the command line.
mongo --authenticationMechanism=GSSAPI --authenticationDatabase='$external' \
--username application/reporting@EXAMPLE.NET

Or, alternatively, you can first connect mongo to the mongod, and then from the mongo shell, use the db.auth()
method to authenticate in the $external database.
use $external
db.auth( { mechanism: "GSSAPI", user: "application/reporting@EXAMPLE.NET" } )

410

Chapter 9. Security

MongoDB Documentation, Release 3.2.5

Additional Considerations
KRB5_KTNAME If you installed MongoDB Enterprise using one of the official .deb or .rpm packages, and you
use the included init/upstart scripts to control the mongod instance, you can set the KR5_KTNAME variable in the
default environment settings file instead of setting the variable each time.
For .rpm packages, the default environment settings file is /etc/sysconfig/mongod.
For .deb packages, the file is /etc/default/mongodb.
Set the KRB5_KTNAME value in a line that resembles the following:
export KRB5_KTNAME=""

Configure mongos for Kerberos To start mongos with Kerberos support, set the environmental variable KRB5_KTNAME to the path of its keytab file (page 407) and the mongos parameter
authenticationMechanisms to GSSAPI in the following form:
env KRB5_KTNAME= \
mongos \
--setParameter authenticationMechanisms=GSSAPI \

For example, the following starts a mongos instance with Kerberos support:
env KRB5_KTNAME=/opt/mongodb/mongos.keytab \
mongos \
--setParameter authenticationMechanisms=GSSAPI \
--configdb shard0.example.net, shard1.example.net,shard2.example.net \
--keyFile /opt/mongodb/mongos.keyfile

The path to your mongos as well as your keytab file (page 407) may differ. The keytab file (page 407) must be only
accessible to the owner of the mongos process.
Modify or include any additional mongos options as required for your configuration. For example, instead of using --keyFile for internal authentication of sharded cluster members, you can use x.509 member authentication
(page 430) instead.
Use a Config File To configure mongod or mongos for Kerberos support using a configuration file,
specify the authenticationMechanisms setting in the configuration file:
If using the YAML configuration file format:
setParameter:
authenticationMechanisms: GSSAPI

Or, if using the older .ini configuration file format:
setParameter=authenticationMechanisms=GSSAPI

Modify or include any additional mongod options as required for your configuration. For example, if
/opt/mongodb/mongod.conf contains the following configuration settings for a standalone mongod:
security:
authorization: enabled
setParameter:
authenticationMechanisms: GSSAPI
storage:
dbPath: /opt/mongodb/data

9.2. Authentication

411

MongoDB Documentation, Release 3.2.5

Or, if using the older configuration file format21 :
auth = true
setParameter=authenticationMechanisms=GSSAPI
dbpath=/opt/mongodb/data

To start mongod with Kerberos support, use the following form:
env KRB5_KTNAME=/opt/mongodb/mongod.keytab \
/opt/mongodb/bin/mongod --config /opt/mongodb/mongod.conf

The path to your mongod, keytab file (page 407), and configuration file may differ. The keytab file (page 407) must
be only accessible to the owner of the mongod process.
Troubleshoot Kerberos Setup for MongoDB If you encounter problems when starting mongod or mongos with
Kerberos authentication, see Troubleshoot Kerberos Authentication (page 414).
Incorporate Additional Authentication Mechanisms Kerberos authentication (GSSAPI (page 406) (Kerberos))
can work alongside MongoDB’s challenge/response authentication mechanisms (SCRAM-SHA-1 (page 399) and
MONGODB-CR (page 400)), MongoDB’s authentication mechanism for LDAP (PLAIN (page 406) (LDAP SASL)),
and MongoDB’s authentication mechanism for x.509 ( MONGODB-X509 (page 401)). Specify the mechanisms as
follows:
--setParameter authenticationMechanisms=GSSAPI,SCRAM-SHA-1

Only add the other mechanisms if in use. This parameter setting does not affect MongoDB’s internal authentication of
cluster members.
Additional Resources
• MongoDB LDAP and Kerberos Authentication with Dell (Quest) Authentication Services22
• MongoDB with Red Hat Enterprise Linux Identity Management and Kerberos23

On this page
Configure MongoDB with Kerberos Authentication on Windows

•
•
•
•

Overview (page 412)
Prerequisites (page 412)
Procedures (page 413)
Additional Considerations (page 414)

New in version 2.6.
Overview MongoDB Enterprise supports authentication using a Kerberos service (page 406). Kerberos is an industry standard authentication protocol for large client/server system. Kerberos allows MongoDB and applications to take
advantage of existing authentication infrastructure and processes.
Prerequisites Setting up and configuring a Kerberos deployment is beyond the scope of this document. This tutorial
assumes have configured a Kerberos service principal (page 407) for each mongod.exe and mongos.exe instance.
21 https://docs.mongodb.org/v2.4/reference/configuration-options
22 https://www.mongodb.com/blog/post/mongodb-ldap-and-kerberos-authentication-dell-quest-authentication-services?jmp=docs
23 http://docs.mongodb.org/ecosystem/tutorial/manage-red-hat-enterprise-linux-identity-management?jmp=docs

412

Chapter 9. Security

MongoDB Documentation, Release 3.2.5

Procedures
Step 1: Start mongod.exe without Kerberos. For the initial addition of Kerberos users, start mongod.exe
without Kerberos support.
If a Kerberos user is already in MongoDB and has the privileges required to create a user, you can start mongod.exe
with Kerberos support.
Step 2: Connect to mongod. Connect via the mongo.exe shell to the mongod.exe instance. If mongod.exe
has --auth enabled, ensure you connect with the privileges required to create a user.
Step 3: Add Kerberos Principal(s) to MongoDB. Add a Kerberos principal, @, to MongoDB in the $external database. Specify the Kerberos realm in ALL UPPERCASE. The
$external database allows mongod.exe to consult an external source (e.g. Kerberos) to authenticate. To specify
the user’s privileges, assign roles (page 433) to the user.
The following example adds the Kerberos principal reportingapp@EXAMPLE.NET with read-only access to the
records database:
use $external
db.createUser(
{
user: "reportingapp@EXAMPLE.NET",
roles: [ { role: "read", db: "records" } ]
}
)

Add additional principals as needed. For every user you want to authenticate using Kerberos, you must
create a corresponding user in MongoDB. For more information about creating and managing users, see
https://docs.mongodb.org/manual/reference/command/nav-user-management.
Step 4: Start mongod.exe with Kerberos support. You must start mongod.exe as the service principal account (page 414).
To start mongod.exe with Kerberos support, set the mongod.exe parameter authenticationMechanisms
to GSSAPI:
mongod.exe --setParameter authenticationMechanisms=GSSAPI

For example, the following starts a standalone mongod.exe instance with Kerberos support:
mongod.exe --auth --setParameter authenticationMechanisms=GSSAPI

Modify or include additional mongod.exe options as required for your configuration.
Step 5: Connect mongo.exe shell to mongod.exe and authenticate.
the Kerberos principal application@EXAMPLE.NET.

Connect the mongo.exe shell client as

You can connect and authenticate from the command line.
mongo.exe --authenticationMechanism=GSSAPI --authenticationDatabase='$external' \
--username reportingapp@EXAMPLE.NET

Or, alternatively, you can first connect mongo.exe to the mongod.exe, and then from the mongo.exe shell, use
the db.auth() method to authenticate in the $external database.

9.2. Authentication

413

MongoDB Documentation, Release 3.2.5

use $external
db.auth( { mechanism: "GSSAPI", user: "reportingapp@EXAMPLE.NET" } )

Additional Considerations
Configure mongos.exe for Kerberos To start mongos.exe with Kerberos support, set the mongos.exe parameter authenticationMechanisms to GSSAPI. You must start mongos.exe as the service principal account (page 414).:
mongos.exe --setParameter authenticationMechanisms=GSSAPI

For example, the following starts a mongos instance with Kerberos support:

mongos.exe --setParameter authenticationMechanisms=GSSAPI --configdb shard0.example.net, shard1.examp

Modify or include any additional mongos.exe options as required for your configuration. For example, instead of
using --keyFile for internal authentication of sharded cluster members, you can use x.509 member authentication
(page 430) instead.
Assign Service Principal Name to MongoDB Windows Service Use setspn.exe to assign the service principal
name (SPN) to the account running the mongod.exe and the mongos.exe service:
setspn.exe -A /

For example, if mongod.exe runs as a service named mongodb on testserver.mongodb.com with the service account name mongodtest, assign the SPN as follows:
setspn.exe -A mongodb/testserver.mongodb.com mongodtest

Incorporate Additional Authentication Mechanisms Kerberos authentication (GSSAPI (page 406) (Kerberos))
can work alongside MongoDB’s challenge/response authentication mechanisms (SCRAM-SHA-1 (page 399) and
MONGODB-CR (page 400)), MongoDB’s authentication mechanism for LDAP (PLAIN (page 406) (LDAP SASL)),
and MongoDB’s authentication mechanism for x.509 ( MONGODB-X509 (page 401)). Specify the mechanisms as
follows:
--setParameter authenticationMechanisms=GSSAPI,SCRAM-SHA-1

Only add the other mechanisms if in use. This parameter setting does not affect MongoDB’s internal authentication of
cluster members.

On this page
Troubleshoot Kerberos Authentication

• Kerberos Configuration Checklist (page 415)
• Debug with More Verbose Logs on Linux (page 415)
• Common Error Messages (page 415)

New in version 2.4.

414

Chapter 9. Security

MongoDB Documentation, Release 3.2.5

Kerberos Configuration Checklist If you have difficulty starting mongod or mongos with Kerberos (page 406),
ensure that:
• The mongod and the mongos binaries are from MongoDB Enterprise.
To verify MongoDB Enterprise binaries:
mongod --version

In the output from this command, look for the string modules:
enterprise to confirm your system has MongoDB Enterprise.

subscription or modules:

• You are not using the HTTP Console24 . MongoDB Enterprise does not support Kerberos authentication over the
HTTP Console interface.
• On Linux, either the service principal name (SPN) in the keytab file (page 407) matches the SPN for
the mongod or mongos instance, or the mongod or the mongos instance use the --setParameter
saslHostName= to match the name in the keytab file.
• The canonical system hostname of the system that runs the mongod or mongos instance is a resolvable, fully
qualified domain for this host. You can test the system hostname resolution with the hostname -f command
at the system prompt.
• Each host that runs a mongod or mongos instance has both the A and PTR DNS records to provide forward
and reverse lookup. The records allow the host to resolve the components of the Kerberos infrastructure.
• Both the Kerberos Key Distribution Center (KDC) and the system running mongod instance or mongos must
be able to resolve each other using DNS. By default, Kerberos attempts to resolve hosts using the content of the
/etc/kerb5.conf before using DNS to resolve hosts.
• The time synchronization of the systems running mongod or the mongos instances and the Kerberos infrastructure are within the maximum time skew (default is 5 minutes) of each other. Time differences greater than
the maximum time skew will prevent successful authentication.
Debug with More Verbose Logs on Linux If you still encounter problems with Kerberos on Linux, you can start
both mongod and mongo (or another client) with the environment variable KRB5_TRACE set to different files to
produce more verbose logging of the Kerberos process to help further troubleshooting. For example, the following
starts a standalone mongod with KRB5_TRACE set:
env KRB5_KTNAME=/opt/mongodb/mongod.keytab \
KRB5_TRACE=/opt/mongodb/log/mongodb-kerberos.log \
/opt/mongodb/bin/mongod --dbpath /opt/mongodb/data \
--fork --logpath /opt/mongodb/log/mongod.log \
--auth --setParameter authenticationMechanisms=GSSAPI

Common Error Messages In some situations, MongoDB will return error messages from the GSSAPI interface if
there is a problem with the Kerberos service. Some common error messages are:
GSSAPI error in client while negotiating security context. This error occurs on the
client and reflects insufficient credentials or a malicious attempt to authenticate.
If you receive this error, ensure that you are using the correct credentials and the correct fully qualified domain
name when connecting to the host.
GSSAPI error acquiring credentials. This error occurs during the start of the mongod or mongos
and reflects improper configuration of the system hostname or a missing or incorrectly configured keytab file.
24 https://docs.mongodb.org/ecosystem/tools/http-interface/#http-console

9.2. Authentication

415

MongoDB Documentation, Release 3.2.5

If you encounter this problem, consider the items in the Kerberos Configuration Checklist (page 415), in particular, whether the SPN in the keytab file (page 407) matches the SPN for the mongod or mongos instance.
To determine whether the SPNs match:
1. Examine the keytab file, with the following command:
klist -k

Replace with the path to your keytab file.
2. Check the configured hostname for your system, with the following command:
hostname -f

Ensure that this name matches the name in the keytab file, or start mongod or mongos with the
--setParameter saslHostName=.
See also:
• Kerberos Authentication (page 406)
• Configure MongoDB with Kerberos Authentication on Linux (page 409)
• Configure MongoDB with Kerberos Authentication on Windows (page 412)
Additional Resources
• MongoDB LDAP and Kerberos Authentication with Dell (Quest) Authentication Services25
• MongoDB with Red Hat Enterprise Linux Identity Management and Kerberos26

On this page
LDAP Proxy Authority Authentication

•
•
•
•

Considerations (page 416)
MongoDB Configuration (page 417)
LDAP User (page 417)
Additional Information (page 417)

MongoDB Enterprise27 supports proxy authentication through a Lightweight Directory Access Protocol (LDAP) service.
Considerations MongoDB Enterprise for Windows does not include LDAP support for authentication. However,
MongoDB Enterprise for Linux supports using LDAP authentication with an ActiveDirectory server.
MongoDB does not support LDAP authentication in mixed sharded cluster deployments that contain both version 2.4
and version 2.6 shards. See Upgrade MongoDB to 2.6 (page 1010) for upgrade instructions.
Use secure encrypted or trusted connections between clients and the server, as well as between saslauthd and the
LDAP server. The LDAP server uses the SASL PLAIN mechanism, sending and receiving data in plain text. You
should use only a trusted channel such as a VPN, a connection encrypted with TLS/SSL, or a trusted wired network.
25 https://www.mongodb.com/blog/post/mongodb-ldap-and-kerberos-authentication-dell-quest-authentication-services?jmp=docs
26 http://docs.mongodb.org/ecosystem/tutorial/manage-red-hat-enterprise-linux-identity-management?jmp=docs
27 http://www.mongodb.com/products/mongodb-enterprise?jmp=docs

416

Chapter 9. Security

MongoDB Documentation, Release 3.2.5

MongoDB Configuration To configure the MongoDB server to use LDAP authentication mechanism, use the following command line options:
• --auth to enable access control,
• --authenticationMechanisms set to PLAIN, and
• --saslauthdPath parameter set to the path to the Unix-domain Socket of the saslauthd instance.
Or, if using the YAML configuration file, use the following settings:
• security.authorization set to enabled,
• setParameter.authenticationMechanisms set to PLAIN, and
• setParameter.saslauthdPath set to the path to the Unix-domain Socket of the saslauthd instance.
LDAP User In order to authenticate a user with the LDAP authentication mechanism, add a corresponding user
(page 394) to the $external database. You do not need to save the user’s password in MongoDB.
The $external database is the authentication database (page 395) for the LDAP user. To authenticate the LDAP
user, you must authenticate against the $external database. When authenticating, specify PLAIN for the authentication mechanism .
LDAP authentication requires that MongoDB forward the user’s password in plan text. As such, you must specify
digestPassword set to false during authentication.
Additional Information For information on configuring MongoDB to use LDAP and authenticating users using
LDAP, see:
• Authenticate Using SASL and LDAP with OpenLDAP (page 420) and
• Authenticate Using SASL and LDAP with ActiveDirectory (page 417).

On this page
Authenticate Using SASL and LDAP with ActiveDirectory

• Considerations (page 417)
• Configure saslauthd (page 417)
• Configure MongoDB (page 418)

MongoDB Enterprise provides support for proxy authentication of users. This allows administrators to configure
a MongoDB cluster to authenticate users by proxying authentication requests to a specified Lightweight Directory
Access Protocol (LDAP) service.
Considerations MongoDB Enterprise for Windows does not include LDAP support for authentication. However,
MongoDB Enterprise for Linux supports using LDAP authentication with an ActiveDirectory server.
MongoDB does not support LDAP authentication in mixed sharded cluster deployments that contain both version 2.4
and version 2.6 shards. See Upgrade MongoDB to 2.6 (page 1010) for upgrade instructions.
Use secure encrypted or trusted connections between clients and the server, as well as between saslauthd and the
LDAP server. The LDAP server uses the SASL PLAIN mechanism, sending and receiving data in plain text. You
should use only a trusted channel such as a VPN, a connection encrypted with TLS/SSL, or a trusted wired network.
Configure saslauthd LDAP support for user authentication requires proper configuration of the saslauthd
daemon process as well as the MongoDB server.

9.2. Authentication

417

MongoDB Documentation, Release 3.2.5

Step 1:
Specify the mechanism. On systems that configure saslauthd with the
/etc/sysconfig/saslauthd file, such as Red Hat Enterprise Linux, Fedora, CentOS, and Amazon
Linux AMI, set the mechanism MECH to ldap:
MECH=ldap

On systems that configure saslauthd with the /etc/default/saslauthd file, such as Ubuntu, set the
MECHANISMS option to ldap:
MECHANISMS="ldap"

Step 2: Adjust caching behavior. On certain Linux distributions, saslauthd starts with the caching of authentication credentials enabled. Until restarted or until the cache expires, saslauthd will not contact the LDAP server
to re-authenticate users in its authentication cache. This allows saslauthd to successfully authenticate users in its
cache, even in the LDAP server is down or if the cached users’ credentials are revoked.
To set the expiration time (in seconds) for the authentication cache, see the -t option28 of saslauthd.
Step 3: Configure LDAP Options with ActiveDirectory. If the saslauthd.conf file does not exist, create it.
The saslauthd.conf file usually resides in the /etc folder. If specifying a different file path, see the -O option29
of saslauthd.
To use with ActiveDirectory, start saslauthd with the following configuration options set in the
saslauthd.conf file:
ldap_servers:
ldap_use_sasl: yes
ldap_mech: DIGEST-MD5
ldap_auth_method: fastbind

For the , specify the uri of the ldap server.
ldaps://ad.example.net.

For example,

ldap_servers:

For more information on saslauthd configuration, see http://www.openldap.org/doc/admin24/guide.html#Configuringsaslauthd.
Step 4: Test the saslauthd configuration. Use testsaslauthd utility to test the saslauthd configuration.
For example:
testsaslauthd -u testuser -p testpassword -f /var/run/saslauthd/mux

Note: /var/run/saslauthd directory must have permissions set to 755 for MongoDB to successfully authenticate.

Configure MongoDB
Step 1: Add user to MongoDB for authentication. Add the user to the $external database in MongoDB. To
specify the user’s privileges, assign roles (page 433) to the user.
For example, the following adds a user with read-only access to the records database.
28 http://www.linuxcommand.org/man_pages/saslauthd8.html
29 http://www.linuxcommand.org/man_pages/saslauthd8.html

418

Chapter 9. Security

MongoDB Documentation, Release 3.2.5

db.getSiblingDB("$external").createUser(
{
user : ,
roles: [ { role: "read", db: "records" } ]
}
)

Add additional principals as needed.
For more information about creating and managing users, see
https://docs.mongodb.org/manual/reference/command/nav-user-management.
Step 2: Configure MongoDB server. To configure the MongoDB server to use the saslauthd instance for proxy
authentication, start the mongod with the following options:
• --auth,
• authenticationMechanisms parameter set to PLAIN, and
• saslauthdPath parameter set to the path to the Unix-domain Socket of the saslauthd instance.
Configure the MongoDB server using either the command line option --setParameter or the configuration
file. Specify additional configurations as appropriate for your configuration.
If you use the authorization option to enforce authentication, you will need privileges to create a user.
Use specific saslauthd socket path. For socket path of ///saslauthd, set the
saslauthdPath to ///saslauthd/mux, as in the following command line example:

mongod --auth --setParameter saslauthdPath=///saslauthd/mux --setParameter authentication

Or if using a YAML format configuration file, specify the following settings in the file:
security:
authorization: enabled
setParameter:
saslauthdPath: ///saslauthd/mux
authenticationMechanisms: PLAIN

Or, if using the older configuration file format30 :
auth=true
setParameter=saslauthdPath=///saslauthd/mux
setParameter=authenticationMechanisms=PLAIN

Use default Unix-domain socket path. To use the default Unix-domain socket path, set the saslauthdPath to
the empty string "", as in the following command line example:
mongod --auth --setParameter saslauthdPath="" --setParameter authenticationMechanisms=PLAIN

Or if using a YAML format configuration file, specify the following settings in the file:
security:
authorization: enabled
setParameter:
saslauthdPath: ""
authenticationMechanisms: PLAIN
30 https://docs.mongodb.org/v2.4/reference/configuration-options

9.2. Authentication

419

MongoDB Documentation, Release 3.2.5

Or, if using the older configuration file format31 :
auth=true
setParameter=saslauthdPath=""
setParameter=authenticationMechanisms=PLAIN

Step 3: Authenticate the user in the mongo shell. To perform the authentication in the mongo shell, use the
db.auth() method in the $external database.
Specify the value "PLAIN" in the mechanism field, the user and password in the user and pwd fields respectively,
and the value false in the digestPassword field. You must specify false for digestPassword since the
server must receive an undigested password to forward on to saslauthd, as in the following example:
db.getSiblingDB("$external").auth(
{
mechanism: "PLAIN",
user: ,
pwd: ,
digestPassword: false
}
)

The server forwards the password in plain text. In general, use only on a trusted channel (VPN, TLS/SSL, trusted
wired network). See Considerations.

On this page
Authenticate Using SASL and LDAP with OpenLDAP

• Considerations (page 420)
• Configure saslauthd (page 420)
• Configure MongoDB (page 422)

420

Chapter 9. Security

MongoDB Documentation, Release 3.2.5

MECH=ldap

On systems that configure saslauthd with the /etc/default/saslauthd file, such as Ubuntu, set the
MECHANISMS option to ldap:
MECHANISMS="ldap"

Step 2: Adjust caching behavior. On certain Linux distributions, saslauthd starts with the caching of authentication credentials enabled. Until restarted or until the cache expires, saslauthd will not contact the LDAP server
to re-authenticate users in its authentication cache. This allows saslauthd to successfully authenticate users in its
cache, even in the LDAP server is down or if the cached users’ credentials are revoked.
To set the expiration time (in seconds) for the authentication cache, see the -t option32 of saslauthd.
Step 3: Configure LDAP Options with OpenLDAP. If the saslauthd.conf file does not exist, create it. The
saslauthd.conf file usually resides in the /etc folder. If specifying a different file path, see the -O option33 of
saslauthd.
To connect to an OpenLDAP server, update the saslauthd.conf file with the following configuration options:
ldap_servers:
ldap_search_base:
ldap_filter:

The ldap_servers specifies the uri of the LDAP server used for authentication. In general, for OpenLDAP installed
on the local machine, you can specify the value ldap://localhost:389 or if using LDAP over TLS/SSL, you
can specify the value ldaps://localhost:636.
The ldap_search_base specifies distinguished name to which the search is relative. The search includes the base
or objects below.
The ldap_filter specifies the search filter.
The values for these configuration options should correspond to the values specific for your test. For example, to filter
on email, specify ldap_filter: (mail=%n) instead.
OpenLDAP Example A sample saslauthd.conf file for OpenLDAP includes the following content:
ldap_servers: ldaps://ad.example.net
ldap_search_base: ou=Users,dc=example,dc=com
ldap_filter: (uid=%u)

To use this sample OpenLDAP configuration, create users with a uid attribute (login name) and place under the
Users organizational unit (ou) under the domain components (dc) example and com.
For more information on saslauthd configuration, see http://www.openldap.org/doc/admin24/guide.html#Configuringsaslauthd.
Step 4: Test the saslauthd configuration. Use testsaslauthd utility to test the saslauthd configuration.
For example:
testsaslauthd -u testuser -p testpassword -f /var/run/saslauthd/mux
32 http://www.linuxcommand.org/man_pages/saslauthd8.html
33 http://www.linuxcommand.org/man_pages/saslauthd8.html

9.2. Authentication

421

MongoDB Documentation, Release 3.2.5

Note: /var/run/saslauthd directory must have permissions set to 755 for MongoDB to successfully authenticate.

Configure MongoDB
Step 1: Add user to MongoDB for authentication. Add the user to the $external database in MongoDB. To
specify the user’s privileges, assign roles (page 433) to the user.
For example, the following adds a user with read-only access to the records database.
db.getSiblingDB("$external").createUser(
{
user : ,
roles: [ { role: "read", db: "records" } ]
}
)

mongod --auth --setParameter saslauthdPath=///saslauthd/mux --setParameter authentication

Or, if using the older configuration file format34 :
auth=true
setParameter=saslauthdPath=///saslauthd/mux
setParameter=authenticationMechanisms=PLAIN
34 https://docs.mongodb.org/v2.4/reference/configuration-options

422

Chapter 9. Security

MongoDB Documentation, Release 3.2.5

Or if using a YAML format configuration file, specify the following settings in the file:
security:
authorization: enabled
setParameter:
saslauthdPath: ""
authenticationMechanisms: PLAIN

Or, if using the older configuration file format35 :
auth=true
setParameter=saslauthdPath=""
setParameter=authenticationMechanisms=PLAIN

The server forwards the password in plain text. In general, use only on a trusted channel (VPN, TLS/SSL, trusted
wired network). See Considerations.
Internal Authentication

On this page
• Keyfiles (page 424)
• x.509 (page 424)
You can authenticate members of replica sets and sharded clusters. For the internal authentication of the members,
MongoDB can use either keyfiles or x.509 (page 401) certificates.
Note: Enabling internal authentication also enables client authorization (page 433).
35 https://docs.mongodb.org/v2.4/reference/configuration-options

9.2. Authentication

423

MongoDB Documentation, Release 3.2.5

Keyfiles

Keyfiles use SCRAM-SHA-1 (page 399) challenge and response authentication mechanism. The contents of the keyfiles
serve as the shared password for the members. A key’s length must be between 6 and 1024 characters and may only
contain characters in the base64 set.
MongoDB strips whitespace characters (e.g. x0d, x09, and x20) for cross-platform convenience. As a result, the
following operations produce identical keys:
echo
echo
echo
echo

-e
-e
-e
-e

"my secret key" > key1
"my secret key\n" > key2
"my
secret
key" > key3
"my\r\nsecret\r\nkey\r\n" > key4

On UNIX systems, the keyfile must not have group or world permissions. On Windows systems, keyfile permissions
are not checked
The content of the keyfile must be the same on all mongod and mongos instances that connect to each other. You
must store the keyfile on each member of the replica set or sharded clusters.
To specify the keyfile, use the security.keyFile setting or --keyFile command line option.
For an example of keyfile internal authentication, see Enable Internal Authentication (page 425).
x.509

Members of a replica set or sharded cluster can use x.509 certificates for internal authentication instead of using
keyfiles. MongoDB supports x.509 certificate authentication for use with a secure TLS/SSL connection.
Member Certificate Requirements The member certificate, used for internal authentication to verify membership
to the sharded cluster or a replica set, must have the following properties:
• A single Certificate Authority (CA) must issue all the x.509 certificates for the members of a sharded cluster or
a replica set.
• The Distinguished Name (DN), found in the member certificate’s subject, must specify a non-empty value
for at least one of the following attributes: Organization (O), the Organizational Unit (OU) or the Domain
Component (DC).
• The Organization attributes (O‘s), the Organizational Unit attributes (OU‘s), and the Domain Components (DC‘s)
must match those from the certificates for the other cluster members. To match, the certificate must match all
specifications of these attributes, or even the non-specification of these attributes. The order of the attributes
does not matter.
In the following example, the two DN‘s contain matching specifications for O, OU as well as the non-specification
of the DC attribute.
CN=host1,OU=Dept1,O=MongoDB,ST=NY,C=US
C=US, ST=CA, O=MongoDB, OU=Dept1, CN=host2

• Either the Common Name (CN) or one of the Subject Alternative Name (SAN) entries must match the hostname
of the server, used by the other members of the cluster.

424

Chapter 9. Security

MongoDB Documentation, Release 3.2.5

For example, the certificates for a cluster could have the following subjects:
subject= CN=,OU=Dept1,O=MongoDB,ST=NY,C=US
subject= CN=,OU=Dept1,O=MongoDB,ST=NY,C=US
subject= CN=,OU=Dept1,O=MongoDB,ST=NY,C=US

• If the certificate includes the Extended Key Usage (extendedKeyUsage) setting, the value must include
clientAuth (“TLS Web Client Authentication”).
extendedKeyUsage = clientAuth

You can also use a certificate that does not include the Extended Key Usage (EKU).
MongoDB Configuration To specify x.509 for internal authentication, in addition to the other SSL configurations
appropriate for your deployment, for each member of the replica set or sharded cluster, include either:
• security.clusterAuthMode and net.ssl.clusterFile if using a configuration file, or
• --clusterAuthMode and --sslClusterFile command line options.
Member Certificate and PEMKeyFile To configure MongoDB for client certificate authentication, the mongod
and mongos specify a PEMKeyFile to prove its identity to clients, either through net.ssl.PEMKeyFile setting
in the configuration file or --sslPEMKeyFile command line option.
If no clusterFile certificate is specified for internal member authentication, MongoDB will attempt to use the
PEMKeyFile certificate for member authentication. In order to use PEMKeyFile certificate for internal authentication as well as for client authentication, then the PEMKeyFile certificate must either:
• Omit extendedKeyUsage or
• Specify extendedKeyUsage values that include clientAuth in addition to serverAuth.
For an example of x.509 internal authentication, see Use x.509 Certificate for Membership Authentication (page 430).
To upgrade from keyfile internal authentication to x.509 internal authentication, see Upgrade from Keyfile Authentication to x.509 Authentication (page 432).

On this page
Enable Internal Authentication

•
•
•
•

Overview (page 425)
Considerations (page 426)
Procedures (page 426)
x.509 Internal Authentication (page 430)

Overview When authentication is enabled on a replica set or a sharded cluster, members of the replica set or the
sharded clusters must provide credentials to authenticate.
To enable authentication on a replica set or a sharded cluster, you must enable authentication individually for each
member. For a sharded cluster, this means enabling authentication on each mongos and each mongod, including the
config servers and each member of a shard’s replica set.
The following tutorial uses a keyfile (page 424) to enable internal authentication. You can also use x.509 certificate
for internal authentication. For details on using x.509, see Use x.509 Certificate for Membership Authentication
(page 430).

9.2. Authentication

425

MongoDB Documentation, Release 3.2.5

Considerations
Access Control Enabling internal authentication enables access control (page 433). The following tutorial assumes no users have been created in the system before enabling internal authentication, and uses Localhost Exception
(page 396) to add a user administrator after access control has been enabled.
If you prefer, you can create the users before enabling internal authentication.
Sharded Cluster It is not possible to convert an existing sharded cluster that does not enforce access control to
require authentication without taking all components of the cluster offline for a short period of time.
For sharded clusters, the Localhost Exception (page 396) will apply to the individual shards unless you either create
an administrative user or disable the localhost exception on each shard.
Procedures
Update Existing Deployment
Step 1: Create a keyfile. Create the keyfile (page 424) your deployment will use to authenticate to members to each
other. You can generate a keyfile using any method you choose. Ensure that the password stored in the keyfile is both
long and contains a high amount of randomness.
For example, the following operation uses openssl command to generate pseudo-random data to use for a keyfile:
openssl rand -base64 741 > /srv/mongodb/mongodb-keyfile
chmod 600 mongodb-keyfile

Step 2: Enable authentication for each member of the sharded cluster or replica set. For each mongod in the
replica set or for each mongos and mongod in the sharded cluster, including all config servers and shards, specify
the keyfile using either a configuration file or a command line option.
In a configuration file, set the security.keyFile option to the keyfile’s path and then start the component, as in
the following example:
security:
keyFile: /srv/mongodb/keyfile

Include any other settings as appropriate for your deployment.
Or, when starting the component, specify the --keyFile option. For example, for a mongod
mongod --keyFile /srv/mongodb/mongodb-keyfile --dbpath

Include any other options as appropriate for your deployment.
Enabling internal authentication enables access control (page 433).
Step 3: Connect to the MongoDB instance via the localhost exception. To add the first user using Localhost
Exception (page 396):
• For a replica set, connect a mongo shell to the primary. Run the mongo shell from the same host as the primary.
• For a sharded cluster, connect a mongo shell to the mongos. Run the mongo shell from same host as the
mongos.

426

Chapter 9. Security

MongoDB Documentation, Release 3.2.5

Step 4: Add first user. Add a user with the userAdminAnyDatabase (page 493) role. For example, the following creates the user myUserAdmin on the admin database:
use admin
db.createUser(
{
user: "myUserAdmin",
pwd: "abc123",
roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
}
)

After you create the user administrator, for a replica set, the localhost exception (page 396) is no longer available.
For sharded clusters, you must still prevent unauthorized access to the individual shards. Follow one of the following
steps for each shard in your cluster:
• Create an administrative user, or
• Disable the Localhost Exception (page 396) at startup.
enableLocalhostAuthBypass to 0.

To disable the localhost exception, set the

Step 5: Authenticate as the user administrator. Either connect a new mongo shell to the MongoDB instance with
the -u , -p , and the --authenticationDatabase :
mongo --port 27017 -u "myUserAdmin" -p "abc123" --authenticationDatabase "admin"

The mongo shell executes a number of commands at start up. As a result, when you log in as the user administrator,
you may see authentication errors from one or more commands. You may ignore these errors, which are expected,
because the userAdminAnyDatabase (page 493) role does not have permissions to run some of the start up
commands.
Or, in the mongo shell connected without authentication, switch to the authentication database, and use db.auth()
method to authenticate:
use admin
db.auth("myUserAdmin", "abc123" )

Step 6: Create additional users as needed for your deployment.
Deploy New Replica Set with Access Control
Step 1: Start one member of the replica set. This mongod should not enable auth.
Step 2: Create administrative users. The following operations will create two users: a user administrator that will
be able to create and modify users (myUserAdmin), and a root (page 494) user (siteRootAdmin) that you will
use to complete the remainder of the tutorial:
use admin
db.createUser( {
user: "myUserAdmin",
pwd: "",
roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
});
db.createUser( {

9.2. Authentication

427

MongoDB Documentation, Release 3.2.5

user: "siteRootAdmin",
pwd: "",
roles: [ { role: "root", db: "admin" } ]
});

Step 3: Stop the mongod instance.
Step 4: Create the key file to be used by each member of the replica set. Create the key file your deployment will
use to authenticate servers to each other.
To generate pseudo-random data to use for a keyfile, issue the following openssl command:
openssl rand -base64 741 > mongodb-keyfile
chmod 600 mongodb-keyfile

You may generate a key file using any method you choose. Always ensure that the password stored in the key file is
both long and contains a high amount of entropy. Using openssl in this manner helps generate such a key.
Step 5: Copy the key file to each member of the replica set. Copy the mongodb-keyfile to all hosts where
components of a MongoDB deployment run. Set the permissions of these files to 600 so that only the owner of the
file can read or write this file to prevent other users on the system from accessing the shared secret.
Step 6: Start each member of the replica set with the appropriate options. For each member, start a mongod
and specify the key file and the name of the replica set. Also specify other parameters as needed for your deployment.
For replication-specific parameters, see cli-mongod-replica-set required by your deployment.
If your application connects to more than one replica set, each set should have a distinct name. Some drivers group
replica set connections by replica set name.
The following example specifies parameters through the --keyFile and --replSet command-line options:
mongod --keyFile /mysecretdirectory/mongodb-keyfile --replSet "rs0"

The following example specifies parameters through a configuration file:
mongod --config $HOME/.mongodb/config

In production deployments, you can configure a init script to manage this process. Init scripts are beyond the scope of
this document.
Step 7: Connect to the member of the replica set where you created the administrative users. Connect to
the replica set member you started and authenticate as the siteRootAdmin user. From the mongo shell, use the
following operation to authenticate:
use admin
db.auth("siteRootAdmin", "");

Step 8: Initiate the replica set. Use rs.initiate() on one and only one member of the replica set:
rs.initiate()

MongoDB initiates a set that consists of the current member and that uses the default replica set configuration.

428

Chapter 9. Security

MongoDB Documentation, Release 3.2.5

Step 9: Verify the initial replica set configuration. Use rs.conf() to display the replica set configuration object
(page 717):
rs.conf()

The replica set configuration object resembles the following:
{
"_id" : "rs0",
"version" : 1,
"members" : [
{
"_id" : 1,
"host" : "mongodb0.example.net:27017"
}
]
}

Step 10: Add the remaining members to the replica set. Add the remaining members with the rs.add()
method. You must be connected to the primary to add members to a replica set.
rs.add() can, in some cases, trigger an election. If the mongod you are connected to becomes a secondary, you
need to connect the mongo shell to the new primary to continue adding new replica set members. Use rs.status()
to identify the primary in the replica set.
The following example adds two members:
rs.add("mongodb1.example.net")
rs.add("mongodb2.example.net")

When complete, you have a fully functional replica set. The new replica set will elect a primary.
Step 11: Check the status of the replica set. Use the rs.status() operation:
rs.status()

Step 12: Create additional users to address operational requirements. You can use built-in roles (page 485) to
create common types of database users, such as the dbOwner (page 488) role to create a database administrator, the
readWrite (page 486) role to create a user who can update data, or the read (page 486) role to create user who
can search data but no more. You also can define custom roles (page 440).
For example, the following creates a database administrator for the products database:
use products
db.createUser(
{
user: "productsDBAdmin",
pwd: "password",
roles:
[
{
role: "dbOwner",
db: "products"
}
]
}
)

9.2. Authentication

429

MongoDB Documentation, Release 3.2.5

For an overview of roles and privileges, see Role-Based Access Control (page 433). For more information on adding
users, see Manage Users and Roles (page 441).
x.509 Internal Authentication For details on using x.509 for internal authentication, see Use x.509 Certificate for
Membership Authentication (page 430).
To upgrade from keyfile internal authentication to x.509 internal authentication, see Upgrade from Keyfile Authentication to x.509 Authentication (page 432).

On this page
Use x.509 Certificate for Membership Authentication

• Member x.509 Certificate (page 430)
• Configure Replica Set/Sharded Cluster (page 431)
• Additional Information (page 432)

New in version 2.6.
MongoDB supports x.509 certificate authentication for use with a secure TLS/SSL connection (page 451). Sharded
cluster members and replica set members can use x.509 certificates to verify their membership to the cluster or the
replica set instead of using keyfiles (page 424). The membership authentication is an internal process.
For client authentication with x.509, see Use x.509 Certificates to Authenticate Clients (page 403).
Important: A full description of TLS/SSL, PKI (Public Key Infrastructure) certificates, in particular x.509 certificates, and Certificate Authority is beyond the scope of this document. This tutorial assumes prior knowledge of
TLS/SSL as well as access to valid x.509 certificates.

Member x.509 Certificate
Certificate Requirements The member certificate, used for internal authentication to verify membership to the
sharded cluster or a replica set, must have the following properties:
• A single Certificate Authority (CA) must issue all the x.509 certificates for the members of a sharded cluster or
a replica set.
• The Distinguished Name (DN), found in the member certificate’s subject, must specify a non-empty value
for at least one of the following attributes: Organization (O), the Organizational Unit (OU) or the Domain
Component (DC).
• The Organization attributes (O‘s), the Organizational Unit attributes (OU‘s), and the Domain Components (DC‘s)
must match those from the certificates for the other cluster members. To match, the certificate must match all
specifications of these attributes, or even the non-specification of these attributes. The order of the attributes
does not matter.
In the following example, the two DN‘s contain matching specifications for O, OU as well as the non-specification
of the DC attribute.
CN=host1,OU=Dept1,O=MongoDB,ST=NY,C=US
C=US, ST=CA, O=MongoDB, OU=Dept1, CN=host2

However, the following two DN‘s contain a mismatch for the OU attribute since one contains two OU specifications and the other, only one specification.

430

Chapter 9. Security

MongoDB Documentation, Release 3.2.5

CN=host1,OU=Dept1,OU=Sales,O=MongoDB
CN=host2,OU=Dept1,O=MongoDB

• If the certificate includes the Extended Key Usage (extendedKeyUsage) setting, the value must include
clientAuth (“TLS Web Client Authentication”).
extendedKeyUsage = clientAuth

You can also use a certificate that does not include the Extended Key Usage (EKU).
Member Certificate and PEMKeyFile To configure MongoDB for client certificate authentication, the mongod
and mongos specify a PEMKeyFile to prove its identity to clients, either through net.ssl.PEMKeyFile setting
in the configuration file or --sslPEMKeyFile command line option.
If no clusterFile certificate is specified for internal member authentication, MongoDB will attempt to use the
PEMKeyFile certificate for member authentication. In order to use PEMKeyFile certificate for internal authentication as well as for client authentication, then the PEMKeyFile certificate must either:
• Omit extendedKeyUsage or
• Specify extendedKeyUsage values that include clientAuth in addition to serverAuth.
Configure Replica Set/Sharded Cluster
Use Command-line Options To specify the x.509 certificate for internal cluster member authentication, append the
additional TLS/SSL options --clusterAuthMode and --sslClusterFile, as in the following example for a
member of a replica set:

mongod --replSet --sslMode requireSSL --clusterAuthMode x509 --sslClusterFile
CAFile:
clusterFile:

See security.clusterAuthMode, net.ssl.mode, net.ssl.PEMKeyFile, net.ssl.CAFile, and
net.ssl.clusterFile for more information on the settings.
Additional Information To upgrade from keyfile internal authentication to x.509 internal authentication, see Upgrade from Keyfile Authentication to x.509 Authentication (page 432).

On this page
Upgrade from Keyfile Authentication to x.509 Authentication

• Clusters Currently Using TLS/SSL (page 432)
• Clusters Currently Not Using TLS/SSL (page 433)

To upgrade clusters that are currently using keyfile authentication (page 424) to x.509 authentication, use the following
rolling upgrade processes.
Clusters Currently Using TLS/SSL For clusters using TLS/SSL and keyfile authentication, to upgrade to x.509
cluster authentication, use the following rolling upgrade process:
1. For each node of a cluster, start the node with the option --clusterAuthMode set to sendKeyFile and
the option --sslClusterFile set to the appropriate path of the node’s certificate. Include other TLS/SSL
options (page 451) as well as any other options that are required for your specific configuration. For example:

mongod --replSet --sslMode requireSSL --clusterAuthMode sendKeyFile --sslClusterFile --sslMode allowSSL --clusterAuthMode sendKeyFile --sslClusterFile , -p , and the --authenticationDatabase :
mongo --port 27017 -u "myUserAdmin" -p "abc123" --authenticationDatabase "admin"

436

Chapter 9. Security

MongoDB Documentation, Release 3.2.5

Or, in the mongo shell connected without authentication, switch to the authentication database, and use db.auth()
method to authenticate:
use admin
db.auth("myUserAdmin", "abc123" )

Step 5: Create additional users as needed for your deployment. If you need to disable access control for any
reason, restart the MongoDB instance without the --auth command line option, or if using a configuration file, the
security.authorization setting.
Add Users After Enabling Access Control The following procedure first enables access control, and then uses
localhost exception (page 396) to add a user administrator.
Step 1: Start the MongoDB instance with access control. Start the mongod instance with the --auth command
line option or, if using a configuration file, the security.authorization setting.
mongod --auth --port 27017 --dbpath /data/db1

Step 2: Connect to the MongoDB instance via the localhost exception. To add the first user using Localhost
Exception (page 396), connect a mongo shell to the mongod instance. Run the mongo shell from the same host as
the mongod instance.
Step 3: Create the system user administrator.
role, and only that role.

Add the user with the userAdminAnyDatabase (page 493)

The following example creates the user myUserAdmin user on the admin database:
use admin
db.createUser(
{
user: "myUserAdmin",
pwd: "abc123",
roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
}
)

After you create the user administrator, the localhost exception (page 396) is no longer available.
Step 4: Authenticate as the user administrator. Either connect a new mongo shell to the MongoDB instance with
the -u , -p , and the --authenticationDatabase :
mongo --port 27017 -u "myUserAdmin" -p "abc123" --authenticationDatabase "admin"

9.3. Role-Based Access Control

437

MongoDB Documentation, Release 3.2.5

Step 5: Create additional users as needed for your deployment.
Additional Information

See also Manage Users and Roles (page 441).
Built-In Roles

On this page
•
•
•
•
•
•
•

Database User Roles (page 438)
Database Administration Roles (page 438)
Cluster Administration Roles (page 439)
Backup and Restoration Roles (page 439)
All-Database Roles (page 439)
Superuser Roles (page 440)
Internal Role (page 440)

MongoDB provides built-in roles that provide the different levels of access commonly needed in a database system.
Built-in database user roles (page 486) and database administration roles (page 487) roles exist in each database. The
admin database contains additional roles.
This page provides a brief description of the built-in roles. For the specific privileges granted by each role, see the
Built-In Roles (page 485) reference page.
Database User Roles

Every database includes the following roles:
Role
read
(page 486)

readWrite
(page 486)

Short Description
Provides the ability to read data on all non-system collections and on the following system
collections: system.indexes (page 377), system.js (page 377), and
system.namespaces (page 377) collections.
For the specific privileges granted by the role, see read (page 486).
Provides all the privileges of the read (page 486) role and the ability to modify data on all
non-system collections and the system.js (page 377) collection.
For the specific privileges granted by the role, see readWrite (page 486).

Database Administration Roles

Every database includes the following database administration roles:

438

Chapter 9. Security

MongoDB Documentation, Release 3.2.5

Role
dbAdmin
(page 487)
dbOwner
(page 488)
userAdmin
(page 488)

Short Description
Provides the ability to perform administrative tasks such as schema-related tasks, indexing,
gathering statistics. This role does not grant privileges for user and role management.
For the specific privileges granted by the role, see dbAdmin (page 487).
Provides the ability to perform any administrative action on the database. This role combines the
privileges granted by the readWrite (page 486), dbAdmin (page 487) and userAdmin
(page 488) roles.
Provides the ability to create and modify roles and users on the current database. Since the
userAdmin (page 488) role allows users to grant any privilege to any user, including
themselves, the role also indirectly provides superuser (page 493) access to either the database
or, if scoped to the admin database, the cluster.
For the specific privileges granted by the role, see userAdmin (page 488).

Cluster Administration Roles

The admin database includes the following roles for administering the whole system rather than a specific database.
These roles include but are not limited to replica set and sharded cluster administrative functions.
Role
clusterAdmin
(page 488)

Short Description
Provides the greatest cluster-management access. This role combines the privileges granted
by the clusterManager (page 489), clusterMonitor (page 490), and
hostManager (page 490) roles. Additionally, the role provides the dropDatabase
(page 504) action.
clusterManagerProvides management and monitoring actions on the cluster. A user with this role can access
(page 489)
the config and local databases, which are used in sharding and replication, respectively.
For the specific privileges granted by the role, see clusterManager (page 489).
clusterMonitorProvides read-only access to monitoring tools, such as the MongoDB Cloud Manager37 and
(page 490)
Ops Manager38 monitoring agent.
For the specific privileges granted by the role, see clusterMonitor (page 490).
hostManager
Provides the ability to monitor and manage servers.
(page 490)
For the specific privileges granted by the role, see hostManager (page 490).
Backup and Restoration Roles

The admin database includes the following roles for backing up and restoring data:
Role
backup
(page 491)
restore
(page 492)

Short Description
Provides privileges needed to back up data. This role provides sufficient privileges to use the
MongoDB Cloud Manager39 backup agent, Ops Manager40 backup agent, or to use mongodump.
For the specific privileges granted by the role, see backup (page 491).
Provides privileges needed to restore data with mongorestore without the --oplogReplay
option or without system.profile collection data.
For the specific privileges granted by the role, see restore (page 492).

All-Database Roles

The admin database provides the following roles that apply to all databases in a mongod instance and are roughly
equivalent to their single-database equivalents:
37 https://cloud.mongodb.com/?jmp=docs
38 https://docs.opsmanager.mongodb.com/current/
39 https://cloud.mongodb.com/?jmp=docs
40 https://docs.opsmanager.mongodb.com/current/

9.3. Role-Based Access Control

439

MongoDB Documentation, Release 3.2.5

Role
Short Description
readAnyDatabase Provides the same read-only permissions as read (page 486), except it applies to all
(page 493)
databases in the cluster. The role also provides the listDatabases (page 505) action
on the cluster as a whole.
For the specific privileges granted by the role, see readAnyDatabase (page 493).
readWriteAnyDatabase
Provides the same read and write permissions as readWrite (page 486), except it
(page 493)
applies to all databases in the cluster. The role also provides the listDatabases
(page 505) action on the cluster as a whole.
For the specific privileges granted by the role, see readWriteAnyDatabase
(page 493).
userAdminAnyDatabase
Provides the same access to user administration operations as userAdmin (page 488),
(page 493)
except it applies to all databases in the cluster.
Since the userAdminAnyDatabase (page 493) role allows users to grant any
privilege to any user, including themselves, the role also indirectly provides superuser
(page 493) access.
For the specific privileges granted by the role, see userAdminAnyDatabase
(page 493).
dbAdminAnyDatabase
Provides the same access to database administration operations as dbAdmin (page 487),
(page 493)
except it applies to all databases in the cluster. The role also provides the
listDatabases (page 505) action on the cluster as a whole.
For the specific privileges granted by the role, see dbAdminAnyDatabase (page 493).
Superuser Roles

The following role provides full privileges on all resources:
Role
root
(page 494)

Short Description
Provides access to the operations and all the resources of the readWriteAnyDatabase
(page 493), dbAdminAnyDatabase (page 493), userAdminAnyDatabase (page 493) and
clusterAdmin (page 488) roles combined.
For the specific privileges granted by the role, see root (page 494).

Internal Role

Role
__system
(page 494)

Short Description
Provides privileges to take any action against any object in the database.
Do not assign this role to user objects representing applications or human administrators, other
than in exceptional circumstances.
For more information, see root (page 494).

See also:
Built-In Roles (page 485)
User-Defined Roles

On this page
• Role Management Interface (page 441)
• Scope (page 441)
• Centralized Role Data (page 441)

440

Chapter 9. Security

MongoDB Documentation, Release 3.2.5

New in version 2.6.
MongoDB provides a number of built-in roles (page 485). However, if these roles cannot describe the desired set of
privileges, you can create new roles.
Role Management Interface

To add a role, MongoDB provides the db.createRole() method. MongoDB also provides methods to update
existing user-defined roles. For a full list of role management methods, see role-management-methods.
Scope

When adding a role, you create the role in a specific database. MongoDB uses the combination of the database and
the role name to uniquely define a role.
Except for roles created in the admin database, a role can only include privileges that apply to its database and can
only inherit from other roles in its database.
A role created in the admin database can include privileges that apply to the admin database, other databases or to
the cluster (page 500) resource, and can inherit from roles in other databases as well as the admin database.
Centralized Role Data

MongoDB stores all role information in the system.roles (page 494) collection in the admin database
Do not access this collection directly but instead use the role management commands to view and edit custom roles.
Manage Users and Roles

On this page
•
•
•
•
•
•
•

Overview (page 441)
Prerequisites (page 442)
Create a User-Defined Role (page 442)
Modify Access for an Existing User (page 443)
Modify the Password for an Existing User (page 445)
View a User’s Roles (page 445)
View a Role’s Privileges (page 446)

Overview

Changed in version 2.6: MongoDB 2.6 introduces a new authorization model (page 433).
This tutorial provides examples for user and role management under the MongoDB’s authorization model. Add Users
(page 396) describes how to add a new user to MongoDB.

9.3. Role-Based Access Control

441

MongoDB Documentation, Release 3.2.5

Prerequisites

Important: If you have enabled access control (page 435) for your deployment, you must authenticate as a user
with the required privileges specified in each section. A user administrator with the userAdminAnyDatabase
(page 493) role, or userAdmin (page 488) role in the specific databases, provides the required privileges to perform the operations listed in this tutorial. See Enable Client Access Control (page 435) for details on adding user
administrator as the first user.

Create a User-Defined Role

Roles grant users access to MongoDB resources. MongoDB provides a number of built-in roles (page 485) that
administrators can use to control access to a MongoDB system. However, if these roles cannot describe the desired set
of privileges, you can create new roles in a particular database.
Except for roles created in the admin database, a role can only include privileges that apply to its database and can
only inherit from other roles in its database.
A role created in the admin database can include privileges that apply to the admin database, other databases or to
the cluster (page 500) resource, and can inherit from roles in other databases as well as the admin database.
To create a new role, use the db.createRole() method, specifying the privileges in the privileges array and
the inherited roles in the roles array.
MongoDB uses the combination of the database name and the role name to uniquely define a role. Each role is scoped
to the database in which you create the role, but MongoDB stores all role information in the admin.system.roles
(page 377) collection in the admin database.
Prerequisites To create a role in a database, you must have:
• the createRole (page 501) action (page 500) on that database resource (page 499).
• the grantRole (page 502) action (page 500) on that database to specify privileges for the new role as well as
to specify roles to inherit from.
Built-in roles userAdmin (page 488) and userAdminAnyDatabase (page 493) provide createRole
(page 501) and grantRole (page 502) actions on their respective resources (page 498).
Create a Role to Manage Current Operations The following example creates a role named manageOpRole
which provides only the privileges to run both db.currentOp() and db.killOp(). 41
Step 1: Connect to MongoDB with the appropriate privileges. Connect to mongod or mongos with the privileges specified in the Prerequisites (page 442) section.
The following procedure uses the myUserAdmin created in Enable Client Access Control (page 435).
mongo --port 27017 -u myUserAdmin -p abc123 --authenticationDatabase admin

The myUserAdmin has privileges to create roles in the admin as well as other databases.
41 The built-in role clusterMonitor (page 490) also provides the privilege to run db.currentOp() along with other privileges, and the
built-in role hostManager (page 490) provides the privilege to run db.killOp() along with other privileges.

442

Chapter 9. Security

MongoDB Documentation, Release 3.2.5

Step 2: Create a new role to manage current operations. manageOpRole has privileges that act on multiple
databases as well as the cluster resource (page 500). As such, you must create the role in the admin database.
use admin
db.createRole(
{
role: "manageOpRole",
privileges: [
{ resource: { cluster: true }, actions: [ "killop", "inprog" ] },
{ resource: { db: "", collection: "" }, actions: [ "killCursors" ] }
],
roles: []
}
)

The new role grants permissions to kill any operations.
Warning: Terminate running operations with extreme caution. Only use db.killOp() to terminate operations
initiated by clients and do not terminate internal database operations.

Create a Role to Run mongostat The following example creates a role named mongostatRole that provides
only the privileges to run mongostat. 42
Step 1: Connect to MongoDB with the appropriate privileges. Connect to mongod or mongos with the privileges specified in the Prerequisites (page 442) section.
The following procedure uses the myUserAdmin created in Enable Client Access Control (page 435).
mongo --port 27017 -u myUserAdmin -p abc123 --authenticationDatabase admin

The myUserAdmin has privileges to create roles in the admin as well as other databases.
Step 2: Create a new role to manage current operations. mongostatRole has privileges that act on the cluster
resource (page 500). As such, you must create the role in the admin database.
use admin
db.createRole(
{
role: "mongostatRole",
privileges: [
{ resource: { cluster: true }, actions: [ "serverStatus" ] }
],
roles: []
}
)

Modify Access for an Existing User

Prerequisites
• You must have the grantRole (page 502) action (page 500) on a database to grant a role on that database.
• You must have the revokeRole (page 502) action (page 500) on a database to revoke a role on that database.
42

The built-in role clusterMonitor (page 490) also provides the privilege to run mongostat along with other privileges.

9.3. Role-Based Access Control

443

MongoDB Documentation, Release 3.2.5

• To view a role’s information, you must be either explicitly granted the role or must have the viewRole
(page 502) action (page 500) on the role’s database.
Procedure
Step 1: Connect to MongoDB with the appropriate privileges. Connect to mongod or mongos as a user with
the privileges specified in the prerequisite section.
The following procedure uses the myUserAdmin created in Enable Client Access Control (page 435).
mongo --port 27017 -u myUserAdmin -p abc123 --authenticationDatabase admin

Step 2: Identify the user’s roles and privileges. To display the roles and privileges of the user to be modified, use
the db.getUser() and db.getRole() methods.
For example, to view roles for reportsUser created in Examples (page 397), issue:
use reporting
db.getUser("reportsUser")

To display the privileges granted to the user by the readWrite role on the "accounts" database, issue:
use accounts
db.getRole( "readWrite", { showPrivileges: true } )

Step 3: Identify the privileges to grant or revoke. If the user requires additional privileges, grant to the user the
role, or roles, with the required set of privileges. If such a role does not exist, create a new role (page 442) with the
appropriate set of privileges.
To revoke a subset of privileges provided by an existing role: revoke the original role and grant a role that contains
only the required privileges. You may need to create a new role (page 442) if a role does not exist.
Step 4: Modify the user’s access.
Revoke a Role Revoke a role with the db.revokeRolesFromUser() method. The following example operation removes the readWrite (page 486) role on the accounts database from the reportsUser:
use reporting
db.revokeRolesFromUser(
"reportsUser",
[
{ role: "readWrite", db: "accounts" }
]
)

Grant a Role Grant a role using the db.grantRolesToUser() method. For example, the following operation
grants the reportsUser user the read (page 486) role on the accounts database:
use reporting
db.grantRolesToUser(
"reportsUser",
[
{ role: "read", db: "accounts" }

444

Chapter 9. Security

MongoDB Documentation, Release 3.2.5

]
)

For sharded clusters, the changes to the user are instant on the mongos on which the command runs. However, for other mongos instances in the cluster, the user cache may wait up to 10 minutes to refresh. See
userCacheInvalidationIntervalSecs.
Modify the Password for an Existing User

Prerequisites To modify the password of another user on a database, you must have the changeAnyPassword
action (page 500) on that database.
Procedure
Step 1: Connect to MongoDB with the appropriate privileges. Connect to the mongod or mongos with the
privileges specified in the Prerequisites (page 445) section.
The following procedure uses the myUserAdmin created in Enable Client Access Control (page 435).
mongo --port 27017 -u myUserAdmin -p abc123 --authenticationDatabase admin

Step 2:
Change the password. Pass
db.changeUserPassword() method.

the

user’s

username

and

the

new

password

the

The following operation changes the reporting user’s password to SOh3TbYhxuLiW8ypJPxmt1oOfL:
db.changeUserPassword("reporting", "SOh3TbYhxuLiW8ypJPxmt1oOfL")

See also:
Change Your Password and Custom Data (page 447)
View a User’s Roles

Prerequisites To view another user’s information, you must have the viewUser (page 502) action (page 500) on
the other user’s database.
Users can view their own information.
Procedure
Step 1: Connect to MongoDB with the appropriate privileges. Connect to mongod or mongos as a user with
the privileges specified in the prerequisite section.
The following procedure uses the myUserAdmin created in Enable Client Access Control (page 435).
mongo --port 27017 -u myUserAdmin -p abc123 --authenticationDatabase admin

9.3. Role-Based Access Control

445

MongoDB Documentation, Release 3.2.5

Step 2: Identify the user’s roles. Use the usersInfo command or db.getUser() method to display user
information.
For example, to view roles for reportsUser created in Examples (page 397), issue:
use reporting
db.getUser("reportsUser")

In the returned document, the roles (page 497) field displays all roles for reportsUser:
...
"roles" : [
{ "role"
{ "role"
{ "role"
{ "role"
]

:
:
:
:

"readWrite",
"read", "db"
"read", "db"
"read", "db"

"db" : "accounts" },
: "reporting" },
: "products" },
: "sales" }

View a Role’s Privileges

Prerequisites To view a role’s information, you must be either explicitly granted the role or must have the
viewRole (page 502) action (page 500) on the role’s database.
Procedure
Step 1: Connect to MongoDB with the appropriate privileges. Connect to mongod or mongos as a user with
the privileges specified in the prerequisite section.
The following procedure uses the myUserAdmin created in Enable Client Access Control (page 435).
mongo --port 27017 -u myUserAdmin -p abc123 --authenticationDatabase admin

Step 2: Identify the privileges granted by a role. For a given role, use the db.getRole() method, or the
rolesInfo command, with the showPrivileges option:
For example, to view the privileges granted by read role on the products database, use the following operation,
issue:
use products
db.getRole( "read", { showPrivileges: true } )

In the returned document, the privileges and inheritedPrivileges arrays. The privileges lists
the privileges directly specified by the role and excludes those privileges inherited from other roles. The
inheritedPrivileges lists all privileges granted by this role, both directly specified and inherited. If the role
does not inherit from other roles, the two fields are the same.
...
"privileges" : [
{
"resource": { "db" : "products", "collection" : "" },
"actions": [ "collStats","dbHash","dbStats","find","killCursors","planCacheRead" ]
},
{
"resource" : { "db" : "products", "collection" : "system.js" },
"actions": [ "collStats","dbHash","dbStats","find","killCursors","planCacheRead" ]
}

446

Chapter 9. Security

MongoDB Documentation, Release 3.2.5

],
"inheritedPrivileges" : [
{
"resource": { "db" : "products", "collection" : "" },
"actions": [ "collStats","dbHash","dbStats","find","killCursors","planCacheRead" ]
},
{
"resource" : { "db" : "products", "collection" : "system.js" },
"actions": [ "collStats","dbHash","dbStats","find","killCursors","planCacheRead" ]
}
]

Change Your Password and Custom Data
Changed in version 2.6.
On this page
•
•
•
•

Overview (page 447)
Considerations (page 447)
Prerequisites (page 447)
Procedure (page 448)

Overview

Users with appropriate privileges can change their own passwords and custom data. Custom data (page 498) stores
optional user information.
Considerations

To generate a strong password for use in this procedure, you can use the openssl utility’s rand command. For
example, issue openssl rand with the following options to create a base64-encoded string of 48 pseudo-random
bytes:
openssl rand -base64 48

Prerequisites

To modify your own password and custom data, you must have privileges that grant changeOwnPassword
(page 501) and changeOwnCustomData (page 501) actions (page 500) respectively on the user’s database.
Step 1: Connect as a user with privileges to manage users and roles. Connect to the mongod or mongos with
privileges to manage users and roles, such as a user with userAdminAnyDatabase (page 493) role. The following
procedure uses the myUserAdmin created in Enable Client Access Control (page 435).
mongo --port 27017 -u myUserAdmin -p abc123 --authenticationDatabase admin

9.3. Role-Based Access Control

447

MongoDB Documentation, Release 3.2.5

Step 2: Create a role with appropriate privileges. In the admin database, create a new role with
changeOwnPassword (page 501) and changeOwnCustomData (page 501).
use admin
db.createRole(
{ role: "changeOwnPasswordCustomDataRole",
privileges: [
{
resource: { db: "", collection: ""},
actions: [ "changeOwnPassword", "changeOwnCustomData" ]
}
],
roles: []
}
)

Step 3: Add a user with this role. In the test database, create a new user with the created
"changeOwnPasswordCustomDataRole" role. For example, the following operation creates a user with both
the built-in role readWrite (page 486) and the user-created "changeOwnPasswordCustomDataRole".
use test
db.createUser(
{
user:"user123",
pwd:"12345678",
roles:[ "readWrite", { role:"changeOwnPasswordCustomDataRole", db:"admin" } ]
}
)

To grant an existing user the new role, use db.grantRolesToUser().
Procedure

Step 1: Connect with the appropriate privileges. Connect to the mongod or mongos as a user with appropriate
privileges.
For example, the following operation connects to MongoDB as user123 created in the Prerequisites (page 447)
section.
mongo --port 27017 -u user123 -p 12345678 --authenticationDatabase test

To check that you have the privileges specified in the Prerequisites (page 447) section as well as to see user information,
use the usersInfo command with the showPrivileges option.
Step 2: Change your password and custom data. Use the db.updateUser() method to update the password
and custom data.
For example, the following operation changes thw user’s password to KNlZmiaNUp0B and custom data to {
title: "Senior Manager" }:
use test
db.updateUser(
"user123",
{
pwd: "KNlZmiaNUp0B",
customData: { title: "Senior Manager" }

448

Chapter 9. Security

MongoDB Documentation, Release 3.2.5

}
)

Collection-Level Access Control

On this page
• Privileges and Scope (page 449)
• Additional Information (page 449)
Collection-level access control allows administrators to grant users privileges that are scoped to specific collections.
Administrators can implement collection-level access control through user-defined roles (page 440). By creating a role
with privileges (page 434) that are scoped to a specific collection in a particular database, administrators can provision
users with roles that grant privileges on a collection level.
Privileges and Scope

A privilege consists of actions (page 500) and the resources (page 498) upon which the actions are permissible; i.e.
the resources define the scope of the actions for that privilege.
By specifying both the database and the collection in the resource document (page 499) for a privilege, administrator
can limit the privilege actions just to a specific collection in a specific database. Each privilege action in a role can be
scoped to a different collection.
For example, a user defined role can contain the following privileges:

privileges: [
{ resource: { db: "products", collection: "inventory" }, actions: [ "find", "update", "insert" ] },
{ resource: { db: "products", collection: "orders" }, actions: [ "find" ] }
]

The first privilege scopes its actions to the inventory collection of the products database. The second privilege
scopes its actions to the orders collection of the products database.
Additional Information

For more information on user-defined roles and MongoDB authorization model, see Role-Based Access Control
(page 433). For a tutorial on creating user-defined roles, see Manage Users and Roles (page 441).

9.4 Encryption
On this page
• Transport Encryption (page 450)
• Encryption at Rest (page 450)

9.4. Encryption

449

MongoDB Documentation, Release 3.2.5

9.4.1 Transport Encryption
You can use TLS/SSL (Transport Layer Security/Secure Sockets Layer) to encrypt all of MongoDB’s network traffic.
TLS/SSL ensures that MongoDB network traffic is only readable by the intended client.
See Transport Encryption (page 450) for more information.

9.4.2 Encryption at Rest
There are two broad classes of approaches to encrypting data at rest with MongoDB: Application Level Encryption
and Storage Encryption. You can use these solutions together or independently.
New in version 3.2: MongoDB Enterprise 3.2 introduces a native encryption option for the WiredTiger storage engine.
This feature allows MongoDB to encrypt data files such that only parties with the decryption key can decode and read
the data.
See Encryption At Rest (page 461) for more information.
Transport Encryption

On this page
•
•
•
•

TLS/SSL (page 450)
Certificates (page 450)
Identity Verification (page 450)
FIPS Mode (page 451)

TLS/SSL

MongoDB supports TLS/SSL (Transport Layer Security/Secure Sockets Layer) to encrypt all of MongoDB’s network
traffic. TLS/SSL ensures that MongoDB network traffic is only readable by the intended client.
MongoDB TLS/SSL implementation uses OpenSSL libraries. MongoDB’s SSL encryption only allows use of strong
SSL ciphers with a minimum of 128-bit key length for all connections.
Certificates

Before you can use SSL, you must have a .pem file containing a public key certificate and its associated private key.
MongoDB can use any valid SSL certificate issued by a certificate authority or a self-signed certificate. If you use a
self-signed certificate, although the communications channel will be encrypted, there will be no validation of server
identity. Although such a situation will prevent eavesdropping on the connection, it leaves you vulnerable to a man-inthe-middle attack. Using a certificate signed by a trusted certificate authority will permit MongoDB drivers to verify
the server’s identity.
For example, see TLS/SSL Configuration for Clients (page 455).
Identity Verification

In addition to encrypting connections, SSL allows for authentication using certificates, both for client authentication
(page 393) and for internal authentication (page 423) of members of replica sets and sharded clusters.

450

Chapter 9. Security

MongoDB Documentation, Release 3.2.5

For more information, see:
• Configure mongod and mongos for TLS/SSL (page 451)
• TLS/SSL Configuration for Clients (page 455)
• Use x.509 Certificates to Authenticate Clients (page 403)
• Use x.509 Certificate for Membership Authentication (page 430)
FIPS Mode

Enterprise Feature
Available in MongoDB Enterprise only.
The Federal Information Processing Standard (FIPS) is a U.S. government computer security standard used to certify
software modules and libraries that encrypt and decrypt data securely. You can configure MongoDB to run with a
FIPS 140-2 certified library for OpenSSL. Configure FIPS to run by default or as needed from the command line.
For an example, see Configure MongoDB for FIPS (page 459).

On this page
Configure mongod and mongos for TLS/SSL

• Overview (page 451)
• Prerequisites (page 451)
• Procedures (page 452)

Overview This document helps you to configure MongoDB to support TLS/SSL. MongoDB clients can use
TLS/SSL to encrypt connections to mongod and mongos instances. MongoDB TLS/SSL implementation uses
OpenSSL libraries.
Note: Although TLS is the successor to SSL, this page uses the more familiar term SSL to refer to TLS/SSL.
These instructions assume that you have already installed a build of MongoDB that includes SSL support and that your
client driver supports SSL. For instructions on upgrading a cluster currently not using SSL to using SSL, see Upgrade
a Cluster to Use TLS/SSL (page 458).
Changed in version 2.6: MongoDB’s SSL encryption only allows use of strong SSL ciphers with a minimum of 128-bit
key length for all connections.
Prerequisites
Important: A full description of TLS/SSL, PKI (Public Key Infrastructure) certificates, and Certificate Authority
is beyond the scope of this document. This page assumes prior knowledge of TLS/SSL as well as access to valid
certificates.

MongoDB Support New in version 3.0: Most MongoDB distributions now include support for SSL.
Certain distributions of MongoDB43 do not contain support for SSL. To use SSL, be sure to choose a package that
supports SSL. All MongoDB Enterprise44 supported platforms include SSL support.
43 http://www.mongodb.org/downloads?jmp=docs
44 http://www.mongodb.com/products/mongodb-enterprise?jmp=docs

9.4. Encryption

451

MongoDB Documentation, Release 3.2.5

Client Support See TLS/SSL Configuration for Clients (page 455) to learn about SSL support for Python, Java,
Ruby, and other clients.
Certificate Authorities For production use, your MongoDB deployment should use valid certificates generated and
signed by a single certificate authority. You or your organization can generate and maintain an independent certificate
authority, or use certificates generated by a third-party SSL vendor. Obtaining and managing certificates is beyond the
scope of this documentation.
.pem File Before you can use SSL, you must have a .pem file containing a public key certificate and its associated
private key.
MongoDB can use any valid SSL certificate issued by a certificate authority, or a self-signed certificate. If you use a
self-signed certificate, although the communications channel will be encrypted, there will be no validation of server
identity. Although such a situation will prevent eavesdropping on the connection, it leaves you vulnerable to a man-inthe-middle attack. Using a certificate signed by a trusted certificate authority will permit MongoDB drivers to verify
the server’s identity.
In general, avoid using self-signed certificates unless the network is trusted.
Additionally, with regards to authentication among replica set/sharded cluster members (page 423), in order to minimize exposure of the private key and allow hostname validation, it is advisable to use different certificates on different
servers.
For testing purposes, you can generate a self-signed certificate and private key on a Unix system with a command that
resembles the following:

cd /etc/ssl/
openssl req -newkey rsa:2048 -new -x509 -days 365 -nodes -out mongodb-cert.crt -keyout mongodb-cert.k

This operation generates a new, self-signed certificate with no passphrase that is valid for 365 days. Once you have
the certificate, concatenate the certificate and private key to a .pem file, as in the following example:
cat mongodb-cert.key mongodb-cert.crt > mongodb.pem

See also:
Use x.509 Certificates to Authenticate Clients (page 403)
Procedures
Set Up mongod and mongos with SSL Certificate and Key To use SSL in your MongoDB deployment, include
the following run-time options with mongod and mongos:
• net.ssl.mode set to requireSSL. This setting restricts each server to use only SSL encrypted connections.
You can also specify either the value allowSSL or preferSSL to set up the use of mixed SSL modes on a
port. See net.ssl.mode for details.
• PEMKeyfile with the .pem file that contains the SSL certificate and key.
Consider the following syntax for mongod:
mongod --sslMode requireSSL --sslPEMKeyFile

For example, given an SSL certificate located at /etc/ssl/mongodb.pem, configure mongod to use SSL encryption for all connections with the following command:

452

Chapter 9. Security

MongoDB Documentation, Release 3.2.5

mongod --sslMode requireSSL --sslPEMKeyFile /etc/ssl/mongodb.pem

Note:
• Specify with the full path name to the certificate.
• If the private key portion of the is encrypted, specify the passphrase. See SSL Certificate Passphrase
(page 455).
You may also specify these options in the configuration file, as in the following examples:
If using the YAML configuration file format:
net:
ssl:
mode: requireSSL
PEMKeyFile: /etc/ssl/mongodb.pem

Or, if using the older older configuration file format45 :
sslMode = requireSSL
sslPEMKeyFile = /etc/ssl/mongodb.pem

To connect, to mongod and mongos instances using SSL, the mongo shell and MongoDB tools must include the
--ssl option. See TLS/SSL Configuration for Clients (page 455) for more information on connecting to mongod
and mongos running with SSL.
See also:
Upgrade a Cluster to Use TLS/SSL (page 458)
Set Up mongod and mongos with Certificate Validation To set up mongod or mongos for SSL encryption
using an SSL certificate signed by a certificate authority, include the following run-time options during startup:
• net.ssl.mode set to requireSSL. This setting restricts each server to use only SSL encrypted connections.
You can also specify either the value allowSSL or preferSSL to set up the use of mixed SSL modes on a
port. See net.ssl.mode for details.
• PEMKeyfile with the name of the .pem file that contains the signed SSL certificate and key.
• CAFile with the name of the .pem file that contains the root certificate chain from the Certificate Authority.
Consider the following syntax for mongod:
mongod --sslMode requireSSL --sslPEMKeyFile --sslCAFile

For example, given a signed SSL certificate located at /etc/ssl/mongodb.pem and the certificate authority file
at /etc/ssl/ca.pem, you can configure mongod for SSL encryption as follows:
mongod --sslMode requireSSL --sslPEMKeyFile /etc/ssl/mongodb.pem --sslCAFile /etc/ssl/ca.pem

Note:
• Specify the file and the file with either the full path name or the relative path name.
• If the is encrypted, specify the passphrase. See SSL Certificate Passphrase (page 455).
You may also specify these options in the configuration file, as in the following examples:
45 https://docs.mongodb.org/v2.4/reference/configuration-options

9.4. Encryption

453

MongoDB Documentation, Release 3.2.5

If using the YAML configuration file format:
net:
ssl:
mode: requireSSL
PEMKeyFile: /etc/ssl/mongodb.pem
CAFile: /etc/ssl/ca.pem

Or, if using the older older configuration file format46 :
sslMode = requireSSL
sslPEMKeyFile = /etc/ssl/mongodb.pem
sslCAFile = /etc/ssl/ca.pem

To connect, to mongod and mongos instances using SSL, the mongo tools must include the both the --ssl and
--sslPEMKeyFile option. See TLS/SSL Configuration for Clients (page 455) for more information on connecting
to mongod and mongos running with SSL.
See also:
Upgrade a Cluster to Use TLS/SSL (page 458)
Block Revoked Certificates for Clients To prevent clients with revoked certificates from connecting, include the
sslCRLFile to specify a .pem file that contains revoked certificates.
For example, the following mongod with SSL configuration includes the sslCRLFile setting:

mongod --sslMode requireSSL --sslCRLFile /etc/ssl/ca-crl.pem --sslPEMKeyFile /etc/ssl/mongodb.pem --s

Clients with revoked certificates in the /etc/ssl/ca-crl.pem will not be able to connect to this mongod instance.
Validate Only if a Client Presents a Certificate In most cases it is important to ensure that clients present valid
certificates. However, if you have clients that cannot present a client certificate, or are transitioning to using a certificate
authority you may only want to validate certificates from clients that present a certificate.
If you want to bypass validation for clients that don’t present certificates, include the
allowConnectionsWithoutCertificates run-time option with mongod and mongos. If the client
does not present a certificate, no validation occurs. These connections, though not validated, are still encrypted using
SSL.
For example, consider the following mongod with
allowConnectionsWithoutCertificates setting:

SSL

configuration

that

includes

the

mongod --sslMode requireSSL --sslAllowConnectionsWithoutCertificates --sslPEMKeyFile /etc/ssl/mongodb

Then, clients can connect either with the option --ssl and no certificate or with the option --ssl and a valid
certificate. See TLS/SSL Configuration for Clients (page 455) for more information on SSL connections for clients.
Note: If the client presents a certificate, the certificate must be a valid certificate.
All connections, including those that have not presented certificates are encrypted using SSL.
46 https://docs.mongodb.org/v2.4/reference/configuration-options

454

Chapter 9. Security

MongoDB Documentation, Release 3.2.5

Disallow Protocols New in version 3.0.7.
To prevent MongoDB servers from accepting incoming connections that use specific protocols, include the --sslDisabledProtocols option, or if using the configuration file the
net.ssl.disabledProtocols setting.
For example, the following configuration uses --sslDisabledProtocols option to prevent mongod from accepting incoming connections that use either TLS1_0 or TLS1_1:

mongod --sslMode requireSSL --sslDisabledProtocols TLS1_0,TLS1_1 --sslPEMKeyFile /etc/ssl/mongodb.pem

If using the YAML configuration file format:
net:
ssl:
mode: requireSSL
PEMKeyFile: /etc/ssl/mongodb.pem
CAFile: /etc/ssl/ca.pem
disabledProtocols: TLS1_0,TLS1_1

For more information, including the protocols recognized by the option, see net.ssl.disabledProtocols or
the --sslDisabledProtocols option for mongod and mongos.
SSL Certificate Passphrase The PEM files for PEMKeyfile and ClusterFile may be encrypted. With encrypted PEM files, you must specify the passphrase at startup with a command-line or a configuration file option or
enter the passphrase when prompted.
Changed in version 2.6: In previous versions, you can only specify the passphrase with a command-line or a configuration file option.
To specify the passphrase in clear text on the command line or in a configuration file, use the PEMKeyPassword
and/or the ClusterPassword option.
To have MongoDB prompt for the passphrase at the start of mongod or mongos and avoid specifying the passphrase
in clear text, omit the PEMKeyPassword and/or the ClusterPassword option. MongoDB will prompt for each
passphrase as necessary.
Important: The passphrase prompt option is available if you run the MongoDB instance in the foreground with
a connected terminal. If you run mongod or mongos in a non-interactive session (e.g. without a terminal or as a
service on Windows), you cannot use the passphrase prompt option.

Run in FIPS Mode
Note: FIPS-compatible SSL is available only in MongoDB Enterprise47 . See Configure MongoDB for FIPS
(page 459) for more information.
See Configure MongoDB for FIPS (page 459) for more details.

On this page
TLS/SSL Configuration for Clients

•
•
•
•

mongo Shell SSL Configuration (page 456)
MongoDB Cloud Manager and Ops Manager Monitoring Agent (page 457)
MongoDB Drivers (page 457)
MongoDB Tools (page 458)

47 http://www.mongodb.com/products/mongodb-enterprise?jmp=docs

9.4. Encryption

455

MongoDB Documentation, Release 3.2.5

Clients must have support for TLS/SSL to work with a mongod or a mongos instance that has TLS/SSL support
enabled.
Important: A full description of TLS/SSL, PKI (Public Key Infrastructure) certificates, and Certificate Authority
is beyond the scope of this document. This page assumes prior knowledge of TLS/SSL as well as access to valid
certificates.
Note: Although TLS is the successor to SSL, this page uses the more familiar term SSL to refer to TLS/SSL.
See also:
Configure mongod and mongos for TLS/SSL (page 451).
mongo Shell SSL Configuration For SSL connections, you must use the mongo shell built with SSL support or
distributed with MongoDB Enterprise.
New in version 3.0: Most MongoDB distributions now include support for SSL.
The mongo shell provides various mongo-shell-ssl settings, including:
• --ssl
• --sslPEMKeyFile with the name of the .pem file that contains the SSL certificate and key.
• --sslCAFile with the name of the .pem file that contains the certificate from the Certificate Authority (CA).
Changed in version 3.0: When running mongo with the --ssl option, you must include either --sslCAFile
or --sslAllowInvalidCertificates.
This restriction does not apply to the MongoDB tools. However, running the tools without -sslCAFile
creates the same vulnerability to invalid certificates.
Warning:
For SSL connections (--ssl) to mongod and mongos, if the mongo shell (or MongoDB tools (page 458)) runs without the --sslCAFile option (i.e. specifies the
--sslAllowInvalidCertificates instead), the mongo shell (or MongoDB tools (page 458)) will
not attempt to validate the server certificates. This creates a vulnerability to expired mongod and mongos
certificates as well as to foreign processes posing as valid mongod or mongos instances. Ensure that you
always specify the CA file to validate the server certificates in cases where intrusion is a possibility.
• --sslPEMKeyPassword option if the client certificate-key file is encrypted.
For a complete list of the mongo shell’s SSL settings, see mongo-shell-ssl.
Connect to MongoDB Instance with SSL Encryption To connect to a mongod or mongos instance that requires
only a SSL encryption mode (page 452), start mongo shell with --ssl and include the --sslCAFile to validate
the server certificates.
mongo --ssl --sslCAFile /etc/ssl/ca.pem

456

Chapter 9. Security

MongoDB Documentation, Release 3.2.5

Connect to MongoDB Instance that Requires Client Certificates To connect to a mongod or mongos that requires CA-signed client certificates (page 453), start the mongo shell with --ssl, the --sslPEMKeyFile option
to specify the signed certificate-key file, and the --sslCAFile to validate the server certificates.
mongo --ssl --sslPEMKeyFile /etc/ssl/client.pem --sslCAFile /etc/ssl/ca.pem

Changed in version 3.0: When running mongo with the --ssl option, you must include either --sslCAFile or
--sslAllowInvalidCertificates.
This restriction does not apply to the MongoDB tools. However, running the tools without -sslCAFile creates the
same vulnerability to invalid certificates.
Connect to MongoDB Instance that Validates when Presented with a Certificate To connect to a mongod or
mongos instance that only requires valid certificates when the client presents a certificate (page 454), start mongo
shell either:
• with the --ssl, --sslCAFile, and no certificate or
• with the --ssl, --sslCAFile, and a valid signed certificate.
Changed in version 3.0: When running mongo with the --ssl option, you must include either --sslCAFile or
--sslAllowInvalidCertificates.
This restriction does not apply to the MongoDB tools. However, running the tools without -sslCAFile creates the
same vulnerability to invalid certificates.
For example, if mongod is running with weak certificate validation, both of the following mongo shell clients can
connect to that mongod:
mongo --ssl --sslCAFile /etc/ssl/ca.pem
mongo --ssl --sslPEMKeyFile /etc/ssl/client.pem --sslCAFile /etc/ssl/ca.pem

Important: If the client presents a certificate, the certificate must be valid.

MongoDB Cloud Manager and Ops Manager Monitoring Agent The MongoDB Cloud Manager Monitoring
agent will also have to connect via SSL in order to gather its statistics. Because the agent already utilizes SSL for its
communications to the MongoDB Cloud Manager servers, this is just a matter of enabling SSL support in MongoDB
Cloud Manager itself on a per host basis. å See the MongoDB Cloud Manager documentation48 for more information
about SSL configuration.
For Ops Manager, see Ops Manager documentation49 .
MongoDB Drivers The MongoDB Drivers support for connection to SSL enabled MongoDB. See:
• C Driver50
• C++ Driver51
• C# Driver52
• Java Driver53
48 https://docs.cloud.mongodb.com/
49 https://docs.opsmanager.mongodb.com/current/
50 http://api.mongodb.org/c/current/advanced-connections.html
51 https://github.com/mongodb/mongo-cxx-driver/wiki/Configuring%20the%20Legacy%20Driver
52 http://mongodb.github.io/mongo-csharp-driver/2.0/reference/driver/ssl/
53 http://mongodb.github.io/mongo-java-driver/3.0/driver/reference/connecting/ssl/

9.4. Encryption

457

MongoDB Documentation, Release 3.2.5

• Node.js Driver54
• Perl Driver55
• PHP Driver56
• Python Driver57
• Ruby Driver58
• Scala Driver59
MongoDB Tools Changed in version 2.6.
Various MongoDB utility programs supports SSL. These tools include:
• mongodump
• mongoexport
• mongofiles
• mongoimport
• mongorestore
• mongostat
• mongotop
To use SSL connections with these tools, use the same SSL options as the mongo shell. See mongo Shell SSL
Configuration (page 456).
Upgrade a Cluster to Use TLS/SSL Changed in version 3.0: Most MongoDB distributions now include support
for TLS/SSL. See Configure mongod and mongos for TLS/SSL (page 451) and TLS/SSL Configuration for Clients
(page 455) for more information about TLS/SSL and MongoDB.
Important: A full description of TLS/SSL, PKI (Public Key Infrastructure) certificates, and Certificate Authority
is beyond the scope of this document. This page assumes prior knowledge of TLS/SSL as well as access to valid
certificates.
Changed in version 2.6.
The MongoDB server supports listening for both TLS/SSL encrypted and unencrypted connections on the same TCP
port. This allows upgrades of MongoDB clusters to use TLS/SSL encrypted connections.
To upgrade from a MongoDB cluster using no TLS/SSL encryption to one using only TLS/SSL encryption, use the
following rolling upgrade process:
1. For each node of a cluster, start the node with the option --sslMode set to allowSSL. The --sslMode
allowSSL setting allows the node to accept both TLS/SSL and non-TLS/non-SSL incoming connections. Its
connections to other servers do not use TLS/SSL. Include other TLS/SSL options (page 451) as well as any other
options that are required for your specific configuration. For example:
mongod --replSet --sslMode allowSSL --sslPEMKeyFile
PEMKeyFile:
CAFile:

Or, if using the older configuration file format60 :
sslMode =
sslPEMKeyFile =
sslCAFile =

2. Switch all clients to use TLS/SSL. See TLS/SSL Configuration for Clients (page 455).
3. For each node of a cluster, use the setParameter command to update the sslMode to preferSSL. 61
With preferSSL as its net.ssl.mode, the node accepts both TLS/SSL and non-TLS/non-SSL incoming
connections, and its connections to other servers use TLS/SSL. For example:
db.getSiblingDB('admin').runCommand( { setParameter: 1, sslMode: "preferSSL" } )

Upgrade all nodes of the cluster to these settings.
At this point, all connections should be using TLS/SSL.
4. For each node of the cluster, use the setParameter command to update the sslMode to requireSSL.
1
With requireSSL as its net.ssl.mode, the node will reject any non-TLS/non-SSL connections. For
example:
db.getSiblingDB('admin').runCommand( { setParameter: 1, sslMode: "requireSSL" } )

5. After the upgrade of all nodes, edit the configuration file with the appropriate TLS/SSL settings to
ensure that upon subsequent restarts, the cluster uses TLS/SSL.

On this page
Configure MongoDB for FIPS

•
•
•
•

Overview (page 459)
Prerequisites (page 460)
Considerations (page 460)
Procedure (page 460)

New in version 2.6.
Overview The Federal Information Processing Standard (FIPS) is a U.S. government computer security standard
used to certify software modules and libraries that encrypt and decrypt data securely. You can configure MongoDB to
run with a FIPS 140-2 certified library for OpenSSL. Configure FIPS to run by default or as needed from the command
line.
60 https://docs.mongodb.org/v2.4/reference/configuration-options
61

As an alternative to using the setParameter command, you can also restart the nodes with the appropriate TLS/SSL options and values.

9.4. Encryption

459

MongoDB Documentation, Release 3.2.5

Prerequisites
Important: A full description of FIPS and TLS/SSL is beyond the scope of this document. This tutorial assumes
prior knowledge of FIPS and TLS/SSL.
Only the MongoDB Enterprise62 version supports FIPS mode. See Install MongoDB Enterprise (page 49) to download
and install MongoDB Enterprise63 to use FIPS mode.
Your system must have an OpenSSL library configured with the FIPS 140-2 module. At the command line, type
openssl version to confirm your OpenSSL software includes FIPS support.
For Red Hat Enterprise Linux 6.x (RHEL 6.x) or its derivatives such as CentOS 6.x, the OpenSSL toolkit must be
at least openssl-1.0.1e-16.el6_5 to use FIPS mode. To upgrade the toolkit for these platforms, issue the
following command:
sudo yum update openssl

Some versions of Linux periodically execute a process to prelink dynamic libraries with pre-assigned addresses. This
process modifies the OpenSSL libraries, specifically libcrypto. The OpenSSL FIPS mode will subsequently fail
the signature check performed upon startup to ensure libcrypto has not been modified since compilation.
To configure the Linux prelink process to not prelink libcrypto:
sudo bash -c "echo '-b /usr/lib64/libcrypto.so.*' >>/etc/prelink.conf.d/openssl-prelink.conf"

Considerations FIPS is property of the encryption system and not the access control system. However, if your
environment requires FIPS compliant encryption and access control, you must ensure that the access control system
uses only FIPS-compliant encryption.
MongoDB’s FIPS support covers the way that MongoDB uses OpenSSL for network encryption and X509 authentication. If you use Kerberos or LDAP Proxy authentication, you muse ensure that these external mechanisms are
FIPS-compliant. MONGODB-CR authentication is not FIPS compliant.
Procedure
Configure MongoDB to use TLS/SSL
configuring OpenSSL.

See Configure mongod and mongos for TLS/SSL (page 451) for details about

Run mongod or mongos instance in FIPS mode Perform these steps after you Configure mongod and mongos
for TLS/SSL (page 451).
Step 1: Change configuration file. To configure your mongod or mongos instance to use FIPS mode, shut down
the instance and update the configuration file with the following setting:
net:
ssl:
FIPSMode: true
62 http://www.mongodb.com/products/mongodb-enterprise?jmp=docs
63 http://www.mongodb.com/products/mongodb-enterprise?jmp=docs

460

Chapter 9. Security

MongoDB Documentation, Release 3.2.5

Step 2: Start mongod or mongos instance with configuration file. For example, run this command to start the
mongod instance with its configuration file:
mongod --config /etc/mongod.conf

Confirm FIPS mode is running Check the server log file for a message FIPS is active:
FIPS 140-2 mode activated

Encryption At Rest

On this page
• Encrypted Storage Engine (page 461)
• Application Level Encryption (page 462)
Encryption at rest, when used in conjunction with transport encryption and good security policies that protect relevant
accounts, passwords, and encryption keys, can help ensure compliance with security and privacy standards, including
HIPAA, PCI-DSS, and FERPA.
Encrypted Storage Engine

New in version 3.2.
Enterprise Feature
Available in MongoDB Enterprise only.
Important: Available for the WiredTiger Storage Engine only.
MongoDB Enterprise 3.2 introduces a native encryption option for the WiredTiger storage engine. This feature allows
MongoDB to encrypt data files such that only parties with the decryption key can decode and read the data.
Encryption Process If encryption is enabled, the default encryption mode that MongoDB Enterprise uses is the
AES256-CBC (or 256-bit Advanced Encryption Standard in Cipher Block Chaining mode) via OpenSSL. AES-256
uses a symmetric key; i.e. the same key to encrypt and decrypt text. MongoDB Enterprise also supports authenticated encryption AES256-GCM (or 256-bit Advanced Encryption Standard in Galois/Counter Mode). FIPS mode
encryption is also available.
The data encryption includes:
• Generating a master key.
• Generating keys for each database.
• Encrypting data with the database keys.
• Encrypting the database keys with the master key.
The encryption occur transparently in the storage layer; i.e. all data files are fully encrypted from a filesystem perspective, and data only exists in an unencrypted state in memory and during transmission.
To encrypt all of MongoDB’s network traffic, you can use TLS/SSL (Transport Layer Security/Secure Sockets Layer).
See Configure mongod and mongos for TLS/SSL (page 451) and TLS/SSL Configuration for Clients (page 455).
9.4. Encryption

461

MongoDB Documentation, Release 3.2.5

Key Management
Important: Secure management of the encryption keys is critical.
The database keys are internal to the server and are only paged to disk in an encrypted format. MongoDB never pages
the master key to disk under any circumstances.
Only the master key is external to the server (i.e. kept separate from the data and the database keys), and requires
external management. To manage the master key, MongoDB’s encrypted storage engine supports two key management
options:
• Integration with a third party key management appliance via the Key Management Interoperability Protocol
(KMIP). Recommended
• Local key management via a keyfile.
To configure MongoDB for encryption and use one of the two key management options, see Configure Encryption
(page 462).
Encryption and Replication Encryption is not a part of replication:
• Master keys and database keys are not replicated, and
• Data is not natively encrypted over the wire.
Although you could reuse the same key for the nodes, MongoDB recommends the use of individual keys for each node
as well as the use of transport encryption.
For details, see Rotate Encryption Keys (page 465).
Application Level Encryption

Application Level Encryption provides encryption on a per-field or per-document basis within the application layer.
To encrypt document or field level data, write custom encryption and decryption routines or use a commercial solution.
For a list of MongoDB’s certified partners, refer to the Partners List64 . To view security partners, select “Security”
from the Technology filter, and “Certified” from the Certified filter.

On this page
Configure Encryption

• Overview (page 462)
• Key Manager (page 463)
• Local Key Management (page 464)

New in version 3.2.
Overview
Enterprise Feature
Available in MongoDB Enterprise only.
Important: Available for the WiredTiger Storage Engine Only.
64 https://www.mongodb.com/partners/list

462

Chapter 9. Security

MongoDB Documentation, Release 3.2.5

MongoDB Enterprise 3.2 introduces a native encryption option for the WiredTiger storage engine. With storage
encryption, the secure management of the encryption keys is critical.
Only the master key is external to the server and requires external management. To manage the master key, MongoDB’s
encrypted storage engine supports two key management options:
• Integration with a third party key management appliance via the Key Management Interoperability Protocol
(KMIP). Recommended
• Use of local key management via a keyfile.
The following tutorial outlines the procedures to configure MongoDB for encryption and key management.
Key Manager MongoDB Enterprise supports secure transfer of keys with compatible key management appliances.
Using a key manager allows for the keys to be stored in the key manager.
MongoDB Enterprise supports secure transfer of keys with Key Management Interoperability Protocol (KMIP) compliant key management appliances. Any appliance vendor that provides support for KMIP is expected to be compatible.
For a list of MongoDB’s certified partners, refer to the Partners List65 . To view security partners, select “Security”
from the Technology filter, and “Certified” from the Certified filter.
Recommended
Using a key manager meets regulatory key management guidelines, such as HIPAA, PCI-DSS, and FERPA, and is
recommended over the local key management.

Prerequisites
• Your key manager must support the KMIP communication protocol.
• To authenticate MongoDB to a KMIP server, you must have a valid certificate issued by the key management
appliance.
Encrypt Using a New Key
following options:

To create a new key, connect mongod to the key manager by starting mongod with the

• --enableEncryption,
• --kmipServerName ,
• --kmipServerCAFile , and
• --kmipClientCertificateFile .
Include any other options specific to your configuration.
mongod --enableEncryption --kmipServerName \
--kmipServerCAFile ca.pem --kmipClientCertificateFile client.pem

This operation creates a new master key in your key manager for use by the mongod to wrap the keys mongod
generates for each database.
To verify that the key creation and usage was successful, check the log file. If successful, the process will log the
following messages:
[initandlisten] Created KMIP key with id:
[initandlisten] Encryption key manager initialized using master key with id:
65 https://www.mongodb.com/partners/list

9.4. Encryption

463

MongoDB Documentation, Release 3.2.5

See also:
encryption-key-management-options
Encrypt Using an Existing Key You can use an existing master key created and managed by your KMIP. To use an
existing key, connect mongod to the key manager by starting mongod with the following options:
• --enableEncryption,
• --kmipServerName ,
• --kmipClientCertificateFile , and
• --kmipKeyIdentifier .
Include any other options specific to your configuration.
mongod --enableEncryption --kmipServerName \
--kmipServerCAFile ca.pem --kmipClientCertificateFile client.pem \
--kmipKeyIdentifier

Important:
If data is already encrypted with a key, you must specify that key’s for the
--kmipKeyIdentifier option. Otherwise, MongoDB will not start and log an error.
See also:
encryption-key-management-options
Local Key Management
Important: Using the keyfile method does not meet most regulatory key management guidelines and requires users
to securely manage their own keys.
The safe management of the keyfile is critical.
To encrypt using a keyfile, you must have a base64 encoded keyfile that contains a 16 or 32 character string. The
keyfile must only be accessible by the owner of the mongod process.
1. Create the base64 encoded keyfile with the 16 or 32 character string. You can generate the encoded keyfile using
any method you prefer. For example,
openssl rand -base64 32 > mongodb-keyfile

2. Update the file permissions.
chmod 600 mongodb-keyfile

3. To use the key file, start mongod with the following options:
• --enableEncryption,
• --encryptionKeyFile ,
mongod --enableEncryption --encryptionKeyFile

mongodb-keyfile

4. Verify if the encryption key manager successfully initialized with the keyfile. If the operation was successful,
the process will log the following message:
[initandlisten] Encryption key manager initialized with key file:

464

Chapter 9. Security

MongoDB Documentation, Release 3.2.5

See also:
encryption-key-management-options

On this page
Rotate Encryption Keys

• Rotate a Member of Replica Set (page 465)
• KMIP Master Key Rotation (page 465)

Most regulatory requirements mandate that a managed key used to decrypt sensitive data must be rotated out and
replaced with a new key once a year.
MongoDB provides two options for key rotation. You can rotate out the binary with a new instance that uses a new
key. Or, if you are using a KMIP server for key management, you can rotate the master key.
Rotate a Member of Replica Set For a replica set, to rotate out a member:
1. Start a new mongod instance, configured to use a new key. Include the --replSet option with the name of
the replica set as well as any other options specific to your configuration, such as --dbpath.
mongod --replSet myReplSet --enableEncryption --kmipServerName
\ --kmipServerCAFile ca.pem
--kmipClientCertificateFile client.pem

2. Connect a mongo shell to the replica set’s primary.
3. Add the instance to the replica set.
rs.add(":")

During the initial sync process, the re-encryption of the data with an entirely new set of database keys as well as
a new system key occurs.
4. Once the new node completes its initial sync process, remove the old node from the replica set and delete all its
data. For instructions, see Remove Members from Replica Set (page 682)
KMIP Master Key Rotation If you are using a KMIP server for key management, you can rotate the master key,
the only externally managed key. With the new master key, the internal keystore will be re-encrypted but the database
keys will be otherwise left unchanged. This obviates the need to re-encrypt the entire data set.
1. Rotate the master key for the secondary (page ??) members of the replica set one at a time.
(a) Restart the secondary, including the --kmipRotateMasterKey parameter. Include any other options
specific to your configuration. If the member already includes the --kmipKeyIdentifier option,
either update the --kmipKeyIdentifier option with the new key to use or omit to request a new key
from the KMIP server:
mongod --enableEncryption --kmipRotateMasterKey \
--kmipServerName \
--kmipServerCAFile ca.pem --kmipClientCertificateFile client.pem

If using a configuration file, include the security.kmip.rotateMasterKey.
(b) Upon successful completion of the master key rotation and re-encryption of the database keystore, the
mongod will exit.

9.4. Encryption

465

MongoDB Documentation, Release 3.2.5

(c) Restart the secondary without the --kmipRotateMasterKey parameter. Include any other options
specific to your configuration.
mongod --enableEncryption --kmipServerName \
--kmipServerCAFile ca.pem --kmipClientCertificateFile client.pem

If using a configuration file, remove the security.kmip.rotateMasterKey setting.
2. Step down the replica set primary.
Connect a mongo shell to the primary and use rs.stepDown() to step down the primary and force an election
of a new primary:
rs.stepDown()

3. When rs.status() shows that the primary has stepped down and another member has assumed PRIMARY
state, rotate the master key for the stepped down member:
(a) Restart the stepped-down member, including the --kmipRotateMasterKey parameter. Include any other options specific to your configuration.
If the member already includes the
--kmipKeyIdentifier option, either update the --kmipKeyIdentifier option with the new
key to use or omit.
mongod --enableEncryption --kmipRotateMasterKey \
--kmipServerName \
--kmipServerCAFile ca.pem --kmipClientCertificateFile client.pem

If using a configuration file, include the security.kmip.rotateMasterKey.
(b) Upon successful completion of the master key rotation and re-encryption of the database keystore, the
mongod will exit.
(c) Restart the stepped-down member without the --kmipRotateMasterKey parameter. Include any
other options specific to your configuration.
mongod --enableEncryption --kmipServerName \
--kmipServerCAFile ca.pem --kmipClientCertificateFile client.pem

If using a configuration file, remove the security.kmip.rotateMasterKey setting.

9.5 Auditing
On this page
• Enable and Configure Audit Output (page 466)
• Audit Events and Filter (page 467)
• Audit Guarantee (page 467)
New in version 2.6.
MongoDB Enterprise includes an auditing capability for mongod and mongos instances. The auditing facility allows
administrators and users to track system activity for deployments with multiple users and applications.

9.5.1 Enable and Configure Audit Output
The auditing facility can write audit events to the console, the syslog, a JSON file, or a BSON file. To enable auditing
for MongoDB Enterprise, see Configure Auditing (page 467).
466

Chapter 9. Security

MongoDB Documentation, Release 3.2.5

For information on the audit log messages, see System Event Audit Messages (page 506).

9.5.2 Audit Events and Filter
Once enabled, the auditing system can record the following operations:
• schema (DDL),
• replica set and sharded cluster,
• authentication and authorization, and
• CRUD operations (requires auditAuthorizationSuccess set to true).
For details on audited actions, see Audit Event Actions, Details, and Results (page 506).
With the auditing system, you can set up filters (page 469) to restrict the events captured. To set up filters, see Configure
Audit Filters (page 469).

9.5.3 Audit Guarantee
The auditing system writes every audit event 66 to an in-memory buffer of audit events. MongoDB writes this buffer to
disk periodically. For events collected from any single connection, the events have a total order: if MongoDB writes
one event to disk, the system guarantees that it has written all prior events for that connection to disk.
If an audit event entry corresponds to an operation that affects the durable state of the database, such as a modification
to data, MongoDB will always write the audit event to disk before writing to the journal for that entry.
That is, before adding an operation to the journal, MongoDB writes all audit events on the connection that triggered
the operation, up to and including the entry for the operation.
These auditing guarantees require that MongoDB run with journaling enabled.
Warning: MongoDB may lose events if the server terminates before it commits the events to the audit log.
The client may receive confirmation of the event before MongoDB commits to the audit log. For example, while
auditing an aggregation operation, the server might crash after returning the result but before the audit log flushes.

Configure Auditing

On this page
• Enable and Configure Audit Output (page 468)
New in version 2.6.
MongoDB Enterprise67 supports auditing (page 466) of various operations. A complete auditing solution must involve
all mongod server and mongos router processes.
The audit facility can write audit events to the console, the syslog (option is unavailable on Windows), a JSON file,
or a BSON file. For details on the audited operations and the audit log messages, see System Event Audit Messages
(page 506).
66

Audit configuration can include a filter (page 469) to limit events to audit.

67 https://www.mongodb.com/products/mongodb-enterprise-advanced?jmp=docs

9.5. Auditing

467

MongoDB Documentation, Release 3.2.5

Enable and Configure Audit Output

Use the --auditDestination option to enable auditing and specify where to output the audit events.
Warning: For sharded clusters, if you enable auditing on mongos instances, you must enable auditing on all
mongod instances in the cluster, i.e. shards and config servers.

Output to Syslog To enable auditing and print audit events to the syslog (option is unavailable on Windows) in
JSON format, specify syslog for the --auditDestination setting. For example:
mongod --dbpath data/db --auditDestination syslog

Warning: The syslog message limit can result in the truncation of the audit messages. The auditing system will
neither detect the truncation nor error upon its occurrence.
You may also specify these options in the configuration file:
storage:
dbPath: data/db
auditLog:
destination: syslog

Output to Console To enable auditing and print the audit events to standard output (i.e. stdout), specify
console for the --auditDestination setting. For example:
mongod --dbpath data/db --auditDestination console

You may also specify these options in the configuration file:
storage:
dbPath: data/db
auditLog:
destination: console

Output to JSON File To enable auditing and print audit events to a file in JSON format, specify file
for the --auditDestination setting, JSON for the --auditFormat setting, and the output filename for
the --auditPath. The --auditPath option accepts either full path name or relative path name. For
example, the following enables auditing and records audit events to a file with the relative path name of
data/db/auditLog.json:
mongod --dbpath data/db --auditDestination file --auditFormat JSON --auditPath data/db/auditLog.json

The audit file rotates at the same time as the server log file.
You may also specify these options in the configuration file:
storage:
dbPath: data/db
auditLog:
destination: file
format: JSON
path: data/db/auditLog.json

468

Chapter 9. Security

MongoDB Documentation, Release 3.2.5

Note: Printing audit events to a file in JSON format degrades server performance more than printing to a file in BSON
format.

Output to BSON File To enable auditing and print audit events to a file in BSON binary format, specify file
for the --auditDestination setting, BSON for the --auditFormat setting, and the output filename for
the --auditPath. The --auditPath option accepts either full path name or relative path name. For example, the following enables auditing and records audit events to a BSON file with the relative path name of
data/db/auditLog.bson:
mongod --dbpath data/db --auditDestination file --auditFormat BSON --auditPath data/db/auditLog.bson

To view the contents of the file, pass the file to the MongoDB utility bsondump. For example, the following converts
the audit log into a human-readable form and output to the terminal:
bsondump data/db/auditLog.bson

See also:
Configure Audit Filters (page 469), Auditing (page 466), System Event Audit Messages (page 506)
Configure Audit Filters

On this page
• --auditFilter Option (page 469)
• Examples (page 470)
MongoDB Enterprise68 supports auditing (page 466) of various operations. When enabled (page 467), the audit
facility, by default, records all auditable operations as detailed in Audit Event Actions, Details, and Results (page 506).
To specify which events to record, the audit feature includes the --auditFilter option.
--auditFilter Option

The --auditFilter option takes a string representation of a query document of the form:
{ : , ... }

• The can be any field in the audit message (page 506), including fields returned in the param
(page 506) document.
• The is a query condition expression.
68 https://www.mongodb.com/products/mongodb-enterprise-advanced?jmp=docs

9.5. Auditing

469

MongoDB Documentation, Release 3.2.5

To specify an audit filter, enclose the filter document in single quotes to pass the document as a string.
To specify the audit filter in a configuration file, you must use the YAML format of the configuration file.
Examples

Filter for Multiple Operation Types The following example audits only the createCollection (page 501)
and dropCollection (page 501) actions by using the filter:
{ atype: { $in: [ "createCollection", "dropCollection" ] } }

To specify an audit filter, enclose the filter document in single quotes to pass the document as a string.
mongod --dbpath data/db --auditDestination file --auditFilter '{ atype: { $in: [ "createCollection",

To specify the audit filter in a configuration file, you must use the YAML format of the configuration file.
storage:
dbPath: data/db
auditLog:
destination: file
format: BSON
path: data/db/auditLog.bson
filter: '{ atype: { $in: [ "createCollection", "dropCollection" ] } }'

Filter on Authentication Operations on a Single Database The can include any field in the audit
message (page 506). For authentication operations (i.e. atype: "authenticate"), the audit messages include
a db field in the param document.
The following example audits only the authenticate operations that occur against the test database by using
the filter:
{ atype: "authenticate", "param.db": "test" }

To specify an audit filter, enclose the filter document in single quotes to pass the document as a string.

mongod --dbpath data/db --auth --auditDestination file --auditFilter '{ atype: "authenticate", "param

To specify the audit filter in a configuration file, you must use the YAML format of the configuration file.
storage:
dbPath: data/db
security:
authorization: enabled
auditLog:
destination: file
format: BSON
path: data/db/auditLog.bson
filter: '{ atype: "authenticate", "param.db": "test" }'

To filter on all authenticate operations across databases, use the filter { atype:

"authenticate" }.

Filter on Collection Creation and Drop Operations for a Single Database The can include any field in
the audit message (page 506). For collection creation and drop operations (i.e. atype: "createCollection"
and atype: "dropCollection"), the audit messages include a namespace ns field in the param document.
The following example audits only the createCollection and dropCollection operations that occur against
the test database by using the filter:
470

Chapter 9. Security

MongoDB Documentation, Release 3.2.5

Note: The regular expression requires two backslashes (\\) to escape the dot (.).
{ atype: { $in: [ "createCollection", "dropCollection" ] }, "param.ns": /^test\\./ } }

To specify an audit filter, enclose the filter document in single quotes to pass the document as a string.

mongod --dbpath data/db --auth --auditDestination file --auditFilter '{ atype: { $in: [ "createCollec

Filter by Authorization Role The following example audits operations by users with readWrite (page 486) role
on the test database, including users with roles that inherit from readWrite (page 486), by using the filter:
{ roles: { role: "readWrite", db: "test" } }

To specify an audit filter, enclose the filter document in single quotes to pass the document as a string.

mongod --dbpath data/db --auth --auditDestination file --auditFilter '{ roles: { role: "readWrite", d

Filter on Read and Write Operations To capture read and write operations in the audit, you must also enable
the audit system to log authorization successes using the auditAuthorizationSuccess parameter. 69
Note: Enabling auditAuthorizationSuccess degrades performance more than logging only the authorization
failures.
The following example audits the find(),
findAndModify() operations by using the filter:

insert(),

remove(),

update(),

save(),

and

{ atype: "authCheck", "param.command": { $in: [ "find", "insert", "delete", "update", "findandmodify"

To specify an audit filter, enclose the filter document in single quotes to pass the document as a string.
69 You can enable auditAuthorizationSuccess parameter without enabling --auth; however, all operations will return success for
authorization checks.

9.5. Auditing

471

MongoDB Documentation, Release 3.2.5

mongod --dbpath data/db --auth --setParameter auditAuthorizationSuccess=true --auditDestination file

To specify the audit filter in a configuration file, you must use the YAML format of the configuration file.

storage:
dbPath: data/db
security:
authorization: enabled
auditLog:
destination: file
format: BSON
path: data/db/auditLog.bson
filter: '{ atype: "authCheck", "param.command": { $in: [ "find", "insert", "delete", "update", "fi
setParameter: { auditAuthorizationSuccess: true }

Filter on Read and Write Operations for a Collection To capture read and write operations in the audit,
you must also enable the audit system to log authorization successes using the auditAuthorizationSuccess
parameter. 1
Note: Enabling auditAuthorizationSuccess degrades performance more than logging only the authorization
failures.
The following example audits the find(), insert(), remove(), update(), save(),
findAndModify() operations for the collection orders in the database test by using the filter:

and

{ atype: "authCheck", "param.ns": "test.orders", "param.command": { $in: [ "find", "insert", "delete"

To specify an audit filter, enclose the filter document in single quotes to pass the document as a string.
mongod --dbpath data/db --auth --setParameter auditAuthorizationSuccess=true --auditDestination file

To specify the audit filter in a configuration file, you must use the YAML format of the configuration file.

storage:
dbPath: data/db
security:
authorization: enabled
auditLog:
destination: file
format: BSON
path: data/db/auditLog.bson
filter: '{ atype: "authCheck", "param.ns": "test.orders", "param.command": { $in: [ "find", "inser
setParameter: { auditAuthorizationSuccess: true }

See also:
Configure Auditing (page 467), Auditing (page 466), System Event Audit Messages (page 506)

9.6 Security Hardening
On this page
• MongoDB Configuration Hardening (page 473)
• Network Hardening (page 473)

472

Chapter 9. Security

MongoDB Documentation, Release 3.2.5

To reduce the risk exposure of the entire MongoDB system, ensure that only trusted hosts have access to MongoDB.

9.6.1 MongoDB Configuration Hardening
For MongoDB, ensure that HTTP status interface and the REST API are disabled in production to prevent potential
data exposure to attackers.
Deprecated since version 3.2: HTTP interface for MongoDB
For more information, see MongoDB Configuration Hardening (page 473).

9.6.2 Network Hardening
To restrict exposure to MongoDB, configure firewalls to control access to MongoDB systems. Use of VPNs can also
provide a secure tunnel.
For more information, see Hardening Network Infrastructure (page 474).
MongoDB Configuration Hardening

On this page
• HTTP Status Interface (page 473)
• REST API (page 474)
• bind_ip (page 474)

HTTP Status Interface

Warning: Ensure that the HTTP status interface, the REST API, and the JSON API are all disabled in production
environments to prevent potential data exposure and vulnerability to attackers.
Deprecated since version 3.2: HTTP interface for MongoDB
Changed in version 2.6: The mongod and mongos instances run with the HTTP interface disabled by default. See
net.http.enabled setting.
The HTTP status interface provides a web-based interface that includes a variety of operational data, logs, and status
reports regarding the mongod or mongos instance. The HTTP status interface is disabled by default and is not
recommended for production use.
The net.http.enabled setting enables HTTP status interface.
When enabled without the
net.http.RESTInterfaceEnabled setting, the HTTP interface is entirely read-only and limited in
scope.
The HTTP interface uses the port that is 1000 greater than the primary mongod port. By default, the HTTP interface
port is 28017, but is indirectly set using the net.port option which allows you to configure the primary mongod
port.
The HTTP status interface does not include support for authentication other than MONGODB-CR.
While MongoDB Enterprise does support Kerberos authentication, Kerberos is not supported in HTTP status interface
in any version of MongoDB.

9.6. Security Hardening

473

MongoDB Documentation, Release 3.2.5

Changed in version 3.0: Neither the HTTP status interface nor the REST API support the SCRAM-SHA-1 (page 399)
challenge-response user authentication mechanism introduced in version 3.0.
Warning: If you enable the interface, you should only allow trusted clients to access this port. See Firewalls
(page 475).

REST API

Warning: Ensure that the HTTP status interface, the REST API, and the JSON API are all disabled in production
environments to prevent potential data exposure and vulnerability to attackers.
The REST API to MongoDB provides additional information and write access on top of the HTTP status interface.
While the REST API does not provide any support for insert, update, or remove operations, it does provide administrative access, and its accessibility represents a vulnerability in a secure environment.
Deprecated since version 3.2: HTTP interface for MongoDB
The REST interface is disabled by default and is not recommended for production use.
The net.http.RESTInterfaceEnabled setting for mongod enables a fully interactive administrative REST
interface, which is disabled by default. Enabling the REST API enables the HTTP interface, even if the HTTP interface
option is disabled, and makes the HTTP interface fully interactive.
The REST API does not include support for authentication other than MONGODB-CR.
Warning: If you enable the interface, you should only allow trusted clients to access this port. See Firewalls
(page 475).
Changed in version 3.0: Neither the HTTP status interface nor the REST API support the SCRAM-SHA-1 (page 399)
challenge-response user authentication mechanism introduced in version 3.0.
bind_ip

The net.bindIp setting (or the --bind_ip command line option) for mongod and mongos instances limits the
network interfaces on which MongoDB programs will listen for incoming connections.
Warning: Make sure that your mongod and mongos instances are only accessible on trusted networks. If your
system has more than one network interface, bind MongoDB programs to the private or internal network interface.
See also:
Firewalls (page 475), Security Considerations (page 292)
Hardening Network Infrastructure

On this page
• Firewalls (page 475)
• Virtual Private Networks (page 475)

474

Chapter 9. Security

MongoDB Documentation, Release 3.2.5

Firewalls

Firewalls allow administrators to filter and control access to a system by providing granular control over network
communications. For administrators of MongoDB, the following capabilities are important: limiting incoming traffic
on a specific port to specific systems and limiting incoming traffic from untrusted hosts.
On Linux systems, the iptables interface provides access to the underlying netfilter firewall. On Windows
systems, netsh command line interface provides access to the underlying Windows Firewall. For additional information about firewall configuration, see:
• Configure Linux iptables Firewall for MongoDB (page 475) and
• Configure Windows netsh Firewall for MongoDB (page 479).
For best results and to minimize overall exposure, ensure that only traffic from trusted sources can reach mongod and
mongos instances and that the mongod and mongos instances can only connect to trusted outputs.
See also:
For MongoDB deployments on Amazon’s web services, see the Amazon EC270 page, which addresses Amazon’s
Security Groups and other EC2-specific security features.
Virtual Private Networks

Virtual private networks, or VPNs, make it possible to link two networks over an encrypted and limited-access trusted
network. Typically, MongoDB users who use VPNs use TLS/SSL rather than IPSEC VPNs for performance issues.
Depending on configuration and implementation, VPNs provide for certificate validation and a choice of encryption
protocols, which requires a rigorous level of authentication and identification of all clients. Furthermore, because
VPNs provide a secure tunnel, by using a VPN connection to control access to your MongoDB instance, you can
prevent tampering and “man-in-the-middle” attacks.

On this page
Configure Linux iptables Firewall for MongoDB

•
•
•
•

Overview (page 476)
Patterns (page 476)
Change Default Policy to DROP (page 478)
Manage and Maintain iptables Configuration (page 478)

On contemporary Linux systems, the iptables program provides methods for managing the Linux Kernel’s
netfilter or network packet filtering capabilities. These firewall rules make it possible for administrators to
control what hosts can connect to the system, and limit risk exposure by limiting the hosts that can connect to a
system.
This document outlines basic firewall configurations for iptables firewalls on Linux. Use these approaches as a
starting point for your larger networking organization. For a detailed overview of security practices and risk management for MongoDB, see Security (page 391).
See also:
For MongoDB deployments on Amazon’s web services, see the Amazon EC271 page, which addresses Amazon’s
Security Groups and other EC2-specific security features.
70 https://docs.mongodb.org/ecosystem/platforms/amazon-ec2
71 https://docs.mongodb.org/ecosystem/platforms/amazon-ec2

9.6. Security Hardening

475

MongoDB Documentation, Release 3.2.5

Overview Rules in iptables configurations fall into chains, which describe the process for filtering and processing specific streams of traffic. Chains have an order, and packets must pass through earlier rules in a chain to reach
later rules. This document addresses only the following two chains:
INPUT Controls all incoming traffic.
OUTPUT Controls all outgoing traffic.
Given the default ports of all MongoDB processes, you must configure networking rules that permit only required communication between your application and the appropriate mongod and mongos instances.
Be aware that, by default, the default policy of iptables is to allow all connections and traffic unless explicitly
disabled. The configuration changes outlined in this document will create rules that explicitly allow traffic from
specific addresses and on specific ports, using a default policy that drops all traffic that is not explicitly allowed. When
you have properly configured your iptables rules to allow only the traffic that you want to permit, you can Change
Default Policy to DROP (page 478).
Patterns This section contains a number of patterns and examples for configuring iptables for use with MongoDB deployments. If you have configured different ports using the port configuration setting, you will need to
modify the rules accordingly.
Traffic to and from mongod Instances This pattern is applicable to all mongod instances running as standalone
instances or as part of a replica set.
The goal of this pattern is to explicitly allow traffic to the mongod instance from the application server. In the
following examples, replace with the IP address of the application server:

iptables -A INPUT -s -p tcp --destination-port 27017 -m state --state NEW,ESTABLISHED -j
iptables -A OUTPUT -d -p tcp --source-port 27017 -m state --state ESTABLISHED -j ACCEPT

The first rule allows all incoming traffic from on port 27017, which allows the application server to
connect to the mongod instance. The second rule, allows outgoing traffic from the mongod to reach the application
server.
Optional
If you have only one application server, you can replace with either the IP address itself, such as:
198.51.100.55. You can also express this using CIDR notation as 198.51.100.55/32. If you want to permit
a larger block of possible IP addresses you can allow traffic from a /24 using one of the following specifications for
the , as follows:
10.10.10.10/24
10.10.10.10/255.255.255.0

Traffic to and from mongos Instances mongos instances provide query routing for sharded clusters. Clients
connect to mongos instances, which behave from the client’s perspective as mongod instances. In turn, the mongos
connects to all mongod instances that are components of the sharded cluster.
Use the same iptables command to allow traffic to and from these instances as you would from the mongod
instances that are members of the replica set. Take the configuration outlined in the Traffic to and from mongod
Instances (page 476) section as an example.
Traffic to and from a MongoDB Config Server Config servers, host the config database that stores metadata
for sharded clusters. Each production cluster has three config servers, initiated using the mongod --configsvr

476

Chapter 9. Security

MongoDB Documentation, Release 3.2.5

option. 72 Config servers listen for connections on port 27019. As a result, add the following iptables rules to the
config server to allow incoming and outgoing connection on port 27019, for connection to the other config servers.

iptables -A INPUT -s -p tcp --destination-port 27019 -m state --state NEW,ESTABLISHED -j
iptables -A OUTPUT -d -p tcp --source-port 27019 -m state --state ESTABLISHED -j ACCEPT

Replace with the address or address space of all the mongod that provide config servers.
Additionally, config servers need to allow incoming connections from all of the mongos instances in the cluster and
all mongod instances in the cluster. Add rules that resemble the following:

iptables -A INPUT -s -p tcp --destination-port 27019 -m state --state NEW,ESTABLISHED -j

Replace with the address of the mongos instances and the shard mongod instances.
Traffic to and from a MongoDB Shard Server For shard servers, running as mongod --shardsvr 73 Because
the default port number is 27018 when running with the shardsvr value for the clusterRole setting, you must
configure the following iptables rules to allow traffic to and from each shard:

iptables -A INPUT -s -p tcp --destination-port 27018 -m state --state NEW,ESTABLISHED -j
iptables -A OUTPUT -d -p tcp --source-port 27018 -m state --state ESTABLISHED -j ACCEPT

Replace the specification with the IP address of all mongod. This allows you to permit incoming
and outgoing traffic between all shards including constituent replica set members, to:
• all mongod instances in the shard’s replica sets.
• all mongod instances in other shards.

Furthermore, shards need to be able make outgoing connections to:
• all mongod instances in the config servers.
Create a rule that resembles the following, and replace the with the address of the config servers
and the mongos instances:
iptables -A OUTPUT -d -p tcp --source-port 27018 -m state --state ESTABLISHED -j ACCEPT

Provide Access For Monitoring Systems
1. The mongostat diagnostic tool, when running with the --discover needs to be able to reach all components of a cluster, including the config servers, the shard servers, and the mongos instances.
2. If your monitoring system needs access the HTTP interface, insert the following rule to the chain:

iptables -A INPUT -s -p tcp --destination-port 28017 -m state --state NEW,ESTABLISH

Replace with the address of the instance that needs access to the HTTP or REST interface.
For all deployments, you should restrict access to this port to only the monitoring instance.
Optional
For config server mongod instances running with the shardsvr value for the clusterRole setting, the
rule would resemble the following:
72

You also can run a config server by using the configsvr value for the clusterRole setting in a configuration file.
You can also specify the shard server option with the shardsvr value for the clusterRole setting in the configuration file. Shard members
are also often conventional replica sets using the default port.
74 All shards in a cluster need to be able to communicate with all other shards to facilitate chunk and balancing operations.
73

9.6. Security Hardening

477

MongoDB Documentation, Release 3.2.5

iptables -A INPUT -s -p tcp --destination-port 28018 -m state --state NEW,ESTABLISH

For config server mongod instances running with the configsvr value for the clusterRole setting, the
rule would resemble the following:

iptables -A INPUT -s -p tcp --destination-port 28019 -m state --state NEW,ESTABLISH

Change Default Policy to DROP The default policy for iptables chains is to allow all traffic. After completing
all iptables configuration changes, you must change the default policy to DROP so that all traffic that isn’t explicitly
allowed as above will not be able to reach components of the MongoDB deployment. Issue the following commands
to change this policy:
iptables -P INPUT DROP
iptables -P OUTPUT DROP

Manage and Maintain iptables Configuration This section contains a number of basic operations for managing
and using iptables. There are various front end tools that automate some aspects of iptables configuration, but
at the core all iptables front ends provide the same basic functionality:
Make all iptables Rules Persistent By default all iptables rules are only stored in memory. When your
system restarts, your firewall rules will revert to their defaults. When you have tested a rule set and have guaranteed
that it effectively controls traffic you can use the following operations to you should make the rule set persistent.
On Red Hat Enterprise Linux, Fedora Linux, and related distributions you can issue the following command:
service iptables save

On Debian, Ubuntu, and related distributions, you can use the following command to dump the iptables rules to
the /etc/iptables.conf file:
iptables-save > /etc/iptables.conf

Run the following operation to restore the network rules:
iptables-restore < /etc/iptables.conf

Place this command in your rc.local file, or in the /etc/network/if-up.d/iptables file with other
similar operations.
List all iptables Rules To list all of currently applied iptables rules, use the following operation at the system
shell.
iptables -L

Flush all iptables Rules If you make a configuration mistake when entering iptables rules or simply need to
revert to the default rule set, you can use the following operation at the system shell to flush all rules:
iptables -F

If you’ve already made your iptables rules persistent, you will need to repeat the appropriate procedure in the
Make all iptables Rules Persistent (page 478) section.

478

Chapter 9. Security

MongoDB Documentation, Release 3.2.5

On this page
Configure Windows netsh Firewall for MongoDB

• Overview (page 479)
• Patterns (page 479)
• Manage and Maintain Windows Firewall Configurations (page 481)

On Windows Server systems, the netsh program provides methods for managing the Windows Firewall. These
firewall rules make it possible for administrators to control what hosts can connect to the system, and limit risk
exposure by limiting the hosts that can connect to a system.
This document outlines basic Windows Firewall configurations. Use these approaches as a starting point for your
larger networking organization. For a detailed over view of security practices and risk management for MongoDB, see
Security (page 391).
See also:
Windows Firewall75 documentation from Microsoft.
Overview Windows Firewall processes rules in an ordered determined by rule type, and parsed in the following
order:
1. Windows Service Hardening
2. Connection security rules
3. Authenticated Bypass Rules
4. Block Rules
5. Allow Rules
6. Default Rules
By default, the policy in Windows Firewall allows all outbound connections and blocks all incoming connections.
Given the default ports of all MongoDB processes, you must configure networking rules that permit only required communication between your application and the appropriate mongod.exe and mongos.exe instances.
The configuration changes outlined in this document will create rules which explicitly allow traffic from specific
addresses and on specific ports, using a default policy that drops all traffic that is not explicitly allowed.
You can configure the Windows Firewall with using the netsh command line tool or through a windows application.
On Windows Server 2008 this application is Windows Firewall With Advanced Security in Administrative Tools. On
previous versions of Windows Server, access the Windows Firewall application in the System and Security control
panel.
The procedures in this document use the netsh command line tool.
Patterns This section contains a number of patterns and examples for configuring Windows Firewall for use with
MongoDB deployments. If you have configured different ports using the port configuration setting, you will need to
modify the rules accordingly.
Traffic to and from mongod.exe Instances This pattern is applicable to all mongod.exe instances running as
standalone instances or as part of a replica set. The goal of this pattern is to explicitly allow traffic to the mongod.exe
instance from the application server.
75 http://technet.microsoft.com/en-us/network/bb545423.aspx

9.6. Security Hardening

479

MongoDB Documentation, Release 3.2.5

netsh advfirewall firewall add rule name="Open mongod port 27017" dir=in action=allow protocol=TCP lo

This rule allows all incoming traffic to port 27017, which allows the application server to connect to the
mongod.exe instance.
Windows Firewall also allows enabling network access for an entire application rather than to a specific port, as in the
following example:

netsh advfirewall firewall add rule name="Allowing mongod" dir=in action=allow program=" C:\mongodb\b

You can allow all access for a mongos.exe server, with the following invocation:

netsh advfirewall firewall add rule name="Allowing mongos" dir=in action=allow program=" C:\mongodb\b

Traffic to and from mongos.exe Instances mongos.exe instances provide query routing for sharded clusters.
Clients connect to mongos.exe instances, which behave from the client’s perspective as mongod.exe instances.
In turn, the mongos.exe connects to all mongod.exe instances that are components of the sharded cluster.
Use the same Windows Firewall command to allow traffic to and from these instances as you would from the
mongod.exe instances that are members of the replica set.

netsh advfirewall firewall add rule name="Open mongod shard port 27018" dir=in action=allow protocol=

Traffic to and from a MongoDB Config Server Configuration servers, host the config database that stores metadata for sharded clusters. Each production cluster has three configuration servers, initiated using the mongod
--configsvr option. 76 Configuration servers listen for connections on port 27019. As a result, add the following Windows Firewall rules to the config server to allow incoming and outgoing connection on port 27019, for
connection to the other config servers.

netsh advfirewall firewall add rule name="Open mongod config svr port 27019" dir=in action=allow prot

Additionally, config servers need to allow incoming connections from all of the mongos.exe instances in the cluster
and all mongod.exe instances in the cluster. Add rules that resemble the following:

netsh advfirewall firewall add rule name="Open mongod config svr inbound" dir=in action=allow protoco

Replace with the addresses of the mongos.exe instances and the shard mongod.exe instances.
Traffic to and from a MongoDB Shard Server For shard servers, running as mongod --shardsvr 77 Because
the default port number is 27018 when running with the shardsvr value for the clusterRole setting, you must
configure the following Windows Firewall rules to allow traffic to and from each shard:

netsh advfirewall firewall add rule name="Open mongod shardsvr inbound" dir=in action=allow protocol=
netsh advfirewall firewall add rule name="Open mongod shardsvr outbound" dir=out action=allow protoco

Replace the specification with the IP address of all mongod.exe instances. This allows you to
permit incoming and outgoing traffic between all shards including constituent replica set members to:
• all mongod.exe instances in the shard’s replica sets.
• all mongod.exe instances in other shards.

Furthermore, shards need to be able make outgoing connections to:
76

You also can run a config server by using the configsrv value for the clusterRole setting in a configuration file.
You can also specify the shard server option with the shardsvr value for the clusterRole setting in the configuration file. Shard members
are also often conventional replica sets using the default port.
78 All shards in a cluster need to be able to communicate with all other shards to facilitate chunk and balancing operations.
77

480

Chapter 9. Security

MongoDB Documentation, Release 3.2.5

• all mongos.exe instances.
• all mongod.exe instances in the config servers.
Create a rule that resembles the following, and replace the with the address of the config servers
and the mongos.exe instances:

netsh advfirewall firewall add rule name="Open mongod config svr outbound" dir=out action=allow proto

Provide Access For Monitoring Systems
1. The mongostat diagnostic tool, when running with the --discover needs to be able to reach all components of a cluster, including the config servers, the shard servers, and the mongos.exe instances.
2. If your monitoring system needs access the HTTP interface, insert the following rule to the chain:

netsh advfirewall firewall add rule name="Open mongod HTTP monitoring inbound" dir=in action=all

netsh advfirewall firewall add rule name="Open mongos HTTP monitoring inbound" dir=in action=all

For config server mongod instances running with the configsvr value for the clusterRole setting, the
rule would resemble the following:
netsh advfirewall firewall add rule name="Open mongod configsvr HTTP monitoring inbound" dir=in

Manage and Maintain Windows Firewall Configurations This section contains a number of basic operations for
managing and using netsh. While you can use the GUI front ends to manage the Windows Firewall, all core functionality is accessible is accessible from netsh.
Delete all Windows Firewall Rules To delete the firewall rule allowing mongod.exe traffic:
netsh advfirewall firewall delete rule name="Open mongod port 27017" protocol=tcp localport=27017

netsh advfirewall firewall delete rule name="Open mongod shard port 27018" protocol=tcp localport=270

List All Windows Firewall Rules To return a list of all Windows Firewall rules:
netsh advfirewall firewall show rule name=all

Reset Windows Firewall

To reset the Windows Firewall rules:

netsh advfirewall reset

9.6. Security Hardening

481

MongoDB Documentation, Release 3.2.5

Backup and Restore Windows Firewall Rules To simplify administration of larger collection of systems, you can
export or import firewall systems from different servers) rules very easily on Windows:
Export all firewall rules with the following command:
netsh advfirewall export "C:\temp\MongoDBfw.wfw"

Replace "C:\temp\MongoDBfw.wfw" with a path of your choosing. You can use a command in the following
form to import a file created using this operation:
netsh advfirewall import "C:\temp\MongoDBfw.wfw"

9.7 Implement Field Level Redaction
On this page
• Procedure (page 483)
The $redact pipeline operator restricts the contents of the documents based on information stored in the documents
themselves.

To store the access criteria data, add a field to the documents and embedded documents. To allow for multiple combinations of access levels for the same data, consider setting the access field to an array of arrays. Each array element
contains a required set that allows a user with that set to access the data.
Then, include the $redact stage in the db.collection.aggregate() operation to restrict contents of the
result set based on the access required to view the data.
482

Chapter 9. Security

MongoDB Documentation, Release 3.2.5

For more information on the $redact pipeline operator, including its syntax and associated system variables as well
as additional examples, see $redact.

9.7.1 Procedure
For example, a forecasts collection contains documents of the following form where the tags field determines
the access levels required to view the data:
{
_id: 1,
title: "123 Department Report",
tags: [ [ "G" ], [ "FDW" ] ],
year: 2014,
subsections: [
{
subtitle: "Section 1: Overview",
tags: [ [ "SI", "G" ], [ "FDW" ] ],
content: "Section 1: This is the content of section 1."
},
{
subtitle: "Section 2: Analysis",
tags: [ [ "STLW" ] ],
content: "Section 2: This is the content of section 2."
},
{
subtitle: "Section 3: Budgeting",
tags: [ [ "TK" ], [ "FDW", "TGE" ] ],
content: {
text: "Section 3: This is the content of section3.",
tags: [ [ "HCS"], [ "FDW", "TGE", "BX" ] ]
}
}
]
}

For each document, the tags field contains various access groupings necessary to view the data. For example, the
value [ [ "G" ], [ "FDW", "TGE" ] ] can specify that a user requires either access level ["G"] or both [
"FDW", "TGE" ] to view the data.
Consider a user who only has access to view information tagged with either "FDW" or "TGE". To run a query on all
documents with year 2014 for this user, include a $redact stage as in the following:
var userAccess = [ "FDW", "TGE" ];
db.forecasts.aggregate(
[
{ $match: { year: 2014 } },
{ $redact:
{
$cond: {
if: { $anyElementTrue:
{
$map: {
input: "$tags" ,
as: "fieldTag",
in: { $setIsSubset: [ "$$fieldTag", userAccess ] }
}
}
},

9.7. Implement Field Level Redaction

483

MongoDB Documentation, Release 3.2.5

then: "$$DESCEND",
else: "$$PRUNE"
}
}
}
]
)

The aggregation operation returns the following “redacted” document for the user:
{ "_id" : 1,
"title" : "123 Department Report",
"tags" : [ [ "G" ], [ "FDW" ] ],
"year" : 2014,
"subsections" :
[
{
"subtitle" : "Section 1: Overview",
"tags" : [ [ "SI", "G" ], [ "FDW" ] ],
"content" : "Section 1: This is the content of section 1."
},
{
"subtitle" : "Section 3: Budgeting",
"tags" : [ [ "TK" ], [ "FDW", "TGE" ] ]
}
]
}

See also:
$map, $setIsSubset, $anyElementTrue

9.8 Security Reference
On this page
• Security Methods in the mongo Shell (page 485)
• Security Reference Documentation (page 485)
The following lists the security related methods available in the mongo shell as well as additional security reference
material (page 485).

484

Chapter 9. Security

MongoDB Documentation, Release 3.2.5

9.8.1 Security Methods in the mongo Shell
User Management and Authentication Methods
Name
db.auth()
db.createUser()
db.updateUser()
db.changeUserPassword()
db.removeUser()
db.dropAllUsers()
db.dropUser()
db.grantRolesToUser()
db.revokeRolesFromUser()
db.getUser()
db.getUsers()

Description
Authenticates a user to a database.
Creates a new user.
Updates user data.
Changes an existing user’s password.
Deprecated. Removes a user from a database.
Deletes all users associated with a database.
Removes a single user.
Grants a role and its privileges to a user.
Removes a role from a user.
Returns information about the specified user.
Returns information about all users associated with a database.

Role Management Methods
Name
db.createRole()
db.updateRole()
db.dropRole()
db.dropAllRoles()
db.grantPrivilegesToRole()
db.revokePrivilegesFromRole()
db.grantRolesToRole()
db.revokeRolesFromRole()
db.getRole()
db.getRoles()

Description
Creates a role and specifies its privileges.
Updates a user-defined role.
Deletes a user-defined role.
Deletes all user-defined roles associated with a database.
Assigns privileges to a user-defined role.
Removes the specified privileges from a user-defined role.
Specifies roles from which a user-defined role inherits privileges.
Removes inherited roles from a role.
Returns information for the specified role.
Returns information for all the user-defined roles in a database.

9.8.2 Security Reference Documentation
Built-In Roles (page 485) Reference on MongoDB provided roles and corresponding access.
system.roles Collection (page 494) Describes the content of the collection that stores user-defined roles.
system.users Collection (page 497) Describes the content of the collection that stores users’ credentials and role assignments.
Resource Document (page 498) Describes the resource document for roles.
Privilege Actions (page 500) List of the actions available for privileges.
System Event Audit Messages (page 506) Reference on system event audit messages.
Built-In Roles

9.8. Security Reference

485

MongoDB Documentation, Release 3.2.5

On this page
•
•
•
•
•
•
•

Database User Roles (page 486)
Database Administration Roles (page 487)
Cluster Administration Roles (page 488)
Backup and Restoration Roles (page 491)
All-Database Roles (page 493)
Superuser Roles (page 493)
Internal Role (page 494)

MongoDB grants access to data and commands through role-based authorization (page 434) and provides built-in
roles that provide the different levels of access commonly needed in a database system. You can additionally create
user-defined roles (page 440).
A role grants privileges to perform sets of actions (page 500) on defined resources (page 498). A given role applies to
the database on which it is defined and can grant access down to a collection level of granularity.
Each of MongoDB’s built-in roles defines access at the database level for all non-system collections in the role’s
database and at the collection level for all system collections (page 376).
MongoDB provides the built-in database user (page 486) and database administration (page 487) roles on every
database. MongoDB provides all other built-in roles only on the admin database.
This section describes the privileges for each built-in role. You can also view the privileges for a built-in role at any
time by issuing the rolesInfo command with the showPrivileges and showBuiltinRoles fields both set
to true.
Database User Roles

Every database includes the following client roles:
read
Provides the ability to read data on all non-system collections and on the following system collections:
system.indexes (page 377), system.js (page 377), and system.namespaces (page 377) collections. The role provides read access by granting the following actions (page 500):
•collStats (page 505)
•dbHash (page 505)
•dbStats (page 505)
•find (page 501)
•killCursors (page 502)
•listIndexes (page 505)
•listCollections (page 505)
readWrite
Provides all the privileges of the read (page 486) role plus ability to modify data on all non-system collections
and the system.js (page 377) collection. The role provides the following actions on those collections:
•collStats (page 505)
•convertToCapped (page 504)
•createCollection (page 501)

486

Chapter 9. Security

MongoDB Documentation, Release 3.2.5

•dbHash (page 505)
•dbStats (page 505)
•dropCollection (page 501)
•createIndex (page 501)
•dropIndex (page 504)
•emptycapped (page 502)
•find (page 501)
•insert (page 501)
•killCursors (page 502)
•listIndexes (page 505)
•listCollections (page 505)
•remove (page 501)
•renameCollectionSameDB (page 504)
•update (page 501)
Database Administration Roles

Every database includes the following database administration roles:
dbAdmin
Provides the following actions (page 500) on the database’s system.indexes (page 377),
system.namespaces (page 377), and system.profile (page 377) collections:
•collStats (page 505)
•dbHash (page 505)
•dbStats (page 505)
•find (page 501)
•killCursors (page 502)
•listIndexes (page 505)
•listCollections (page 505)
•dropCollection (page 501) and createCollection (page 501) on system.profile
(page 377) only
Changed in version 2.6.4: dbAdmin (page 487) added the createCollection (page 501) for the
system.profile (page 377) collection. Previous versions only had the dropCollection (page 501)
on the system.profile (page 377) collection.
Provides the following actions on all non-system collections. This role does not include full read access on
non-system collections:
•bypassDocumentValidation (page 501)
•collMod (page 504)
•collStats (page 505)
•compact (page 504)

9.8. Security Reference

487

MongoDB Documentation, Release 3.2.5

•convertToCapped (page 504)
•createCollection (page 501)
•createIndex (page 501)
•dbStats (page 505)
•dropCollection (page 501)
•dropDatabase (page 504)
•dropIndex (page 504)
•enableProfiler (page 502)
•indexStats (page 505)
•reIndex (page 504)
•renameCollectionSameDB (page 504)
•repairDatabase (page 504)
•storageDetails (page 502)
•validate (page 505)
dbOwner
The database owner can perform any administrative action on the database. This role combines the privileges
granted by the readWrite (page 486), dbAdmin (page 487) and userAdmin (page 488) roles.
userAdmin
Provides the ability to create and modify roles and users on the current database. This role also indirectly
provides superuser (page 493) access to either the database or, if scoped to the admin database, the cluster.
The userAdmin (page 488) role allows users to grant any user any privilege, including themselves.
The userAdmin (page 488) role explicitly provides the following actions:
•changeCustomData (page 501)
•changePassword (page 501)
•createRole (page 501)
•createUser (page 501)
•dropRole (page 501)
•dropUser (page 502)
•grantRole (page 502)
•revokeRole (page 502)
•viewRole (page 502)
•viewUser (page 502)
Cluster Administration Roles

The admin database includes the following roles for administering the whole system rather than just a single database.
These roles include but are not limited to replica set and sharded cluster administrative functions.

488

Chapter 9. Security

MongoDB Documentation, Release 3.2.5

clusterAdmin
Provides the greatest cluster-management access. This role combines the privileges granted by the
clusterManager (page 489), clusterMonitor (page 490), and hostManager (page 490) roles. Additionally, the role provides the dropDatabase (page 504) action.
clusterManager
Provides management and monitoring actions on the cluster. A user with this role can access the config and
local databases, which are used in sharding and replication, respectively.
Provides the following actions on the cluster as a whole:
•addShard (page 503)
•applicationMessage (page 504)
•cleanupOrphaned (page 502)
•flushRouterConfig (page 503)
•listShards (page 503)
•removeShard (page 503)
•replSetConfigure (page 503)
•replSetGetStatus (page 503)
•replSetStateChange (page 503)
•resync (page 503)
Provides the following actions on all databases in the cluster:
•enableSharding (page 503)
•moveChunk (page 503)
•splitChunk (page 503)
•splitVector (page 503)
On the config database, provides the following actions on the settings (page 828) collection:
•insert (page 501)
•remove (page 501)
•update (page 501)
On the config database, provides the following actions on all configuration collections and on the
system.indexes (page 377), system.js (page 377), and system.namespaces (page 377) collections:
•collStats (page 505)
•dbHash (page 505)
•dbStats (page 505)
•find (page 501)
•killCursors (page 502)
On the local database, provides the following actions on the replset (page 724) collection:
•collStats (page 505)
•dbHash (page 505)

9.8. Security Reference

489

MongoDB Documentation, Release 3.2.5

•dbStats (page 505)
•find (page 501)
•killCursors (page 502)
clusterMonitor
Provides read-only access to monitoring tools, such as the MongoDB Cloud Manager79 and Ops Manager80
monitoring agent.
Provides the following actions on the cluster as a whole:
•connPoolStats (page 505)
•cursorInfo (page 505)
•getCmdLineOpts (page 505)
•getLog (page 505)
•getParameter (page 504)
•getShardMap (page 503)
•hostInfo (page 504)
•inprog (page 502)
•listDatabases (page 505)
•listShards (page 503)
•netstat (page 505)
•replSetGetStatus (page 503)
•serverStatus (page 505)
•shardingState (page 503)
•top (page 505)
Provides the following actions on all databases in the cluster:
•collStats (page 505)
•dbStats (page 505)
•getShardVersion (page 503)
Provides the find (page 501) action on all system.profile (page 377) collections in the cluster.
Provides the following actions on the config database’s configuration collections and system.indexes
(page 377), system.js (page 377), and system.namespaces (page 377) collections:
•collStats (page 505)
•dbHash (page 505)
•dbStats (page 505)
•find (page 501)
•killCursors (page 502)
79 https://cloud.mongodb.com/?jmp=docs
80 https://docs.opsmanager.mongodb.com/current/

490

Chapter 9. Security

MongoDB Documentation, Release 3.2.5

hostManager
Provides the ability to monitor and manage servers.
Provides the following actions on the cluster as a whole:
•applicationMessage (page 504)
•closeAllDatabases (page 504)
•connPoolSync (page 504)
•cpuProfiler (page 502)
•diagLogging (page 505)
•flushRouterConfig (page 503)
•fsync (page 504)
•invalidateUserCache (page 502)
•killop (page 502)
•logRotate (page 504)
•resync (page 503)
•setParameter (page 504)
•shutdown (page 504)
•touch (page 504)
•unlock (page 502)
Provides the following actions on all databases in the cluster:
•killCursors (page 502)
•repairDatabase (page 504)
Backup and Restoration Roles

The admin database includes the following roles for backing up and restoring data:
backup
Provides minimal privileges needed for backing up data. This role provides sufficient privileges to use the
MongoDB Cloud Manager81 backup agent, Ops Manager82 backup agent, or to use mongodump to back up an
entire mongod instance.
Provides the following actions (page 500) on the mms.backup collection in the admin database:
•insert (page 501)
•update (page 501)
Provides the listDatabases (page 505) action on the cluster as a whole.
Provides the listCollections (page 505) action on all databases.
Provides the listIndexes (page 505) action for all collections.
Provides the bypassDocumentValidation (page 501) action for collections that have document validation (page 250).
81 https://cloud.mongodb.com/?jmp=docs
82 https://docs.opsmanager.mongodb.com/current/

9.8. Security Reference

491

MongoDB Documentation, Release 3.2.5

Provides the find (page 501) action on the following:
•all non-system collections in the cluster
•all the following system collections in the cluster:
system.indexes
system.namespaces (page 377), and system.js (page 377)

(page

377),

•the admin.system.users (page 377) and admin.system.roles (page 377) collections
•legacy system.users collections from versions of MongoDB prior to 2.6
Changed in version 3.2.1: The backup (page 491) role provides additional privileges to back up the
system.profile (page 377) collections that exist when running with database profiling (page 312). Previously, users required an additional read access on this collection.
restore
Provides privileges needed to restore data from backups that do not include system.profile (page 377) collection data. This role is sufficient when restoring data with mongorestore without the --oplogReplay
option.
•If the backup data includes system.profile (page 377) collection data and the target database does not
contain the system.profile (page 377) collection, mongorestore attempts to create the collection
even though the program does not actually restore system.profile documents. As such, the user
requires additional privileges to perform createCollection (page 501) and convertToCapped
(page 504) actions on the system.profile (page 377) collection for a database.
The built-in roles dbAdmin (page 487) and dbAdminAnyDatabase (page 493) provide the additional
privileges.
•If running mongorestore with --oplogReplay, the restore (page 492) role is insufficient to
replay the oplog. To replay the oplog, create a user-defined role (page 442) that has anyAction
(page 505) on anyResource (page 500) and grant only to users who must run mongorestore with
--oplogReplay.
Provides the following actions on all non-system collections and system.js (page 377) collections in the
cluster; on the admin.system.users (page 377) and admin.system.roles (page 377) collections in
the admin database; and on legacy system.users collections from versions of MongoDB prior to 2.6:
•collMod (page 504)
•createCollection (page 501)
•createIndex (page 501)
•dropCollection (page 501)
•insert (page 501)
Provides the listCollections (page 505) action on all databases.
Provides the following additional actions on admin.system.users (page 377) and legacy
system.users collections:
•find (page 501)
•remove (page 501)
•update (page 501)
Provides the find (page 501) action on all the system.namespaces (page 377) collections in the cluster.
Although, restore (page 492) includes the ability to modify the documents in the admin.system.users
(page 377) collection using normal modification operations, only modify these data using the user management
methods.

492

Chapter 9. Security

MongoDB Documentation, Release 3.2.5

All-Database Roles

The admin database provides the following roles that apply to all databases in a mongod instance and are roughly
equivalent to their single-database equivalents:
readAnyDatabase
Provides the same read-only permissions as read (page 486), except it applies to all databases in the cluster.
The role also provides the listDatabases (page 505) action on the cluster as a whole.
readWriteAnyDatabase
Provides the same read and write permissions as readWrite (page 486), except it applies to all databases in
the cluster. The role also provides the listDatabases (page 505) action on the cluster as a whole.
userAdminAnyDatabase
Provides the same access to user administration operations as userAdmin (page 488), except it applies to all
databases in the cluster. The role also provides the following actions on the cluster as a whole:
•authSchemaUpgrade (page 502)
•invalidateUserCache (page 502)
•listDatabases (page 505)
The role also provides the following actions on the admin.system.users (page 377) and
admin.system.roles (page 377) collections on the admin database, and on legacy system.users
collections from versions of MongoDB prior to 2.6:
•collStats (page 505)
•dbHash (page 505)
•dbStats (page 505)
•find (page 501)
•killCursors (page 502)
•planCacheRead (page 502)
Changed in version 2.6.4: userAdminAnyDatabase (page 493) added the following permissions on the
admin.system.users (page 377) and admin.system.roles (page 377) collections:
•createIndex (page 501)
•dropIndex (page 504)
The userAdminAnyDatabase (page 493) role does not restrict the permissions that a user can grant. As
a result, userAdminAnyDatabase (page 493) users can grant themselves privileges in excess of their current privileges and even can grant themselves all privileges, even though the role does not explicitly authorize
privileges beyond user administration. This role is effectively a MongoDB system superuser (page 493).
dbAdminAnyDatabase
Provides the same access to database administration operations as dbAdmin (page 487), except it applies to
all databases in the cluster. The role also provides the listDatabases (page 505) action on the cluster as a
whole.
Superuser Roles

Several roles provide either indirect or direct system-wide superuser access.
The following roles provide the ability to assign any user any privilege on any database, which means that users with
one of these roles can assign themselves any privilege on any database:

9.8. Security Reference

493

MongoDB Documentation, Release 3.2.5

• dbOwner (page 488) role, when scoped to the admin database
• userAdmin (page 488) role, when scoped to the admin database
• userAdminAnyDatabase (page 493) role
The following role provides full privileges on all resources:
root
Provides access to the operations and all the resources of the readWriteAnyDatabase (page 493),
dbAdminAnyDatabase (page 493), userAdminAnyDatabase (page 493), clusterAdmin (page 488)
roles, restore (page 492) combined.
Changed in version 3.0.7: The root (page 494) has validate (page 505) action on system. collections.
Previously, root (page 494) does not include any access to collections that begin with the system. prefix.
The root (page 494) role includes privileges from the restore (page 492) role.
Internal Role

__system
MongoDB assigns this role to user objects that represent cluster members, such as replica set members and
mongos instances. The role entitles its holder to take any action against any object in the database.
Do not assign this role to user objects representing applications or human administrators, other than in exceptional circumstances.
If you need access to all actions on all resources, for example to run applyOps commands, do not assign
this role. Instead, create a user-defined role (page 442) that grants anyAction (page 505) on anyResource
(page 500) and ensure that only the users who need access to these operations have this access.
system.roles Collection
New in version 2.6.
On this page
• system.roles Schema (page 494)
• Examples (page 496)
The system.roles collection in the admin database stores the user-defined roles. To create and manage these
user-defined roles, MongoDB provides role management commands.
system.roles Schema

The documents in the system.roles collection have the following schema:
{
_id: ,
role: "",
db: "",
privileges:
[
{
resource: { },
actions: [ "", ... ]

494

Chapter 9. Security

MongoDB Documentation, Release 3.2.5

},
...
],
roles:
[
{ role: "", db: "" },
...
]
}

A system.roles document has the following fields:
admin.system.roles.role
The role (page 495) field is a string that specifies the name of the role.
admin.system.roles.db
The db (page 495) field is a string that specifies the database to which the role belongs. MongoDB uniquely
identifies each role by the pairing of its name (i.e. role (page 495)) and its database.
admin.system.roles.privileges
The privileges (page 495) array contains the privilege documents that define the privileges (page 434) for
the role.
A privilege document has the following syntax:
{
resource: { },
actions: [ "", ... ]
}

Each privilege document has the following fields:
admin.system.roles.privileges[n].resource
A document that specifies the resources upon which the privilege actions (page 495) apply. The document has one of the following form:
{ db: , collection: }

or
{ cluster : true }

See Resource Document (page 498) for more details.
admin.system.roles.privileges[n].actions
An array of actions permitted on the resource. For a list of actions, see Privilege Actions (page 500).
admin.system.roles.roles
The roles (page 495) array contains role documents that specify the roles from which this role inherits
(page 434) privileges.
A role document has the following syntax:
{ role: "", db: "" }

A role document has the following fields:
admin.system.roles.roles[n].role
The name of the role. A role can be a built-in role (page 485) provided by MongoDB or a user-defined
role (page 440).

9.8. Security Reference

495

MongoDB Documentation, Release 3.2.5

admin.system.roles.roles[n].db
The name of the database where the role is defined.
Examples

Consider the following sample documents found in system.roles collection of the admin database.
A User-Defined Role Specifies Privileges The following is a sample document for a user-defined role appUser
defined for the myApp database:
{
_id: "myApp.appUser",
role: "appUser",
db: "myApp",
privileges: [
{ resource: { db: "myApp" , collection: "" },
actions: [ "find", "createCollection", "dbStats", "collStats" ] },
{ resource: { db: "myApp", collection: "logs" },
actions: [ "insert" ] },
{ resource: { db: "myApp", collection: "data" },
actions: [ "insert", "update", "remove", "compact" ] },
{ resource: { db: "myApp", collection: "system.js" },
actions: [ "find" ] },
],
roles: []
}

The privileges array lists the five privileges that the appUser role specifies:
• The first privilege permits its actions ( "find", "createCollection", "dbStats", "collStats") on
all the collections in the myApp database excluding its system collections. See Specify a Database as Resource
(page 499).
• The next two privileges permits additional actions on specific collections, logs and data, in the myApp
database. See Specify a Collection of a Database as Resource (page 499).
• The last privilege permits actions on one system collections (page 376) in the myApp database. While the first
privilege gives database-wide permission for the find action, the action does not apply to myApp‘s system
collections. To give access to a system collection, a privilege must explicitly specify the collection. See Resource
Document (page 498).
As indicated by the empty roles array, appUser inherits no additional privileges from other roles.
User-Defined Role Inherits from Other Roles The following is a sample document for a user-defined role
appAdmin defined for the myApp database: The document shows that the appAdmin role specifies privileges
as well as inherits privileges from other roles:
{
_id: "myApp.appAdmin",
role: "appAdmin",
db: "myApp",
privileges: [
{
resource: { db: "myApp", collection: "" },
actions: [ "insert", "dbStats", "collStats", "compact", "repairDatabase" ]
}
],

496

Chapter 9. Security

MongoDB Documentation, Release 3.2.5

roles: [
{ role: "appUser", db: "myApp" }
]
}

The privileges array lists the privileges that the appAdmin role specifies. This role has a single privilege that
permits its actions ( "insert", "dbStats", "collStats", "compact", "repairDatabase") on all the
collections in the myApp database excluding its system collections. See Specify a Database as Resource (page 499).
The roles array lists the roles, identified by the role names and databases, from which the role appAdmin inherits
privileges.
system.users Collection
Changed in version 2.6.
On this page
• system.users Schema (page 497)
• Example (page 498)
The system.users collection in the admin database stores user authentication (page 393) and authorization
(page 433) information. To manage data in this collection, MongoDB provides user management commands.
system.users Schema

The documents in the system.users collection have the following schema:
{
_id: ,
user: "",
db: "",
credentials: { },
roles: [
{ role: "", db: "" },
...
],
customData:
}

Each system.users document has the following fields:
admin.system.users.user
The user (page 497) field is a string that identifies the user. A user exists in the context of a single logical
database but can have access to other databases through roles specified in the roles (page 497) array.
admin.system.users.db
The db (page 497) field specifies the database associated with the user. The user’s privileges are not necessarily
limited to this database. The user can have privileges in additional databases through the roles (page 497)
array.
admin.system.users.credentials
The credentials (page 497) field contains the user’s authentication information. For users with externally
stored authentication credentials, such as users that use Kerberos (page 409) or x.509 certificates for authentication, the system.users document for that user does not contain the credentials (page 497) field.

9.8. Security Reference

497

MongoDB Documentation, Release 3.2.5

admin.system.users.roles
The roles (page 497) array contains role documents that specify the roles granted to the user. The array
contains both built-in roles (page 485) and user-defined role (page 440).
A role document has the following syntax:
{ role: "", db: "" }

A role document has the following fields:
admin.system.users.roles[n].role
The name of a role. A role can be a built-in role (page 485) provided by MongoDB or a custom user-defined
role (page 440).
admin.system.users.roles[n].db
The name of the database where role is defined.
When specifying a role using the role management or user management commands, you can specify the role
name alone (e.g. "readWrite") if the role that exists on the database on which the command is run.
admin.system.users.customData
The customData (page 498) field contains optional custom information about the user.
Example

Changed in version 3.0.0.
Consider the following document in the system.users collection:
{
_id : "home.Kari",
user : "Kari",
db : "home",
credentials : {
"SCRAM-SHA-1" : {
"iterationCount" : 10000,
"salt" : nkHYXEZTTYmn+hrY994y1Q==",
"storedKey" : "wxWGN3ElQ25WbPjACeXdUmN4nNo=",
"serverKey" : "h7vBq5tACT/BtrIElY2QTm+pQzM="
}
},
roles : [
{ role: "read", db: "home" },
{ role: "readWrite", db: "test" },
{ role: "appUser", db: "myApp" }
],
customData : { zipCode: "64157" }
}

The document shows that a user Kari is associated with the home database. Kari has the read (page 486) role
in the home database, the readWrite (page 486) role in the test database, and the appUser role in the myApp
database.
Resource Document

498

Chapter 9. Security

MongoDB Documentation, Release 3.2.5

On this page
• Database and/or Collection Resource (page 499)
• Cluster Resource (page 500)
• anyResource (page 500)
The resource document specifies the resources upon which a privilege permits actions.
Database and/or Collection Resource

To specify databases and/or collections, use the following syntax:
{ db: , collection: }

Specify a Collection of a Database as Resource If the resource document species both the db and collection
fields as non-empty strings, the resource is the specified collection in the specified database. For example, the following
document specifies a resource of the inventory collection in the products database:
{ db: "products", collection: "inventory" }

For a user-defined role scoped for a non-admin database, the resource specification for its privileges must specify the
same database as the role. User-defined roles scoped for the admin database can specify other databases.
Specify a Database as Resource If only the collection field is an empty string (""), the resource is the specified
database, excluding the system collections (page 376). For example, the following resource document specifies the
resource of the test database, excluding the system collections:
{ db: "test", collection: "" }

For a user-defined role scoped for a non-admin database, the resource specification for its privileges must specify the
same database as the role. User-defined roles scoped for the admin database can specify other databases.
Note: When you specify a database as the resource, system collections are excluded, unless you name them explicitly,
as in the following:
{ db: "test", collection: "system.js" }

System collections include but are not limited to the following:
• .system.profile (page 377)
• .system.js (page 377)
• system.users Collection (page 497) in the admin database
• system.roles Collection (page 494) in the admin database

Specify Collections Across Databases as Resource If only the db field is an empty string (""), the resource is all
collections with the specified name across all databases. For example, the following document specifies the resource
of all the accounts collections across all the databases:
{ db: "", collection: "accounts" }

For user-defined roles, only roles scoped for the admin database can have this resource specification for their privileges.
9.8. Security Reference

499

MongoDB Documentation, Release 3.2.5

Specify All Non-System Collections in All Databases If both the db and collection fields are empty strings
(""), the resource is all collections, excluding the system collections (page 376), in all the databases:
{ db: "", collection: "" }

For user-defined roles, only roles scoped for the admin database can have this resource specification for their privileges.
Cluster Resource

To specify the cluster as the resource, use the following syntax:
{ cluster : true }

Use the cluster resource for actions that affect the state of the system rather than act on specific set of databases
or collections. Examples of such actions are shutdown, replSetReconfig, and addShard. For example, the
following document grants the action shutdown on the cluster.
{ resource: { cluster : true }, actions: [ "shutdown" ] }

For user-defined roles, only roles scoped for the admin database can have this resource specification for their privileges.
anyResource

The internal resource anyResource gives access to every resource in the system and is intended for internal use.
Do not use this resource, other than in exceptional circumstances. The syntax for this resource is { anyResource:
true }.
Privilege Actions
New in version 2.6.
On this page
•
•
•
•
•
•
•
•

Query and Write Actions (page 501)
Database Management Actions (page 501)
Deployment Management Actions (page 502)
Replication Actions (page 503)
Sharding Actions (page 503)
Server Administration Actions (page 504)
Diagnostic Actions (page 505)
Internal Actions (page 505)

Privilege actions define the operations a user can perform on a resource (page 498). A MongoDB privilege (page 434)
comprises a resource (page 498) and the permitted actions. This page lists available actions grouped by common
purpose.
MongoDB provides built-in roles with pre-defined pairings of resources and permitted actions. For lists of the actions
granted, see Built-In Roles (page 485). To define custom roles, see Create a User-Defined Role (page 442).

500

Chapter 9. Security

MongoDB Documentation, Release 3.2.5

Query and Write Actions

find
User can perform the db.collection.find() method. Apply this action to database or collection resources.
insert
User can perform the insert command. Apply this action to database or collection resources.
remove
User can perform the db.collection.remove() method. Apply this action to database or collection
resources.
update
User can perform the update command. Apply this action to database or collection resources.
bypassDocumentValidation
New in version 3.2.
User can bypass document validation on commands that support the bypassDocumentValidation option.
For a list of commands that support the bypassDocumentValidation option, see Document Validation
(page 890). Apply this action to database or collection resources.
Database Management Actions

changeCustomData
User can change the custom information of any user in the given database. Apply this action to database
resources.
changeOwnCustomData
Users can change their own custom information. Apply this action to database resources. See also Change Your
Password and Custom Data (page 447).
changeOwnPassword
Users can change their own passwords. Apply this action to database resources. See also Change Your Password
and Custom Data (page 447).
changePassword
User can change the password of any user in the given database. Apply this action to database resources.
createCollection
User can perform the db.createCollection() method. Apply this action to database or collection resources.
createIndex
Provides access to the db.collection.createIndex() method and the createIndexes command.
Apply this action to database or collection resources.
createRole
User can create new roles in the given database. Apply this action to database resources.
createUser
User can create new users in the given database. Apply this action to database resources.
dropCollection
User can perform the db.collection.drop() method. Apply this action to database or collection resources.
dropRole
User can delete any role from the given database. Apply this action to database resources.
9.8. Security Reference

501

MongoDB Documentation, Release 3.2.5

dropUser
User can remove any user from the given database. Apply this action to database resources.
emptycapped
User can perform the emptycapped command. Apply this action to database or collection resources.
enableProfiler
User can perform the db.setProfilingLevel() method. Apply this action to database resources.
grantRole
User can grant any role in the database to any user from any database in the system. Apply this action to database
resources.
killCursors
User can kill cursors on the target collection.
revokeRole
User can remove any role from any user from any database in the system. Apply this action to database resources.
unlock
User can perform the db.fsyncUnlock() method. Apply this action to the cluster resource.
viewRole
User can view information about any role in the given database. Apply this action to database resources.
viewUser
User can view the information of any user in the given database. Apply this action to database resources.
Deployment Management Actions

authSchemaUpgrade
User can perform the authSchemaUpgrade command. Apply this action to the cluster resource.
cleanupOrphaned
User can perform the cleanupOrphaned command. Apply this action to the cluster resource.
cpuProfiler
User can enable and use the CPU profiler. Apply this action to the cluster resource.
inprog
User can use the db.currentOp() method to return pending and active operations. Apply this action to the
cluster resource.
invalidateUserCache
Provides access to the invalidateUserCache command. Apply this action to the cluster resource.
killop
User can perform the db.killOp() method. Apply this action to the cluster resource.
planCacheRead
User can perform the planCacheListPlans and planCacheListQueryShapes commands and the
PlanCache.getPlansByQuery() and PlanCache.listQueryShapes() methods. Apply this action to database or collection resources.
planCacheWrite
User can perform the planCacheClear command and the PlanCache.clear() and
PlanCache.clearPlansByQuery() methods. Apply this action to database or collection resources.
storageDetails
User can perform the storageDetails command. Apply this action to database or collection resources.

502

Chapter 9. Security

MongoDB Documentation, Release 3.2.5

Replication Actions

appendOplogNote
User can append notes to the oplog. Apply this action to the cluster resource.
replSetConfigure
User can configure a replica set. Apply this action to the cluster resource.
replSetGetStatus
User can perform the replSetGetStatus command. Apply this action to the cluster resource.
replSetHeartbeat
User can perform the replSetHeartbeat command. Apply this action to the cluster resource.
replSetStateChange
User can change the state of a replica set through the replSetFreeze, replSetMaintenance,
replSetStepDown, and replSetSyncFrom commands. Apply this action to the cluster resource.
resync
User can perform the resync command. Apply this action to the cluster resource.
Sharding Actions

addShard
User can perform the addShard command. Apply this action to the cluster resource.
enableSharding
User can enable sharding on a database using the enableSharding command and can shard a collection
using the shardCollection command. Apply this action to database or collection resources.
flushRouterConfig
User can perform the flushRouterConfig command. Apply this action to the cluster resource.
getShardMap
User can perform the getShardMap command. Apply this action to the cluster resource.
getShardVersion
User can perform the getShardVersion command. Apply this action to database resources.
listShards
User can perform the listShards command. Apply this action to the cluster resource.
moveChunk
User can perform the moveChunk command. In addition, user can perform the movePrimary command
provided that the privilege is applied to an appropriate database resource. Apply this action to database or
collection resources.
removeShard
User can perform the removeShard command. Apply this action to the cluster resource.
shardingState
User can perform the shardingState command. Apply this action to the cluster resource.
splitChunk
User can perform the splitChunk command. Apply this action to database or collection resources.
splitVector
User can perform the splitVector command. Apply this action to database or collection resources.

9.8. Security Reference

503

MongoDB Documentation, Release 3.2.5

Server Administration Actions

applicationMessage
User can perform the logApplicationMessage command. Apply this action to the cluster resource.
closeAllDatabases
User can perform the closeAllDatabases command. Apply this action to the cluster resource.
collMod
User can perform the collMod command. Apply this action to database or collection resources.
compact
User can perform the compact command. Apply this action to database or collection resources.
connPoolSync
User can perform the connPoolSync command. Apply this action to the cluster resource.
convertToCapped
User can perform the convertToCapped command. Apply this action to database or collection resources.
dropDatabase
User can perform the dropDatabase command. Apply this action to database resources.
dropIndex
User can perform the dropIndexes command. Apply this action to database or collection resources.
fsync
User can perform the fsync command. Apply this action to the cluster resource.
getParameter
User can perform the getParameter command. Apply this action to the cluster resource.
hostInfo
Provides information about the server the MongoDB instance runs on. Apply this action to the cluster
resource.
logRotate
User can perform the logRotate command. Apply this action to the cluster resource.
reIndex
User can perform the reIndex command. Apply this action to database or collection resources.
renameCollectionSameDB
Allows the user to rename collections on the current database using the renameCollection command.
Apply this action to database resources.
Additionally, the user must either have find (page 501) on the source collection or not have find (page 501)
on the destination collection.
If a collection with the new name already exists, the user must also have the dropCollection (page 501)
action on the destination collection.
repairDatabase
User can perform the repairDatabase command. Apply this action to database resources.
setParameter
User can perform the setParameter command. Apply this action to the cluster resource.
shutdown
User can perform the shutdown command. Apply this action to the cluster resource.
touch
User can perform the touch command. Apply this action to the cluster resource.

504

Chapter 9. Security

MongoDB Documentation, Release 3.2.5

Diagnostic Actions

collStats
User can perform the collStats command. Apply this action to database or collection resources.
connPoolStats
User can perform the connPoolStats and shardConnPoolStats commands. Apply this action to the
cluster resource.
cursorInfo
User can perform the cursorInfo command. Apply this action to the cluster resource.
dbHash
User can perform the dbHash command. Apply this action to database or collection resources.
dbStats
User can perform the dbStats command. Apply this action to database resources.
diagLogging
User can perform the diagLogging command. Apply this action to the cluster resource.
getCmdLineOpts
User can perform the getCmdLineOpts command. Apply this action to the cluster resource.
getLog
User can perform the getLog command. Apply this action to the cluster resource.
indexStats
User can perform the indexStats command. Apply this action to database or collection resources.
Changed in version 3.0: MongoDB 3.0 removes the indexStats command.
listDatabases
User can perform the listDatabases command. Apply this action to the cluster resource.
listCollections
User can perform the listCollections command. Apply this action to database resources.
listIndexes
User can perform the ListIndexes command. Apply this action to database or collection resources.
netstat
User can perform the netstat command. Apply this action to the cluster resource.
serverStatus
User can perform the serverStatus command. Apply this action to the cluster resource.
validate
User can perform the validate command. Apply this action to database or collection resources.
top
User can perform the top command. Apply this action to the cluster resource.
Internal Actions

anyAction
Allows any action on a resource. Do not assign this action except for exceptional circumstances.
internal
Allows internal actions. Do not assign this action except for exceptional circumstances.

9.8. Security Reference

505

MongoDB Documentation, Release 3.2.5

System Event Audit Messages

On this page
• Audit Message (page 506)
• Audit Event Actions, Details, and Results (page 506)

Note: Available only in MongoDB Enterprise83 .

Audit Message

The event auditing feature (page 466) can record events in JSON format. To configure auditing output, see Configure
Auditing (page 467)
The recorded JSON messages have the following syntax:
{
atype: ,
ts : { "$date": },
local: { ip: , port: },
remote: { ip: , port: },
users : [ { user: , db: }, ... ],
roles: [ { role: , db: }, ... ],
param: ,
result:
}

field string atype Action type. See Audit Event Actions, Details, and Results (page 506).
field document ts Document that contains the date and UTC time of the event, in ISO 8601 format.
field document local Document that contains the local ip address and the port number of the running
instance.
field document remote Document that contains the remote ip address and the port number of the
incoming connection associated with the event.
field array users Array of user identification documents. Because MongoDB allows a session to log in
with different user per database, this array can have more than one user. Each document contains a
user field for the username and a db field for the authentication database for that user.
field array roles Array of documents that specify the roles (page 433) granted to the user. Each document
contains a role field for the name of the role and a db field for the database associated with the
role.
field document param Specific details for the event. See Audit Event Actions, Details, and Results
(page 506).
field integer result Error code. See Audit Event Actions, Details, and Results (page 506).
Audit Event Actions, Details, and Results

The following table lists for each atype or action type, the associated param details and the result values, if any.
83 http://www.mongodb.com/products/mongodb-enterprise?jmp=docs

506

Chapter 9. Security

MongoDB Documentation, Release 3.2.5

atype
authenticate

param
{

result
0 - Success
18 - Authentication Failed

user: ,
db: ,
mechanism:
}
authCheck

0 - Success
13 - Unauthorized to perform the opcommand: ,
eration.
ns: .,
By default, the auditing system
args:
logs only the authorization fail}
ures.
To enable the system to
ns field is optional.
log authorization successes, use the
args field may be redacted.
auditAuthorizationSuccess
parameter. 84
0 - Success
{ ns: . }
{

createCollection (page 501)

0 - Success

createDatabase
{ ns: }
createIndex (page 501)

0 - Success
{
ns: .,
indexName: ,
indexSpec:
}
0 - Success

renameCollection
{

old: .,
new: .
}
dropCollection (page 501)

0 - Success
{ ns: . }

dropDatabase (page 504)

0 - Success
{ ns: }

dropIndex (page 504)

0 - Success
{
ns: .,
indexName:
}
Continued on next page

Enabling auditAuthorizationSuccess degrades performance more than logging only the authorization failures.

9.8. Security Reference

507

MongoDB Documentation, Release 3.2.5

atype
createUser (page 501)

dropUser (page 502)

Table 9.1 – continued from previous page
param
result
0 - Success
{
user: ,
db: ,
customData: ,
roles: [
{
role: ,
db:
},
...
]
}
The customData field is optional.
0 - Success
{
user: ,
db:
}
0 - Success

dropAllUsersFromDatabase
{ db: }

0 - Success

updateUser
{

user: ,
db: ,
passwordChanged: ,
customData: ,
roles: [
{
role: ,
db:
},
...
]
}
The customData field is optional.
0 - Success

grantRolesToUser
{
user: ,
db: ,
roles: [
{
role: ,
db:
},
...
]
}

Continued on next page

508

Chapter 9. Security

MongoDB Documentation, Release 3.2.5

atype
revokeRolesFromUser

Table 9.1 – continued from previous page
param
result
0 - Success
{
user: ,
db: ,
roles: [
{
role: ,
db:
},
...
]
}

createRole (page 501)

0 - Success
{
role: ,
db: ,
roles: [
{
role: ,
db:
},
...
],
privileges: [
{
resource: ,
actions: [ , ... ]
},
...
]
}
The roles and the privileges
fields are optional.
For details on the resource document,
see Resource Document (page 498).
For a list of actions, see Privilege Actions (page 500).
Continued on next page

9.8. Security Reference

509

MongoDB Documentation, Release 3.2.5

atype
updateRole

dropRole (page 501)

Table 9.1 – continued from previous page
param
result
0 - Success
{
role: ,
db: ,
roles: [
{
role: ,
db:
},
...
],
privileges: [
{
resource: ,
actions: [ , ... ]
},
...
]
}
The roles and the privileges
fields are optional.
For details on the resource document,
see Resource Document (page 498).
For a list of actions, see Privilege Actions (page 500).
0 - Success
{
role: ,
db:
}
0 - Success

dropAllRolesFromDatabase
{ db: }

0 - Success

grantRolesToRole
{
role: ,
db: ,
roles: [
{
role: ,
db:
},
...
]
}

Continued on next page

510

Chapter 9. Security

MongoDB Documentation, Release 3.2.5

atype
revokeRolesFromRole

Table 9.1 – continued from previous page
param
result
0 - Success
{
role: ,
db: ,
roles: [
{
role: ,
db:
},
...
]
}
0 - Success

grantPrivilegesToRole
{

role: ,
db: ,
privileges: [
{
resource: ,
actions: [ , ... ]
},
...
]
}
For details on the resource document,
see Resource Document (page 498).
For a list of actions, see Privilege Actions (page 500).
0 - Success

revokePrivilegesFromRole
{

9.8. Security Reference

511

MongoDB Documentation, Release 3.2.5

atype
replSetReconfig

enableSharding (page 503)

Table 9.1 – continued from previous page
param
result
0 - Success
{
old: ,
new:
}
Indicates membership change in the
replica set.
The old field is optional.
0 - Success
{ ns: }
0 - Success

shardCollection
{

ns: .,
key: ,
options: { unique: }
}
addShard (page 503)

0 - Success
{
shard: ,
connectionString: :,
maxSize:
}
When a shard is a replica set, the
connectionString includes the
replica set name and can include
other members of the replica set.

removeShard (page 503)

0 - Success
{ shard: }

shutdown (page 504)

0 - Success
{ }
Indicates commencement of database
shutdown.

applicationMessage
(page 504)

0 - Success
{ msg: }
See logApplicationMessage.

9.9 Create a Vulnerability Report
On this page
•
•
•
•
•

512

Create the Report in JIRA (page 513)
Information to Provide (page 513)
Send the Report via Email (page 513)
Evaluation of a Vulnerability Report (page 513)
Disclosure (page 513)

Chapter 9. Security

MongoDB Documentation, Release 3.2.5

If you believe you have discovered a vulnerability in MongoDB or have experienced a security incident related to
MongoDB, please report the issue to aid in its resolution.
To report an issue, we strongly suggest filing a ticket in the SECURITY85 project in JIRA. MongoDB, Inc responds to
vulnerability notifications within 48 hours.

9.9.1 Create the Report in JIRA
Submit a Ticket86 in the Security87 project on our JIRA. The ticket number will become the reference identification
for the issue for its lifetime. You can use this identifier for tracking purposes.

9.9.2 Information to Provide
All vulnerability reports should contain as much information as possible so MongoDB’s developers can move quickly
to resolve the issue. In particular, please include the following:
• The name of the product.
• Common Vulnerability information, if applicable, including:
• CVSS (Common Vulnerability Scoring System) Score.
• CVE (Common Vulnerability and Exposures) Identifier.
• Contact information, including an email address and/or phone number, if applicable.

9.9.3 Send the Report via Email
While JIRA is the preferred reporting method, you may also report vulnerabilities via email to security@mongodb.com88 .
You may encrypt email using MongoDB’s public key at https://docs.mongodb.org/10gen-security-gpg-key.asc.
MongoDB, Inc. responds to vulnerability reports sent via email with a response email that contains a reference number
for a JIRA ticket posted to the SECURITY89 project.

9.9.4 Evaluation of a Vulnerability Report
MongoDB, Inc. validates all submitted vulnerabilities and uses Jira to track all communications regarding a vulnerability, including requests for clarification or additional information. If needed, MongoDB representatives set up a
conference call to exchange information regarding the vulnerability.

9.9.5 Disclosure
MongoDB, Inc. requests that you do not publicly disclose any information regarding the vulnerability or exploit the
issue until it has had the opportunity to analyze the vulnerability, to respond to the notification, and to notify key users,
customers, and partners.
85 https://jira.mongodb.org/browse/SECURITY
86 https://jira.mongodb.org/secure/CreateIssue!default.jspa?project-field=%22Security%22
87 https://jira.mongodb.org/browse/SECURITY
88 security@mongodb.com
89 https://jira.mongodb.org/browse/SECURITY

9.9. Create a Vulnerability Report

513

MongoDB Documentation, Release 3.2.5

The amount of time required to validate a reported vulnerability depends on the complexity and severity of the issue.
MongoDB, Inc. takes all required vulnerabilities very seriously and will always ensure that there is a clear and open
channel of communication with the reporter.
After validating an issue, MongoDB, Inc. coordinates public disclosure of the issue with the reporter in a mutually
agreed timeframe and format. If required or requested, the reporter of a vulnerability will receive credit in the published
security bulletin.

9.10 Additional Resources
• Making HIPAA Compliant MongoDB Applications90
• Security Architecture White Paper91
• Webinar: Securing Your MongoDB Deployment92

90 https://www.mongodb.com/blog/post/making-hipaa-compliant-applications-mongodb?jmp=docs
91 https://www.mongodb.com/lp/white-paper/mongodb-security-architecture?jmp=docs
92 http://www.mongodb.com/presentations/webinar-securing-your-mongodb-deployment?jmp=docs

514

Chapter 9. Security

CHAPTER 10

Indexes

On this page
•
•
•
•
•
•
•
•
•
•

Default _id Index (page 515)
Create an Index (page 516)
Index Types (page 516)
Index Properties (page 518)
Index Use (page 519)
Covered Queries (page 519)
Index Intersection (page 520)
Restrictions (page 520)
Additional Considerations (page 520)
Additional Resources (page 593)

Indexes support the efficient execution of queries in MongoDB. Without indexes, MongoDB must perform a collection
scan, i.e. scan every document in a collection, to select those documents that match the query statement. If an
appropriate index exists for a query, MongoDB can use the index to limit the number of documents it must inspect.
Indexes are special data structures 1 that store a small portion of the collection’s data set in an easy to traverse form.
The index stores the value of a specific field or set of fields, ordered by the value of the field. The ordering of the index
entries supports efficient equality matches and range-based query operations. In addition, MongoDB can return sorted
results by using the ordering in the index.
The following diagram illustrates a query that selects and orders the matching documents using an index:
Fundamentally, indexes in MongoDB are similar to indexes in other database systems. MongoDB defines indexes at
the collection level and supports indexes on any field or sub-field of the documents in a MongoDB collection.

10.1 Default _id Index
MongoDB creates a unique index (page 568) on the _id (page 11) field during the creation of a collection. The _id
index prevents clients from inserting two documents with the same value for the _id field. You cannot drop this index
on the _id field.
Note: In sharded clusters, if you do not use the _id field as the shard key, then your application must ensure the
uniqueness of the values in the _id field to prevent errors. This is most-often done by using a standard auto-generated
ObjectId.
1

MongoDB indexes use a B-tree data structure.

515

MongoDB Documentation, Release 3.2.5

10.2 Create an Index
To create an index, use db.collection.createIndex() or a similar method from your driver2 .
db.collection.createIndex( , )

The db.collection.createIndex() method only creates an index if an index of the same specification does
not already exist.

10.3 Index Types
MongoDB provides a number of different index types to support specific types of data and queries.

10.3.1 Single Field
In addition to the MongoDB-defined _id index, MongoDB supports the creation of user-defined ascending/descending indexes on a single field of a document (page 520).
For a single-field index and sort operations, the sort order (i.e. ascending or descending) of the index key does not
matter because MongoDB can traverse the index in either direction.
See Single Field Indexes (page 520) and Sort with a Single Field Index (page 588) for more information on single-field
indexes.

10.3.2 Compound Index
MongoDB also supports user-defined indexes on multiple fields, i.e. compound indexes (page 522).
2 https://api.mongodb.org/

516

Chapter 10. Indexes

MongoDB Documentation, Release 3.2.5

The order of fields listed in a compound index has significance. For instance, if a compound index consists of {
userid: 1, score: -1 }, the index sorts first by userid and then, within each userid value, sorts by
score.

For compound indexes and sort operations, the sort order (i.e. ascending or descending) of the index keys can determine whether the index can support a sort operation. See Sort Order (page 524) for more information on the impact
of index order on results in compound indexes.
See Compound Indexes (page 522) and Sort on Multiple Fields (page 588) for more information on compound indexes.

10.3.3 Multikey Index
MongoDB uses multikey indexes (page 525) to index the content stored in arrays. If you index a field that holds an
array value, MongoDB creates separate index entries for every element of the array. These multikey indexes (page 525)
allow queries to select documents that contain arrays by matching on element or elements of the arrays. MongoDB
automatically determines whether to create a multikey index if the indexed field contains an array value; you do not
need to explicitly specify the multikey type.
See Multikey Indexes (page 525) and Multikey Index Bounds (page 529) for more information on multikey indexes.

10.3. Index Types

517

MongoDB Documentation, Release 3.2.5

10.3.4 Geospatial Index
To support efficient queries of geospatial coordinate data, MongoDB provides two special indexes: 2d indexes
(page 557) that uses planar geometry when returning results and 2sphere indexes (page 543) that use spherical geometry to return results.
See 2d Index Internals (page 561) for a high level introduction to geospatial indexes.

10.3.5 Text Indexes
MongoDB provides a text index type that supports searching for string content in a collection. These text indexes
do not store language-specific stop words (e.g. “the”, “a”, “or”) and stem the words in a collection to only store root
words.
See Text Indexes (page 533) for more information on text indexes and search.

10.3.6 Hashed Indexes
To support hash based sharding (page 748), MongoDB provides a hashed index (page 564) type, which indexes the
hash of the value of a field. These indexes have a more random distribution of values along their range, but only
support equality matches and cannot support range-based queries.

10.4 Index Properties
10.4.1 Unique Indexes
The unique (page 568) property for an index causes MongoDB to reject duplicate values for the indexed field. Other
than the unique constraint, unique indexes are functionally interchangeable with other MongoDB indexes.
518

Chapter 10. Indexes

MongoDB Documentation, Release 3.2.5

10.4.2 Partial Indexes
New in version 3.2.
Partial indexes (page 570) only index the documents in a collection that meet a specified filter expression. By indexing
a subset of the documents in a collection, partial indexes have lower storage requirements and reduced performance
costs for index creation and maintenance.
Partial indexes offer a superset of the functionality of sparse indexes and should be preferred over sparse indexes.

10.4.3 Sparse Indexes
The sparse (page 574) property of an index ensures that the index only contain entries for documents that have the
indexed field. The index skips documents that do not have the indexed field.
You can combine the sparse index option with the unique index option to reject documents that have duplicate values
for a field but ignore documents that do not have the indexed key.

10.4.4 TTL Indexes
TTL indexes (page 566) are special indexes that MongoDB can use to automatically remove documents from a collection after a certain amount of time. This is ideal for certain types of information like machine generated event data,
logs, and session information that only need to persist in a database for a finite amount of time.
See: Expire Data from Collections by Setting TTL (page 567) for implementation instructions.

10.5 Index Use
Indexes can improve the efficiency of read operations. The Analyze Query Performance (page 159) tutorial provides
an example of the execution statistics of a query with and without an index.
For information on how MongoDB chooses an index to use, see query optimizer (page 108).

10.6 Covered Queries
When the query criteria and the projection of a query include only the indexed fields, MongoDB will return results
directly from the index without scanning any documents or bringing documents into memory. These covered queries
can be very efficient.

10.5. Index Use

519

MongoDB Documentation, Release 3.2.5

For more information on covered queries, see Covered Query (page 106).

10.7 Index Intersection
New in version 2.6.
MongoDB can use the intersection of indexes (page 581) to fulfill queries. For queries that specify compound query
conditions, if one index can fulfill a part of a query condition, and another index can fulfill another part of the query
condition, then MongoDB can use the intersection of the two indexes to fulfill the query. Whether the use of a
compound index or the use of an index intersection is more efficient depends on the particular query and the system.
For details on index intersection, see Index Intersection (page 581).

10.8 Restrictions
Certain restrictions apply to indexes, such as the length of the index keys or the number of indexes per collection. See
Index Limitations for details.

10.9 Additional Considerations
Although indexes can improve query performances, indexes also present some operational considerations. See Operational Considerations for Indexes (page 256) for more information.
If your collection holds a large amount of data, and your application needs to be able to access the data while building
the index, consider building the index in the background, as described in Background Construction (page 577).
To build or rebuild indexes for a replica set, see Build Indexes on Replica Sets (page 579).
Some drivers may specify indexes, using NumberLong(1) rather than 1 as the specification. This does not have any
affect on the resulting index.

10.9.1 Single Field Indexes
On this page
•
•
•
•

Create an Ascending Index on a Single Field (page 521)
Create an Index on an Embedded Field (page 521)
Create an Index on Embedded Document (page 522)
Additional Considerations (page 522)

MongoDB provides complete support for indexes on any field in a collection of documents. By default, all collections
have an index on the _id field (page 515), and applications and users may add additional indexes to support important
queries and operations.
This document describes ascending/descending indexes on a single field.

520

Chapter 10. Indexes

MongoDB Documentation, Release 3.2.5

Create an Ascending Index on a Single Field
Consider a collection named records that holds documents that resemble the following sample document:
{
"_id": ObjectId("570c04a4ad233577f97dc459"),
"score": 1034,
"location": { state: "NY", city: "New York" }
}

The following operation creates an ascending index on the score field of the records collection:
db.records.createIndex( { score: 1 } )

Create an Index on an Embedded Field
You can create indexes on fields within embedded documents, just as you can index top-level fields in documents.
Indexes on embedded fields differ from indexes on embedded documents (page 521), which include the full content up
to the maximum index size of the embedded document in the index. Instead, indexes on embedded fields allow
you to use a “dot notation,” to introspect into embedded documents.
Consider a collection named records that holds documents that resemble the following sample document:
{
"_id": ObjectId("570c04a4ad233577f97dc459"),
"score": 1034,
"location": { state: "NY", city: "New York" }
}

The following operation creates an index on the location.state field:
db.records.createIndex( { "location.state": 1 } )

10.9. Additional Considerations

521

MongoDB Documentation, Release 3.2.5

The created index will support queries that select on the field location.state, such as the following:
db.records.find( { "location.state": "CA" } )
db.records.find( { "location.city": "Albany", "location.state": "NY" } )

Create an Index on Embedded Document
You can also create indexes on embedded document as a whole.
Consider a collection named records that holds documents that resemble the following sample document:
{
"_id": ObjectId("570c04a4ad233577f97dc459"),
"score": 1034,
"location": { state: "NY", city: "New York" }
}

The location field is an embedded document, containing the embedded fields city and state. The following
command creates an index on the location field as a whole:
db.records.createIndex( { location: 1 } )

The following query can use the index on the location field:
db.records.find( { location: { city: "New York", state: "NY" } } )

Note: Although the query can use the index, the result set does not include the sample document above. When
performing equality matches on embedded documents, field order matters and the embedded documents must match
exactly. See query-embedded-documents for more information regarding querying on embedded documents.

Additional Considerations
If your collection holds a large amount of data, and your application needs to be able to access the data while building
the index, consider building the index in the background, as described in Background Construction (page 577).
To build or rebuild indexes for a replica set, see Build Indexes on Replica Sets (page 579).
Some drivers may specify indexes, using NumberLong(1) rather than 1 as the specification. This does not have any
affect on the resulting index.

10.9.2 Compound Indexes
On this page
•
•
•
•
•

Create a Compound Index (page 523)
Sort Order (page 524)
Prefixes (page 524)
Index Intersection (page 525)
Additional Considerations (page 525)

MongoDB supports compound indexes, where a single index structure holds references to multiple fields
collection’s documents. The following diagram illustrates an example of a compound index on two fields:
3

within a

MongoDB imposes a limit of 31 fields for any compound index.

522

Chapter 10. Indexes

MongoDB Documentation, Release 3.2.5

Compound indexes can support queries that match on multiple fields.
Create a Compound Index
To create a compound index (page 522) use an operation that resembles the following prototype:
db.collection.createIndex( { : , : , ... } )

The value of the field in the index specification describes the kind of index for that field. For example, a value of 1
specifies an index that orders items in ascending order. A value of -1 specifies an index that orders items in descending
order. For additional index types, see index types (page 516).
Important: You may not create compound indexes that have hashed index type. You will receive an error if you
attempt to create a compound index that includes a hashed index field (page 564).
Consider a collection named products that holds documents that resemble the following document:
{
"_id": ObjectId(...),
"item": "Banana",
"category": ["food", "produce", "grocery"],
"location": "4th Street Store",
"stock": 4,
"type": "cases"
}

The following operation creates an ascending index on the item and stock fields:
db.products.createIndex( { "item": 1, "stock": 1 } )

The order of the fields listed in a compound index is important. The index will contain references to documents sorted
first by the values of the item field and, within each value of the item field, sorted by values of the stock field. See
Sort Order (page 524) for more information.
In addition to supporting queries that match on all the index fields, compound indexes can support queries that match
on the prefix of the index fields. That is, the index supports queries on the item field as well as both item and
stock fields:
db.products.find( { item: "Banana" } )
db.products.find( { item: "Banana", stock: { gt: 5 } } )

10.9. Additional Considerations

523

MongoDB Documentation, Release 3.2.5

For details, see Prefixes (page 524).
Sort Order
Indexes store references to fields in either ascending (1) or descending (-1) sort order. For single-field indexes, the
sort order of keys doesn’t matter because MongoDB can traverse the index in either direction. However, for compound
indexes (page 522), sort order can matter in determining whether the index can support a sort operation.
Consider a collection events that contains documents with the fields username and date. Applications can issue
queries that return results sorted first by ascending username values and then by descending (i.e. more recent to last)
date values, such as:
db.events.find().sort( { username: 1, date: -1 } )

or queries that return results sorted first by descending username values and then by ascending date values, such
as:
db.events.find().sort( { username: -1, date: 1 } )

The following index can support both these sort operations:
db.events.createIndex( { "username" : 1, "date" : -1 } )

However, the above index cannot support sorting by ascending username values and then by ascending date
values, such as the following:
db.events.find().sort( { username: 1, date: 1 } )

For more information on sort order and compound indexes, see Use Indexes to Sort Query Results (page 587).
Prefixes
Index prefixes are the beginning subsets of indexed fields. For example, consider the following compound index:
{ "item": 1, "location": 1, "stock": 1 }

The index has the following index prefixes:
• { item:

1 }

• { item:

1, location:

1 }

For a compound index, MongoDB can use the index to support queries on the index prefixes. As such, MongoDB can
use the index for queries on the following fields:
• the item field,
• the item field and the location field,
• the item field and the location field and the stock field.
MongoDB can also use the index to support a query on item and stock fields since item field corresponds to a
prefix. However, the index would not be as efficient in supporting the query as would be an index on only item and
stock.
However, MongoDB cannot use the index to support queries that include the following fields since without the item
field, none of the listed fields correspond to a prefix index:
• the location field,
• the stock field, or

524

Chapter 10. Indexes

MongoDB Documentation, Release 3.2.5

• the location and stock fields.
If you have a collection that has both a compound index and an index on its prefix (e.g. { a: 1, b: 1 } and
{ a: 1 }), if neither index has a sparse or unique constraint, then you can remove the index on the prefix (e.g. {
a: 1 }). MongoDB will use the compound index in all of the situations that it would have used the prefix index.
Index Intersection
Starting in version 2.6, MongoDB can use index intersection (page 581) to fulfill queries. The choice between creating
compound indexes that support your queries or relying on index intersection depends on the specifics of your system.
See Index Intersection and Compound Indexes (page 581) for more details.
Additional Considerations
If your collection holds a large amount of data, and your application needs to be able to access the data while building
the index, consider building the index in the background, as described in Background Construction (page 577).
To build or rebuild indexes for a replica set, see Build Indexes on Replica Sets (page 579).
Some drivers may specify indexes, using NumberLong(1) rather than 1 as the specification. This does not have any
affect on the resulting index.

10.9.3 Multikey Indexes
On this page
•
•
•
•

Create Multikey Index (page 525)
Index Bounds (page 525)
Limitations (page 526)
Examples (page 527)

To index a field that holds an array value, MongoDB creates an index key for each element in the array. These multikey
indexes support efficient queries against array fields. Multikey indexes can be constructed over arrays that hold both
scalar values (e.g. strings, numbers) and nested documents.
Create Multikey Index
To create a multikey index, use the db.collection.createIndex() method:
db.coll.createIndex( { : < 1 or -1 > } )

MongoDB automatically creates a multikey index if any indexed field is an array; you do not need to explicitly specify
the multikey type.
Index Bounds
If an index is multikey, then computation of the index bounds follows special rules. For details on multikey index
bounds, see Multikey Index Bounds (page 529).

10.9. Additional Considerations

525

MongoDB Documentation, Release 3.2.5

Limitations
Compound Multikey Indexes

For a compound (page 522) multikey index, each indexed document can have at most one indexed field whose value is
an array. As such, you cannot create a compound multikey index if more than one to-be-indexed field of a document
is an array. Or, if a compound multikey index already exists, you cannot insert a document that would violate this
restriction.
For example, consider a collection that contains the following document:
{ _id: 1, a: [ 1, 2 ], b: [ 1, 2 ], category: "AB - both arrays" }

You cannot create a compound multikey index { a:
are arrays.

1, b:

1 } on the collection since both the a and b fields

But consider a collection that contains the following documents:
{ _id: 1, a: [1, 2], b: 1, category: "A array" }
{ _id: 2, a: 1, b: [1, 2], category: "B array" }

A compound multikey index { a: 1, b: 1 } is permissible since for each document, only one field indexed
by the compound multikey index is an array; i.e. no document contains array values for both a and b fields. After
creating the compound multikey index, if you attempt to insert a document where both a and b fields are arrays,
MongoDB will fail the insert.
Shard Keys

You cannot specify a multikey index as the shard key index.
Changed in version 2.6: However, if the shard key index is a prefix (page 524) of a compound index, the compound
index is allowed to become a compound multikey index if one of the other keys (i.e. keys that are not part of the shard

526

Chapter 10. Indexes

MongoDB Documentation, Release 3.2.5

key) indexes an array. Compound multikey indexes can have an impact on performance.
Hashed Indexes

Hashed (page 564) indexes cannot be multikey.
Covered Queries

A multikey index (page 525) cannot support a covered query (page 106).
Query on the Array Field as a Whole

When a query filter specifies an exact match for an array as a whole (page 143), MongoDB can use the multikey
index to look up the first element of the query array but cannot use the multikey index scan to find the whole array.
Instead, after using the multikey index to look up the first element of the query array, MongoDB retrieves the associated
documents and filters for documents whose array matches the array in the query.
For example, consider an inventory collection that contains the following documents:
{
{
{
{
{

_id:
_id:
_id:
_id:
_id:

5,
6,
7,
8,
9,

type:
type:
type:
type:
type:

"food",
"food",
"food",
"food",
"food",

item:
item:
item:
item:
item:

"aaa",
"bbb",
"ccc",
"ddd",
"eee",

ratings:
ratings:
ratings:
ratings:
ratings:

[
[
[
[
[

5,
5,
9,
9,
5,

8, 9 ] }
9 ] }
5, 8 ] }
5 ] }
9, 5 ] }

The collection has a multikey index on the ratings field:
db.inventory.createIndex( { ratings: 1 } )

The following query looks for documents where the ratings field is the array [ 5, 9 ]:
db.inventory.find( { ratings: [ 5, 9 ] } )

MongoDB can use the multikey index to find documents that have 5 at any position in the ratings array. Then,
MongoDB retrieves these documents and filters for documents whose ratings array equals the query array [ 5,
9 ].
Examples
Index Basic Arrays

Consider a survey collection with the following document:
{ _id: 1, item: "ABC", ratings: [ 2, 5, 9 ] }

Create an index on the field ratings:
db.survey.createIndex( { ratings: 1 } )

Since the ratings field contains an array, the index on ratings is multikey. The multikey index contains the
following three index keys, each pointing to the same document:
• 2,
• 5, and
10.9. Additional Considerations

527

MongoDB Documentation, Release 3.2.5

• 9.
Index Arrays with Embedded Documents

You can create multikey indexes on array fields that contain nested objects.
Consider an inventory collection with documents of the following form:
{
_id: 1,
item: "abc",
stock: [
{ size: "S", color: "red", quantity: 25 },
{ size: "S", color: "blue", quantity: 10 },
{ size: "M", color: "blue", quantity: 50 }
]
}
{
_id: 2,
item: "def",
stock: [
{ size: "S",
{ size: "M",
{ size: "M",
{ size: "L",
]

color:
color:
color:
color:

"blue", quantity: 20 },
"blue", quantity: 5 },
"black", quantity: 10 },
"red", quantity: 2 }

}
{
_id: 3,
item: "ijk",
stock: [
{ size: "M", color: "blue", quantity: 15 },
{ size: "L", color: "blue", quantity: 100 },
{ size: "L", color: "red", quantity: 25 }
]
}
...

The following operation creates a multikey index on the stock.size and stock.quantity fields:
db.inventory.createIndex( { "stock.size": 1, "stock.quantity": 1 } )

The compound multikey index can support queries with predicates that include both indexed fields as well as predicates
that include only the index prefix "stock.size", as in the following examples:
db.inventory.find( { "stock.size": "M" } )
db.inventory.find( { "stock.size": "S", "stock.quantity": { $gt: 20 } } )

For details on how MongoDB can combine multikey index bounds, see Multikey Index Bounds (page 529). For more
information on behavior of compound indexes and prefixes, see compound indexes and prefixes (page 524).
The compound multikey index can also support sort operations, such as the following examples:
db.inventory.find( ).sort( { "stock.size": 1, "stock.quantity": 1 } )
db.inventory.find( { "stock.size": "M" } ).sort( { "stock.quantity": 1 } )

For more information on behavior of compound indexes and sort operations, see Use Indexes to Sort Query Results
(page 587).

528

Chapter 10. Indexes

MongoDB Documentation, Release 3.2.5

On this page
Multikey Index Bounds

• Intersect Bounds for Multikey Index (page 529)
• Compound Bounds for Multikey Index (page 529)

The bounds of an index scan define the portions of an index to search during a query. When multiple predicates over an
index exist, MongoDB will attempt to combine the bounds for these predicates by either intersection or compounding
in order to produce a scan with smaller bounds.
Intersect Bounds for Multikey Index Bounds intersection refers to a logical conjunction (i.e. AND) of multiple
bounds. For instance, given two bounds [ [ 3, Infinity ] ] and [ [ -Infinity, 6 ] ], the intersection of the bounds results in [ [ 3, 6 ] ].
Given an indexed (page 525) array field, consider a query that specifies multiple predicates on the array and can use
a multikey index (page 525). MongoDB can intersect multikey index (page 525) bounds if an $elemMatch joins the
predicates.
For example, a collection survey contains documents with a field item and an array field ratings:
{ _id: 1, item: "ABC", ratings: [ 2, 9 ] }
{ _id: 2, item: "XYZ", ratings: [ 4, 3 ] }

Create a multikey index (page 525) on the ratings array:
db.survey.createIndex( { ratings: 1 } )

The following query uses $elemMatch to require that the array contains at least one single element that matches
both conditions:
db.survey.find( { ratings : { $elemMatch: { $gte: 3, $lte: 6 } } } )

Taking the predicates separately:
• the bounds for the greater than or equal to 3 predicate (i.e. $gte:
• the bounds for the less than or equal to 6 predicate (i.e. $lte:

3) are [ [ 3, Infinity ] ];

6) are [ [ -Infinity, 6 ] ].

Because the query uses $elemMatch to join these predicates, MongoDB can intersect the bounds to:
ratings: [ [ 3, 6 ] ]

If the query does not join the conditions on the array field with $elemMatch, MongoDB cannot intersect the multikey
index bounds. Consider the following query:
db.survey.find( { ratings : { $gte: 3, $lte: 6 } } )

The query searches the ratings array for at least one element greater than or equal to 3 and at least one element
less than or equal to 6. Because a single element does not need to meet both criteria, MongoDB does not intersect the
bounds and uses either [ [ 3, Infinity ] ] or [ [ -Infinity, 6 ] ]. MongoDB makes no guarantee
as to which of these two bounds it chooses.
Compound Bounds for Multikey Index Compounding bounds refers to using bounds for multiple keys of compound index (page 522). For instance, given a compound index { a: 1, b: 1 } with bounds on field a of [
[ 3, Infinity ] ] and bounds on field b of [ [ -Infinity, 6 ] ], compounding the bounds results in
the use of both bounds:

10.9. Additional Considerations

529

MongoDB Documentation, Release 3.2.5

{ a: [ [ 3, Infinity ] ], b: [ [ -Infinity, 6 ] ] }

If MongoDB cannot compound the two bounds, MongoDB always constrains the index scan by the bound on its
leading field, in this case, a: [ [ 3, Infinity ] ].
Compound Index on an Array Field Consider a compound multikey index; i.e. a compound index (page 522)
where one of the indexed fields is an array. For example, a collection survey contains documents with a field item
and an array field ratings:
{ _id: 1, item: "ABC", ratings: [ 2, 9 ] }
{ _id: 2, item: "XYZ", ratings: [ 4, 3 ] }

Create a compound index (page 522) on the item field and the ratings field:
db.survey.createIndex( { item: 1, ratings: 1 } )

The following query specifies a condition on both keys of the index:
db.survey.find( { item: "XYZ", ratings: { $gte: 3 } } )

Taking the predicates separately:
• the bounds for the item:

"XYZ" predicate are [ [ "XYZ", "XYZ" ] ];

• the bounds for the ratings:

{ $gte:

3 } predicate are [ [ 3, Infinity ] ].

MongoDB can compound the two bounds to use the combined bounds of:
{ item: [ [ "XYZ", "XYZ" ] ], ratings: [ [ 3, Infinity ] ] }

Compound Index on Fields from an Array of Embedded Documents If an array contains embedded documents,
to index on fields contained in the embedded documents, use the dotted field name (page 9) in the index specification.
For instance, given the following array of embedded documents:
ratings: [ { score: 2, by: "mn" }, { score: 9, by: "anon" } ]

The dotted field name for the score field is "ratings.score".
Compound Bounds of Non-array Field and Field from an Array
uments with a field item and an array field ratings:

Consider a collection survey2 contains doc-

{
_id: 1,
item: "ABC",
ratings: [ { score: 2, by: "mn" }, { score: 9, by: "anon" } ]
}
{
_id: 2,
item: "XYZ",
ratings: [ { score: 5, by: "anon" }, { score: 7, by: "wv" } ]
}

Create a compound index (page 522) on the non-array field item as well as two fields from an array
ratings.score and ratings.by:
db.survey2.createIndex( { "item": 1, "ratings.score": 1, "ratings.by": 1 } )

The following query specifies a condition on all three fields:

530

Chapter 10. Indexes

MongoDB Documentation, Release 3.2.5

db.survey2.find( { item: "XYZ",

"ratings.score": { $lte: 5 }, "ratings.by": "anon" } )

Taking the predicates separately:
• the bounds for the item:

"XYZ" predicate are [ [ "XYZ", "XYZ" ] ];

• the bounds for the score:
• the bounds for the by:

{ $lte:

5 } predicate are [ [ -Infinity, 5 ] ];

"anon" predicate are [ "anon", "anon" ].

MongoDB can compound the bounds for the item key with either the bounds for "ratings.score" or the bounds
for "ratings.by", depending upon the query predicates and the index key values. MongoDB makes no guarantee
as to which bounds it compounds with the item field. For instance, MongoDB will either choose to compound the
item bounds with the "ratings.score" bounds:
{
"item" : [ [ "XYZ", "XYZ" ] ],
"ratings.score" : [ [ -Infinity, 5 ] ],
"ratings.by" : [ [ MinKey, MaxKey ] ]
}

Or, MongoDB may choose to compound the item bounds with "ratings.by" bounds:
{
"item" : [ [ "XYZ", "XYZ" ] ],
"ratings.score" : [ [ MinKey, MaxKey ] ],
"ratings.by" : [ [ "anon", "anon" ] ]
}

However, to compound the bounds for "ratings.score" with the bounds for "ratings.by", the query must
use $elemMatch. See Compound Bounds of Index Fields from an Array (page 531) for more information.
Compound Bounds of Index Fields from an Array
same array:

To compound together the bounds for index keys from the

• the index keys must share the same field path up to but excluding the field names, and
• the query must specify predicates on the fields using $elemMatch on that path.
For a field in an embedded document, the dotted field name (page 9), such as "a.b.c.d", is the field path for d. To
compound the bounds for index keys from the same array, the $elemMatch must be on the path up to but excluding
the field name itself; i.e. "a.b.c".
For instance, create a compound index (page 522) on the ratings.score and the ratings.by fields:
db.survey2.createIndex( { "ratings.score": 1, "ratings.by": 1 } )

The fields "ratings.score" and "ratings.by" share the field path ratings. The following query uses
$elemMatch on the field ratings to require that the array contains at least one single element that matches both
conditions:
db.survey2.find( { ratings: { $elemMatch: { score: { $lte: 5 }, by: "anon" } } } )

Taking the predicates separately:
• the bounds for the score:
• the bounds for the by:

{ $lte:

5 } predicate is [ -Infinity, 5 ];

"anon" predicate is [ "anon", "anon" ].

MongoDB can compound the two bounds to use the combined bounds of:

10.9. Additional Considerations

531

MongoDB Documentation, Release 3.2.5

{ "ratings.score" : [ [ -Infinity, 5 ] ], "ratings.by" : [ [ "anon", "anon" ] ] }

Query Without $elemMatch If the query does not join the conditions on the indexed array fields with
$elemMatch, MongoDB cannot compound their bounds. Consider the following query:
db.survey2.find( { "ratings.score": { $lte: 5 }, "ratings.by": "anon" } )

Because a single embedded document in the array does not need to meet both criteria, MongoDB does not compound
the bounds. When using a compound index, if MongoDB cannot constrain all the fields of the index, MongoDB
always constrains the leading field of the index, in this case "ratings.score":
{
"ratings.score": [ [ -Infinity, 5 ] ],
"ratings.by": [ [ MinKey, MaxKey ] ]
}

$elemMatch on Incomplete Path If the query does not specify $elemMatch on the path of the embedded fields,
up to but excluding the field names, MongoDB cannot compound the bounds of index keys from the same array.
For example, a collection survey3 contains documents with a field item and an array field ratings:
{
_id: 1,
item: "ABC",
ratings: [ { score: { q1: 2, q2: 5 } }, { score: { q1: 8, q2: 4 } } ]
}
{
_id: 2,
item: "XYZ",
ratings: [ { score: { q1: 7, q2: 8 } }, { score: { q1: 9, q2: 5 } } ]
}

Create a compound index (page 522) on the ratings.score.q1 and the ratings.score.q2 fields:
db.survey3.createIndex( { "ratings.score.q1": 1, "ratings.score.q2": 1 } )

The fields "ratings.score.q1" and "ratings.score.q2" share the field path "ratings.score" and
the $elemMatch must be on that path.
The following query, however, uses an $elemMatch but not on the required path:
db.survey3.find( { ratings: { $elemMatch: { 'score.q1': 2, 'score.q2': 8 } } } )

As such, MongoDB cannot compound the bounds, and the "ratings.score.q2" field will be unconstrained
during the index scan. To compound the bounds, the query must use $elemMatch on the path "ratings.score":
db.survey3.find( { 'ratings.score': { $elemMatch: { 'q1': 2, 'q2': 8 } } } )

Compound $elemMatch Clauses Consider a query that contains multiple $elemMatch clauses on different field
paths, for instance, "a.b": { $elemMatch: ... }, "a.c": { $elemMatch: ... }. MongoDB cannot combine the bounds of the "a.b" with the bounds of "a.c" since "a.b" and "a.c" also require
$elemMatch on the path a.
For example, a collection survey4 contains documents with a field item and an array field ratings:

532

Chapter 10. Indexes

MongoDB Documentation, Release 3.2.5

{
_id: 1,
item: "ABC",
ratings: [
{ score: { q1: 2, q2: 5 }, certainty: { q1: 2, q2: 3 } },
{ score: { q1: 8, q2: 4 }, certainty: { q1: 10, q2: 10 } }
]
}
{
_id: 2,
item: "XYZ",
ratings: [
{ score: { q1: 7, q2: 8 }, certainty: { q1: 5, q2: 5 } },
{ score: { q1: 9, q2: 5 }, certainty: { q1: 7, q2: 7 } }
]
}

Create a compound index (page 522) on the ratings.score.q1 and the ratings.score.q2 fields:
db.survey4.createIndex( {
"ratings.score.q1": 1,
"ratings.score.q2": 1,
"ratings.certainty.q1": 1,
"ratings.certainty.q2": 1
} )

Consider the following query with two $elemMatch clauses:
db.survey4.find(
{
"ratings.score": { $elemMatch: { q1: 5, q2: 5 } },
"ratings.certainty": { $elemMatch: { q1: 7, q2: 7 } },
}
)

Taking the predicates separately:
• the bounds for the "ratings.score" predicate are the compound bounds:
{ "ratings.score.q1" : [ [ 5, 5 ] ], "ratings.score.q2" : [ [ 5, 5 ] ] }

• the bounds for the "ratings.certainty" predicate are the compound bounds:
{ "ratings.certainty.q1" : [ [ 7, 7 ] ], "ratings.certainty.q2" : [ [ 7, 7 ] ] }

However, MongoDB cannot compound the bounds for "ratings.score" and "ratings.certainty"
since $elemMatch does not join the two. Instead, MongoDB constrains the leading field of the index
"ratings.score.q1" which can be compounded with the bounds for "ratings.score.q2":
{
"ratings.score.q1" : [
"ratings.score.q2" : [
"ratings.certainty.q1"
"ratings.certainty.q2"

[
[
:
:

5, 5 ] ],
5, 5 ] ],
[ [ MinKey, MaxKey ] ],
[ [ MinKey, MaxKey ] ]

}

10.9.4 Text Indexes

10.9. Additional Considerations

533

MongoDB Documentation, Release 3.2.5

On this page
•
•
•
•
•
•
•
•
•
•
•

Overview (page 534)
Create Text Index (page 534)
Case Insensitivity (page 535)
Diacritic Insensitivity (page 536)
Tokenization Delimiters (page 536)
Index Entries (page 536)
Supported Languages and Stop Words (page 536)
sparse Property (page 536)
Restrictions (page 537)
Storage Requirements and Performance Costs (page 537)
Text Search Support (page 538)

Changed in version 3.2.
Starting in MongoDB 3.2, MongoDB introduces a version 3 of the text index. Key features of the new version of
the index are:
• Improved case insensitivity (page 535)
• Diacritic insensitivity (page 536)
• Additional delimiters for tokenization (page 536)
Starting in MongoDB 3.2, version 3 is the default version for new text indexes.
Overview
MongoDB provides text indexes (page 533) to support text search queries on string content. text indexes can include
any field whose value is a string or an array of string elements.
Create Text Index
Important: A collection can have at most one text index.
To create a text index, use the db.collection.createIndex() method. To index a field that contains a
string or an array of string elements, include the field and specify the string literal "text" in the index document, as
in the following example:
db.reviews.createIndex( { comments: "text" } )

You can index multiple fields for the text index. The following example creates a text index on the fields subject
and comments:
db.reviews.createIndex(
{
subject: "text",
comments: "text"
}
)

A compound index (page 522) can include text index keys in combination with ascending/descending index keys.
For more information, see Compound Index (page 537).

534

Chapter 10. Indexes

MongoDB Documentation, Release 3.2.5

In order to drop a text index, use the index name. See Use the Index Name to Drop a text Index (page 541) for more
information.
Specify Weights

For a text index, the weight of an indexed field denotes the significance of the field relative to the other indexed
fields in terms of the text search score.
For each indexed field in the document, MongoDB multiplies the number of matches by the weight and sums the
results. Using this sum, MongoDB then calculates the score for the document. See $meta operator for details on
returning and sorting by text scores.
The default weight is 1 for the indexed fields. To adjust the weights for the indexed fields, include the weights
option in the db.collection.createIndex() method.
For more information using weights to control the results of a text search, see Control Search Results with Weights
(page 541).
Wildcard Text Indexes

When creating a text index on multiple fields, you can also use the wildcard specifier ($**). With a wildcard text
index, MongoDB indexes every field that contains string data for each document in the collection. The following
example creates a text index using the wildcard specifier:
db.collection.createIndex( { "$**": "text" } )

This index allows for text search on all fields with string content. Such an index can be useful with highly unstructured
data if it is unclear which fields to include in the text index or for ad-hoc querying.
Wildcard text indexes are text indexes on multiple fields. As such, you can assign weights to specific fields during
index creation to control the ranking of the results. For more information using weights to control the results of a text
search, see Control Search Results with Weights (page 541).
Wildcard text indexes, as with all text indexes, can be part of a compound indexes. For example, the following creates
a compound index on the field a as well as the wildcard specifier:
db.collection.createIndex( { a: 1, "$**": "text" } )

As with all compound text indexes (page 537), since the a precedes the text index key, in order to perform a $text
search with this index, the query predicate must include an equality match conditions a. For information on compound
text indexes, see Compound Text Indexes (page 537).
Case Insensitivity
Changed in version 3.2.
The version 3 text index supports the common C, simple S, and for Turkish languages, the special T case foldings
as specified in Unicode 8.0 Character Database Case Folding4 .
The case foldings expands the case insensitivity of the text index to include characters with diacritics, such as é and
É, and characters from non-Latin alphabets, such as characters from Cyrillic alphabet.
Version 3 of the text index is also diacritic insensitive (page 536). As such, the index also does not distinguish
between é, É, e, and E.
4 http://www.unicode.org/Public/8.0.0/ucd/CaseFolding.txt

10.9. Additional Considerations

535

MongoDB Documentation, Release 3.2.5

Previous versions of the text index are case insensitive for [A-z] only; i.e. case insensitive for non-diacritics Latin
characters only . For all other characters, earlier versions of the text index treat them as distinct.
Diacritic Insensitivity
Changed in version 3.2.
With version 3, text index is diacritic insensitive. That is, the index does not distinguish between characters that
contain diacritical marks and their non-marked counterpart, such as é, ê, and e. More specifically, the text index
strips the characters categorized as diacritics in Unicode 8.0 Character Database Prop List5 .
Version 3 of the text index is also case insensitive (page 535) to characters with diacritics. As such, the index also
does not distinguish between é, É, e, and E.
Previous versions of the text index treat characters with diacritics as distinct.
Tokenization Delimiters
Changed in version 3.2.
For tokenization, version 3 text index uses the delimiters categorized under Dash, Hyphen, Pattern_Syntax,
Quotation_Mark, Terminal_Punctuation, and White_Space in Unicode 8.0 Character Database Prop
List6 .
For example, if given a string "Il a dit qu’il «était le meilleur joueur du monde»", the
text index treats «, », and spaces as delimiters.
Previous versions of the index treat « as part of the term "«était" and » as part of the term "monde»".
Index Entries
text index tokenizes and stems the terms in the indexed fields for the index entries. text index stores one index
entry for each unique stemmed term in each indexed field for each document in the collection. The index uses simple
language-specific (page 536) suffix stemming.
Supported Languages and Stop Words
MongoDB supports text search for various languages. text indexes drop language-specific stop words (e.g. in
English, the, an, a, and, etc.) and use simple language-specific suffix stemming. For a list of the supported
languages, see Text Search Languages (page 245).
If you specify a language value of "none", then the text index uses simple tokenization with no list of stop words
and no stemming.
To specify a language for the text index, see Specify a Language for Text Index (page 538).
sparse Property
text indexes are sparse (page 574) by default and ignore the sparse: true (page 574) option. If a document lacks a
text index field (or the field is null or an empty array), MongoDB does not add an entry for the document to the
text index. For inserts, MongoDB inserts the document but does not add to the text index.
5 http://www.unicode.org/Public/8.0.0/ucd/PropList.txt
6 http://www.unicode.org/Public/8.0.0/ucd/PropList.txt

536

Chapter 10. Indexes

MongoDB Documentation, Release 3.2.5

For a compound index that includes a text index key along with keys of other types, only the text index field
determines whether the index references a document. The other keys do not determine whether the index references
the documents or not.
Restrictions
One Text Index Per Collection

A collection can have at most one text index.
Text Search and Hints

You cannot use hint() if the query includes a $text query expression.
Text Index and Sort

Sort operations cannot obtain sort order from a text index, even from a compound text index (page 537); i.e. sort
operations cannot use the ordering in the text index.
Compound Index

A compound index (page 522) can include a text index key in combination with ascending/descending index keys.
However, these compound indexes have the following restrictions:
• A compound text index cannot include any other special index types, such as multi-key (page 525) or geospatial index fields.
• If the compound text index includes keys preceding the text index key, to perform a $text search, the
query predicate must include equality match conditions on the preceding keys.
See also Text Index and Sort (page 537) for additional limitations.
For an example of a compound text index, see Limit the Number of Entries Scanned (page 542).
Drop a Text Index

To drop a text index, pass the name of the index to the db.collection.dropIndex() method. To get the
name of the index, run the db.collection.getIndexes() method.
For information on the default naming scheme for text indexes as well as overriding the default name, see Specify
Name for text Index (page 540).
Storage Requirements and Performance Costs
text indexes have the following storage requirements and performance costs:
• text indexes can be large. They contain one index entry for each unique post-stemmed word in each indexed
field for each document inserted.
• Building a text index is very similar to building a large multi-key index and will take longer than building a
simple ordered (scalar) index on the same data.

10.9. Additional Considerations

537

MongoDB Documentation, Release 3.2.5

• When building a large text index on an existing collection, ensure that you have a sufficiently high limit on
open file descriptors. See the recommended settings (page 372).
• text indexes will impact insertion throughput because MongoDB must add an index entry for each unique
post-stemmed word in each indexed field of each new source document.
• Additionally, text indexes do not store phrases or information about the proximity of words in the documents.
As a result, phrase queries will run much more effectively when the entire collection fits in RAM.
Text Search Support
The text index supports $text query operations. For examples of text search, see the $text reference
page. For examples of $text operations in aggregation pipelines, see Text Search in the Aggregation Pipeline
(page 242).
Specify a Language for Text Index

On this page
• Specify the Default Language for a text Index (page 538)
• Create a text Index for a Collection in Multiple Languages (page 538)
This tutorial describes how to specify the default language associated with the text index (page 538) and also how to
create text indexes for collections that contain documents in different languages (page 538).
Specify the Default Language for a text Index The default language associated with the indexed data determines
the rules to parse word roots (i.e. stemming) and ignore stop words. The default language for the indexed data is
english.
To specify a different language, use the default_language option when creating the text index. See Text Search
Languages (page 245) for the languages available for default_language.
The following example creates for the quotes collection a text index on the content field and sets the
default_language to spanish:
db.quotes.createIndex(
{ content : "text" },
{ default_language: "spanish" }
)

Create a text Index for a Collection in Multiple Languages Changed in version 2.6: Added support for language
overrides within embedded documents.
Specify the Index Language within the Document If a collection contains documents or embedded documents that
are in different languages, include a field named language in the documents or embedded documents and specify
as its value the language for that document or embedded document.
MongoDB will use the specified language for that document or embedded document when building the text index:
• The specified language in the document overrides the default language for the text index.
• The specified language in an embedded document override the language specified in an enclosing document or
the default language for the index.

538

Chapter 10. Indexes

MongoDB Documentation, Release 3.2.5

See Text Search Languages (page 245) for a list of supported languages.
For example, a collection quotes contains multi-language documents that include the language field in the document and/or the embedded document as needed:
{
_id: 1,
language: "portuguese",
original: "A sorte protege os audazes.",
translation:
[
{
language: "english",
quote: "Fortune favors the bold."
},
{
language: "spanish",
quote: "La suerte protege a los audaces."
}
]
}
{
_id: 2,
language: "spanish",
original: "Nada hay más surrealista que la realidad.",
translation:
[
{
language: "english",
quote: "There is nothing more surreal than reality."
},
{
language: "french",
quote: "Il n'y a rien de plus surréaliste que la réalité."
}
]
}
{
_id: 3,
original: "is this a dagger which I see before me.",
translation:
{
language: "spanish",
quote: "Es este un puñal que veo delante de mí."
}
}

If you create a text index on the quote field with the default language of English.
db.quotes.createIndex( { original: "text", "translation.quote": "text" } )

Then, for the documents and embedded documents that contain the language field, the text index uses that language to parse word stems and other linguistic characteristics.
For embedded documents that do not contain the language field,
• If the enclosing document contains the language field, then the index uses the document’s language for the
embedded document.
• Otherwise, the index uses the default language for the embedded documents.

10.9. Additional Considerations

539

MongoDB Documentation, Release 3.2.5

For documents that do not contain the language field, the index uses the default language, which is English.
Use any Field to Specify the Language for a Document To use a field with a name other than language, include
the language_override option when creating the index.
For example, give the following command to use idioma as the field name instead of language:
db.quotes.createIndex( { quote : "text" },
{ language_override: "idioma" } )

The documents of the quotes collection may specify a language with the idioma field:
{ _id: 1, idioma: "portuguese", quote: "A sorte protege os audazes" }
{ _id: 2, idioma: "spanish", quote: "Nada hay más surrealista que la realidad." }
{ _id: 3, idioma: "english", quote: "is this a dagger which I see before me" }

Specify Name for text Index

On this page
• Specify a Name for text Index (page 540)
• Use the Index Name to Drop a text Index (page 541)
The default name for the index consists of each indexed field name concatenated with _text. For example, the
following command creates a text index on the fields content, users.comments, and users.profiles:
db.collection.createIndex(
{
content: "text",
"users.comments": "text",
"users.profiles": "text"
}
)

The default name for the index is:
"content_text_users.comments_text_users.profiles_text"

The text index, like other indexes, must fall within the index name length limit.
Specify a Name for text Index To avoid creating an index with a name that exceeds the index name length
limit, you can pass the name option to the db.collection.createIndex() method:
db.collection.createIndex(
{
content: "text",
"users.comments": "text",
"users.profiles": "text"
},
{
name: "MyTextIndex"
}
)

540

Chapter 10. Indexes

MongoDB Documentation, Release 3.2.5

Use the Index Name to Drop a text Index Whether the text (page 533) index has the default name or you
specified a name for the text (page 533) index, to drop the text (page 533) index, pass the index name to the
db.collection.dropIndex() method.
For example, consider the index created by the following operation:
db.collection.createIndex(
{
content: "text",
"users.comments": "text",
"users.profiles": "text"
},
{
name: "MyTextIndex"
}
)

Then, to remove this text index, pass the name "MyTextIndex" to the db.collection.dropIndex()
method, as in the following:
db.collection.dropIndex("MyTextIndex")

To get the names of the indexes, use the db.collection.getIndexes() method.
Control Search Results with Weights

Text search assigns a score to each document that contains the search term in the indexed fields. The score determines
the relevance of a document to a given search query.
For a text index, the weight of an indexed field denotes the significance of the field relative to the other indexed
fields in terms of the text search score.
For each indexed field in the document, MongoDB multiplies the number of matches by the weight and sums the
results. Using this sum, MongoDB then calculates the score for the document. See $meta operator for details on
returning and sorting by text scores.
The default weight is 1 for the indexed fields. To adjust the weights for the indexed fields, include the weights
option in the db.collection.createIndex() method.
Warning: Choose the weights carefully in order to prevent the need to reindex.
A collection blog has the following documents:
{
_id: 1,
content: "This morning I had a cup of coffee.",
about: "beverage",
keywords: [ "coffee" ]
}
{
_id: 2,
content: "Who doesn't like cake?",
about: "food",
keywords: [ "cake", "food", "dessert" ]
}

10.9. Additional Considerations

541

MongoDB Documentation, Release 3.2.5

To create a text index with different field weights for the content field and the keywords field, include the
weights option to the createIndex() method. For example, the following command creates an index on three
fields and assigns weights to two of the fields:
db.blog.createIndex(
{
content: "text",
keywords: "text",
about: "text"
},
{
weights: {
content: 10,
keywords: 5
},
name: "TextIndex"
}
)

The text index has the following fields and weights:
• content has a weight of 10,
• keywords has a weight of 5, and
• about has the default weight of 1.
These weights denote the relative significance of the indexed fields to each other. For instance, a term match in the
content field has:
• 2 times (i.e. 10:5) the impact as a term match in the keywords field and
• 10 times (i.e. 10:1) the impact as a term match in the about field.
Limit the Number of Entries Scanned

This tutorial describes how to create indexes to limit the number of index entries scanned for queries that includes a
$text expression and equality conditions.
A collection inventory contains the following documents:
{
{
{
{
{
{

_id:
_id:
_id:
_id:
_id:
_id:

1,
2,
3,
4,
5,
6,

dept:
dept:
dept:
dept:
dept:
dept:

"tech", description: "lime green computer" }
"tech", description: "wireless red mouse" }
"kitchen", description: "green placemat" }
"kitchen", description: "red peeler" }
"food", description: "green apple" }
"food", description: "red potato" }

Consider the common use case that performs text searches by individual departments, such as:
db.inventory.find( { dept: "kitchen", $text: { $search: "green" } } )

To limit the text search to scan only those documents within a specific dept, create a compound index that first specifies an ascending/descending index key on the field dept and then a text index key on the field description:
db.inventory.createIndex(
{
dept: 1,
description: "text"
}
)

542

Chapter 10. Indexes

MongoDB Documentation, Release 3.2.5

Then, the text search within a particular department will limit the scan of indexed documents. For example, the
following query scans only those documents with dept equal to kitchen:
db.inventory.find( { dept: "kitchen", $text: { $search: "green" } } )

Note:
• A compound text index cannot include any other special index types, such as multi-key (page 525) or geospatial index fields.
• If the compound text index includes keys preceding the text index key, to perform a $text search, the
query predicate must include equality match conditions on the preceding keys.
See also:
Text Indexes (page 533)

10.9.5 2dsphere Indexes
On this page
•
•
•
•

Overview (page 543)
2dsphere (Version 2) (page 543)
Considerations (page 544)
Create a 2dsphere Index (page 544)

New in version 2.4.
Overview
A 2dsphere index supports queries that calculate geometries on an earth-like sphere. 2dsphere index supports all MongoDB geospatial queries: queries for inclusion, intersection and proximity. See the
https://docs.mongodb.org/manual/reference/operator/query-geospatial for the query operators that support geospatial queries.
The 2dsphere index supports data stored as GeoJSON (page 554) objects and as legacy coordinate pairs (See also
2dsphere Indexed Field Restrictions (page 544)). For legacy coordinate pairs, the index converts the data to GeoJSON
Point (page 554). For details on the supported GeoJSON objects, see GeoJSON Objects (page 554).
The default datum for an earth-like sphere is WGS84. Coordinate-axis order is longitude, latitude.
2dsphere (Version 2)
Changed in version 2.6.
MongoDB 2.6 introduces a version 2 of 2dsphere indexes. Version 2 is the default version of 2dsphere indexes
created in MongoDB 2.6 and later series. To override the default version 2 and create a version 1 index, include the
option { "2dsphereIndexVersion": 1 } when creating the index.
sparse Property

Changed in version 2.6.

10.9. Additional Considerations

543

MongoDB Documentation, Release 3.2.5

2dsphere (Version 2) indexes are sparse (page 574) by default and ignores the sparse: true (page 574) option.
If a document lacks a 2dsphere index field (or the field is null or an empty array), MongoDB does not add an
entry for the document to the index. For inserts, MongoDB inserts the document but does not add to the 2dsphere
index.
For a compound index that includes a 2dsphere index key along with keys of other types, only the 2dsphere
index field determines whether the index references a document.
Earlier versions of MongoDB only support 2dsphere (Version 1) indexes. 2dsphere (Version 1) indexes are not sparse by default and will reject documents with null location fields.
Additional GeoJSON Objects

2dsphere (Version 2) includes support for additional GeoJSON object: MultiPoint (page 555), MultiLineString (page 556), MultiPolygon (page 556), and GeometryCollection (page 556). For details on all supported
GeoJSON objects, see GeoJSON Objects (page 554).
Considerations
geoNear and $geoNear Restrictions

The geoNear command and the $geoNear pipeline stage require that a collection have at most only one 2dsphere
index and/or only one 2d (page 557) index whereas geospatial query operators (e.g. $near and $geoWithin)
permit collections to have multiple geospatial indexes.
The geospatial index restriction for the geoNear command and the $geoNear pipeline stage exists because neither
the geoNear command nor the $geoNear pipeline stage syntax includes the location field. As such, index selection
among multiple 2d indexes or 2dsphere indexes is ambiguous.
No such restriction applies for geospatial query operators since these operators take a location field, eliminating the
ambiguity.
Shard Key Restrictions

You cannot use a 2dsphere index as a shard key when sharding a collection. However, you can create and maintain
a geospatial index on a sharded collection by using a different field as the shard key.
2dsphere Indexed Field Restrictions

Fields with 2dsphere (page 543) indexes must hold geometry data in the form of coordinate pairs or GeoJSON data. If
you attempt to insert a document with non-geometry data in a 2dsphere indexed field, or build a 2dsphere index
on a collection where the indexed field has non-geometry data, the operation will fail.
Create a 2dsphere Index
To create a 2dsphere index, use the db.collection.createIndex() method, specifying the location field
as the key and the string literal "2dsphere" as the index type:
db.collection.createIndex( { : "2dsphere" } )

544

Chapter 10. Indexes

MongoDB Documentation, Release 3.2.5

Unlike a compound 2d (page 557) index which can reference one location field and one other field, a compound
(page 522) 2dsphere index can reference multiple location and non-location fields.
For the following examples, consider a collection places with documents that store location data as GeoJSON Point
(page 554) in a field named loc:
db.places.insert(
{
loc : { type: "Point", coordinates: [ -73.97, 40.77 ] },
name: "Central Park",
category : "Parks"
}
)
db.places.insert(
{
loc : { type: "Point", coordinates: [ -73.88, 40.78 ] },
name: "La Guardia Airport",
category : "Airport"
}
)

Create a 2dsphere Index

The following operation creates a 2dsphere (page 543) index on the location field loc:
db.places.createIndex( { loc : "2dsphere" } )

Create a Compound Index with 2dsphere Index Key

A compound index (page 522) can include a 2dsphere index key in combination with non-geospatial index keys. For
example, the following operation creates a compound index where the first key loc is a 2dsphere index key, and the
remaining keys category and names are non-geospatial index keys, specifically descending (-1) and ascending
(1) keys respectively.
db.places.createIndex( { loc : "2dsphere" , category : -1, name: 1 } )

Unlike the 2d (page 557) index, a compound 2dsphere index does not require the location field to be the first field
indexed. For example:
db.places.createIndex( { category : 1 , loc : "2dsphere" } )

On this page
Find Restaurants with Geospatial Queries

•
•
•
•

Overview (page 545)
Differences Between Flat and Spherical Geometry (page 546)
Distortion (page 546)
Searching for Restaurants (page 546)

Overview MongoDB’s geospatial indexing allows you to efficiently execute spatial queries on a collection that
contains geospatial shapes and points. This tutorial will briefly introduce the concepts of geospatial indexes, and then
demonstrate their use with $geoWithin, $geoIntersects, and geoNear.
10.9. Additional Considerations

545

MongoDB Documentation, Release 3.2.5

To showcase the capabilities of geospatial features and compare different approaches, this tutorial will guide you
through the process of writing queries for a simple geospatial application.
Suppose you are designing a mobile application to help users find restaurants in New York City. The application must:
• Determine the user’s current neighborhood using $geoIntersects,
• Show the number of restaurants in that neighborhood using $geoWithin, and
• Find restaurants within a specified distance of the user using $nearSphere.
This tutorial will use a 2dsphere index to query for this data on spherical geometry.
Differences Between Flat and Spherical Geometry Geospatial queries can use either flat or spherical geometries,
depending on both the query and the type of index in use. 2dsphere indexes support only spherical geometries,
while 2d indexes support both flat and spherical geometries.
However, queries using spherical geometries will be more performant and accurate with a 2dsphere index, so you
should always use 2dsphere indexes on geographical geospatial fields.
The following table shows what kind of geometry each geospatial operator will use:
Query Type
$near (GeoJSON point, 2dsphere index)
$near (legacy coordinates, 2d index)
$nearSphere (GeoJSON point, 2dsphere index)
$nearSphere (legacy coordinates, 2d index)
$geoWithin : { $geometry: ... }
$geoWithin : { $box: ... }
$geoWithin : { $polygon: ... }
$geoWithin : { $center: ... }
$geoWithin : { $centerSphere: ... }
$geoIntersects

Geometry Type
Spherical
Flat
Spherical
Spherical
Spherical
Flat
Flat
Flat
Spherical
Spherical

Notes

Use GeoJSON points instead.

The geoNear command and the $geoNear aggregation operator both operate in radians when using legacy coordinates, and meters when using GeoJSON points.
Distortion Spherical geometry will appear distorted when visualized on a map due to the nature of projecting a three
dimensional sphere, such as the earth, onto a flat plane.
For example, take the specification of the spherical square defined by the longitude latitude points (0,0), (80,0),
(80,80), and (0,80). The following figure depicts the area covered by this region:
Searching for Restaurants
Prerequisites Download the example datasets from https://raw.githubusercontent.com/mongodb/docsassets/geospatial/neighborhoods.json
and
https://raw.githubusercontent.com/mongodb/docsassets/geospatial/restaurants.json. These contain the collections restaurants and neighborhoods respectively.
After downloading the datasets, import them into the database:
mongoimport -c restaurants
mongoimport -c neighborhoods

The geoNear command requires a geospatial index, and almost always improves performance of $geoWithin and
$geoIntersects queries.
Because this data is geographical, create a 2dsphere index on each collection using the mongo shell:

546

Chapter 10. Indexes

MongoDB Documentation, Release 3.2.5

10.9. Additional Considerations

547

MongoDB Documentation, Release 3.2.5

db.restaurants.createIndex({ location: "2dsphere" })
db.neighborhoods.createIndex({ geometry: "2dsphere" })

Exploring the Data Inspect an entry in the newly-created restaurants collection from within the mongo shell:
db.restaurants.findOne()

This query returns a document like the following:
{
location: {
type: "Point",
coordinates: [-73.856077, 40.848447]
},
name: "Morris Park Bake Shop"
}

This restaurant document corresponds to the location shown in the following figure:

Because the tutorial uses a 2dsphere index, the geometry data in the location field must follow the doc:GeoJSON
format .
Now inspect an entry in the neighborhoods collection:
db.neighborhoods.findOne()

This query will return a document like the following:
{
geometry: {
type: "Polygon",
coordinates: [[
[ -73.99, 40.75 ],
...
[ -73.98, 40.76 ],

548

Chapter 10. Indexes

MongoDB Documentation, Release 3.2.5

[ -73.99, 40.75 ]
]]
},
name: "Hell's Kitchen"
}

This geometry corresponds to the region depicted in the following figure:

Find the Current Neighborhood Assuming the user’s mobile device can give a reasonably accurate location for
the user, it is simple to find the user’s current neighborhood with $geoIntersects.
Suppose the user is located at -73.93414657 longitude and 40.82302903 latitude. To find the current neighborhood,
you will specify a point using the special $geometry field in GeoJSON format:

db.neighborhoods.findOne({ geometry: { $geoIntersects: { $geometry: { type: "Point", coordinates: [ -

This query will return the following result:
{
"_id" : ObjectId("55cb9c666c522cafdb053a68"),
"geometry" : {
"type" : "Polygon",

10.9. Additional Considerations

549

MongoDB Documentation, Release 3.2.5

"coordinates" : [
[
[
-73.93383000695911,
40.81949109558767
],
...
]
]
},
"name" : "Central Harlem North-Polo Grounds"
}

Find all Restaurants in the Neighborhood You can also query to find all restaurants contained in a given neighborhood. Run the following in the mongo shell to find the neighborhood containing the user, and then count the
restaurants within that neighborhood:

var neighborhood = db.neighborhoods.findOne( { geometry: { $geoIntersects: { $geometry: { type: "Poin
db.restaurants.find( { location: { $geoWithin: { $geometry: neighborhood.geometry } } } ).count()

This query will tell you that there are 127 restaurants in the requested neighborhood, visualized in the following figure:

Find Restaurants within a Distance To find restaurants within a specified distance of a point, you can use either
$geoWithin with $centerSphere to return results in unsorted order, or nearSphere with $maxDistance
if you need results sorted by distance.
Unsorted with $geoWithin To find restaurants within a circular region, use $geoWithin with
$centerSphere. $centerSphere is a MongoDB-specific syntax to denote a circular region by specifying
the center and the radius in radians.
$geoWithin does not return the documents in any specific order, so it may show the user the furthest documents
first.
The following will find all restaurants within five miles of the user:
db.restaurants.find({ location:
{ $geoWithin:
{ $centerSphere: [ [ -73.93414657, 40.82302903 ], 5 / 3963.2 ] } } })

$centerSphere‘s second argument accepts the radius in radians, so you must divide it by the radius of the earth
in miles. See Calculate Distance Using Spherical Geometry (page 562) for more information on converting between
distance units.
Sorted with $nearSphere You may also use $nearSphere and specify a $maxDistance term in meters.
This will return all restaurants within five miles of the user in sorted order from nearest to farthest:

var METERS_PER_MILE = 1609.34
db.restaurants.find({ location: { $nearSphere: { $geometry: { type: "Point", coordinates: [ -73.93414

550

Chapter 10. Indexes

MongoDB Documentation, Release 3.2.5

10.9. Additional Considerations

551

MongoDB Documentation, Release 3.2.5

On this page
Query a 2dsphere Index

•
•
•
•

GeoJSON Objects Bounded by a Polygon (page 552)
Intersections of GeoJSON Objects (page 552)
Proximity to a GeoJSON Point (page 553)
Points within a Circle Defined on a Sphere (page 553)

The following sections describe queries supported by the 2dsphere index.
GeoJSON Objects Bounded by a Polygon The $geoWithin operator queries for location data found within a
GeoJSON polygon. Your location data must be stored in GeoJSON format. Use the following syntax:
db..find( { :
{ $geoWithin :
{ $geometry :
{ type : "Polygon" ,
coordinates : [ ]
} } } } )

The following example selects all points and shapes that exist entirely within a GeoJSON polygon:
db.places.find( { loc :
{ $geoWithin :
{ $geometry :
{ type : "Polygon" ,
coordinates : [ [
[
[
[
[
] ]
} } } } )

0
3
6
0

,
,
,
,

0
6
1
0

] ,
] ,
] ,
]

Intersections of GeoJSON Objects New in version 2.4.
The $geoIntersects operator queries for locations that intersect a specified GeoJSON object. A location intersects the object if the intersection is non-empty. This includes documents that have a shared edge.
The $geoIntersects operator uses the following syntax:
db..find( { :
{ $geoIntersects :
{ $geometry :
{ type : "" ,
coordinates : [ ]
} } } } )

The following example uses $geoIntersects to select all indexed points and shapes that intersect with the polygon
defined by the coordinates array.
db.places.find( { loc :
{ $geoIntersects :
{ $geometry :
{ type : "Polygon" ,
coordinates: [ [
[ 0 , 0 ] ,

552

Chapter 10. Indexes

MongoDB Documentation, Release 3.2.5

[ 3 , 6 ] ,
[ 6 , 1 ] ,
[ 0 , 0 ]
] ]
} } } } )

Proximity to a GeoJSON Point Proximity queries return the points closest to the defined point and sorts the results
by distance. A proximity query on GeoJSON data requires a 2dsphere index.
To query for proximity to a GeoJSON point, use either the $near operator or geoNear command. Distance is in
meters.
The $near uses the following syntax:
db..find( { :
{ $near :
{ $geometry :
{ type : "Point" ,
coordinates : [ , ] } ,
$maxDistance :
} } } )

For examples, see $near.
The geoNear command uses the following syntax:
db.runCommand( { geoNear : ,
near : { type : "Point" ,
coordinates: [ , ] } ,
spherical : true } )

The geoNear command offers more options and returns more information than does the $near operator. To run the
command, see geoNear.
Points within a Circle Defined on a Sphere To select all grid coordinates in a “spherical cap” on a sphere, use
$geoWithin with the $centerSphere operator. Specify an array that contains:
• The grid coordinates of the circle’s center point
• The circle’s radius measured in radians. To calculate radians, see Calculate Distance Using Spherical Geometry
(page 562).
Use the following syntax:
db..find( { :
{ $geoWithin :
{ $centerSphere :
[ [ , ] , ] }
} } )

The following example queries grid coordinates and returns all documents within a 10 mile radius of longitude 88 W
and latitude 30 N. The example converts the distance, 10 miles, to radians by dividing by the approximate equatorial
radius of the earth, 3963.2 miles:
db.places.find( { loc :
{ $geoWithin :
{ $centerSphere :
[ [ -88 , 30 ] , 10 / 3963.2 ]
} } } )

10.9. Additional Considerations

553

MongoDB Documentation, Release 3.2.5

On this page

GeoJSON Objects

•
•
•
•
•
•
•
•

Overview (page 554)
Point (page 554)
LineString (page 554)
Polygon (page 554)
MultiPoint (page 555)
MultiLineString (page 556)
MultiPolygon (page 556)
GeometryCollection (page 556)

Overview MongoDB supports the GeoJSON object types listed on this page.
To specify GeoJSON data, use a document with a type field specifying the GeoJSON object type and a
coordinates field specifying the object’s coordinates:
{ type: "" , coordinates: }

Important: Always list coordinates in longitude, latitude order.
The default coordinate reference system for GeoJSON uses the WGS84 datum.
Point New in version 2.4.
The following example specifies a GeoJSON Point7 :
{ type: "Point", coordinates: [ 40, 5 ] }

LineString New in version 2.4.
The following example specifies a GeoJSON LineString8 :
{ type: "LineString", coordinates: [ [ 40, 5 ], [ 41, 6 ] ] }

Polygon New in version 2.4.
Polygons9 consist of an array of GeoJSON LinearRing coordinate arrays. These LinearRings are closed
LineStrings. Closed LineStrings have at least four coordinate pairs and specify the same position as the
first and last coordinates.
The line that joins two points on a curved surface may or may not contain the same set of co-ordinates that joins those
two points on a flat surface. The line that joins two points on a curved surface will be a geodesic. Carefully check
points to avoid errors with shared edges, as well as overlaps and other types of intersections.
Polygons with a Single Ring The following example specifies a GeoJSON Polygon with an exterior ring and no
interior rings (or holes). The first and last coordinates must match in order to close the polygon:
7 http://geojson.org/geojson-spec.html#point
8 http://geojson.org/geojson-spec.html#linestring
9 http://geojson.org/geojson-spec.html#polygon

554

Chapter 10. Indexes

MongoDB Documentation, Release 3.2.5

{
type: "Polygon",
coordinates: [ [ [ 0 , 0 ] , [ 3 , 6 ] , [ 6 , 1 ] , [ 0 , 0

] ] ]

}

For Polygons with a single ring, the ring cannot self-intersect.
Polygons with Multiple Rings For Polygons with multiple rings:
• The first described ring must be the exterior ring.
• The exterior ring cannot self-intersect.
• Any interior ring must be entirely contained by the outer ring.
• Interior rings cannot intersect or overlap each other. Interior rings cannot share an edge.
The following example represents a GeoJSON polygon with an interior ring:
{
type : "Polygon",
coordinates : [
[ [ 0 , 0 ] , [ 3 , 6 ] , [ 6 , 1 ] , [ 0 , 0 ] ],
[ [ 2 , 2 ] , [ 3 , 3 ] , [ 4 , 2 ] , [ 2 , 2 ] ]
]
}

MultiPoint New in version 2.6: Requires 2dsphere (Version 2) (page 543)
GeoJSON MultiPoint embedded documents encode a list of
points.
{
type: "MultiPoint",
coordinates: [

10.9. Additional Considerations

555

MongoDB Documentation, Release 3.2.5

[
[
[
[

-73.9580,
-73.9498,
-73.9737,
-73.9814,

40.8003
40.7968
40.7648
40.7681

],
],
],
]

]
}

MultiLineString New in version 2.6: Requires 2dsphere (Version 2) (page 543)
The following example specifies a GeoJSON MultiLineString10 :
{
type: "MultiLineString",
coordinates: [
[ [ -73.96943, 40.78519
[ [ -73.96415, 40.79229
[ [ -73.97162, 40.78205
[ [ -73.97880, 40.77247
]

],
],
],
],

[
[
[
[

-73.96082,
-73.95544,
-73.96374,
-73.97036,

40.78095
40.78854
40.77715
40.76811

]
]
]
]

],
],
],
]

}

MultiPolygon New in version 2.6: Requires 2dsphere (Version 2) (page 543)
The following example specifies a GeoJSON MultiPolygon11 :
{

type: "MultiPolygon",
coordinates: [
[ [ [ -73.958, 40.8003 ], [ -73.9498, 40.7968 ], [ -73.9737, 40.7648 ], [ -73.9814, 40.7681 ], [
[ [ [ -73.958, 40.8003 ], [ -73.9498, 40.7968 ], [ -73.9737, 40.7648 ], [ -73.958, 40.8003 ] ] ]
]
}

GeometryCollection New in version 2.6: Requires 2dsphere (Version 2) (page 543)
The following example stores coordinates of GeoJSON type GeometryCollection12 :
{
type: "GeometryCollection",
geometries: [
{
type: "MultiPoint",
coordinates: [
[ -73.9580, 40.8003 ],
[ -73.9498, 40.7968 ],
[ -73.9737, 40.7648 ],
[ -73.9814, 40.7681 ]
]
},
{
type: "MultiLineString",
coordinates: [
[ [ -73.96943, 40.78519 ], [ -73.96082, 40.78095 ] ],
10 http://geojson.org/geojson-spec.html#multilinestring
11 http://geojson.org/geojson-spec.html#multipolygon
12 http://geojson.org/geojson-spec.html#geometrycollection

556

Chapter 10. Indexes

MongoDB Documentation, Release 3.2.5

[ [ -73.96415, 40.79229 ], [ -73.95544, 40.78854 ] ],
[ [ -73.97162, 40.78205 ], [ -73.96374, 40.77715 ] ],
[ [ -73.97880, 40.77247 ], [ -73.97036, 40.76811 ] ]
]
}
]
}

10.9.6 2d Indexes
On this page
•
•
•
•

Considerations (page 557)
Behavior (page 557)
Points on a 2D Plane (page 558)
sparse Property (page 558)

Use a 2d index for data stored as points on a two-dimensional plane. The 2d index is intended for legacy coordinate
pairs used in MongoDB 2.2 and earlier.
Use a 2d index if:
• your database has legacy location data from MongoDB 2.2 or earlier, and
• you do not intend to store any location data as GeoJSON objects.
See the https://docs.mongodb.org/manual/reference/operator/query-geospatial for the
query operators that support geospatial queries.
Considerations
The geoNear command and the $geoNear pipeline stage require that a collection have at most only one 2d index
and/or only one 2dsphere index (page 543) whereas geospatial query operators (e.g. $near and $geoWithin)
permit collections to have multiple geospatial indexes.
The geospatial index restriction for the geoNear command and the $geoNear pipeline stage exists because neither
the geoNear command nor the $geoNear pipeline stage syntax includes the location field. As such, index selection
among multiple 2d indexes or 2dsphere indexes is ambiguous.
No such restriction applies for geospatial query operators since these operators take a location field, eliminating the
ambiguity.
Do not use a 2d index if your location data includes GeoJSON objects. To index on both legacy coordinate pairs and
GeoJSON objects, use a 2dsphere (page 543) index.
You cannot use a 2d index as a shard key when sharding a collection. However, you can create and maintain a
geospatial index on a sharded collection by using a different field as the shard key.
Behavior
The 2d index supports calculations on a flat, Euclidean plane. The 2d index also supports distance-only calculations
on a sphere, but for geometric calculations (e.g. $geoWithin) on a sphere, store data as GeoJSON objects and use
the 2dsphere index type.

10.9. Additional Considerations

557

MongoDB Documentation, Release 3.2.5

A 2d index can reference two fields. The first must be the location field. A 2d compound index constructs queries
that select first on the location field, and then filters those results by the additional criteria. A compound 2d index can
cover queries.
Points on a 2D Plane
To store location data as legacy coordinate pairs, use an array or an embedded document. When possible, use the array
format:
loc : [ , ]

Consider the embedded document form:
loc : { lng : , lat : }

Arrays are preferred as certain languages do not guarantee associative map ordering.
For all points, if you use longitude and latitude, store coordinates in longitude, latitude order.
sparse Property
2d indexes are sparse (page 574) by default and ignores the sparse: true (page 574) option. If a document lacks a
2d index field (or the field is null or an empty array), MongoDB does not add an entry for the document to the 2d
index. For inserts, MongoDB inserts the document but does not add to the 2d index.
For a compound index that includes a 2d index key along with keys of other types, only the 2d index field determines
whether the index references a document.
Create a 2d Index

On this page
• Define Location Range for a 2d Index (page 558)
• Define Location Precision for a 2d Index (page 559)
To build a geospatial 2d index, use the db.collection.createIndex() method and specify 2d. Use the
following syntax:
db..createIndex( { : "2d" ,
: } ,
{ } )

The 2d index uses the following optional index-specification options:
{ min : , max : ,
bits : }

Define Location Range for a 2d Index By default, a 2d index assumes longitude and latitude and has boundaries of
-180 inclusive and 180 non-inclusive. If documents contain coordinate data outside of the specified range, MongoDB
returns an error.
Important: The default boundaries allow applications to insert documents with invalid latitudes greater than 90 or
less than -90. The behavior of geospatial queries with such invalid points is not defined.

558

Chapter 10. Indexes

MongoDB Documentation, Release 3.2.5

On 2d indexes you can change the location range.
You can build a 2d geospatial index with a location range other than the default. Use the min and max options when
creating the index. Use the following syntax:
db.collection.createIndex( { : "2d" } ,
{ min : , max : } )

Define Location Precision for a 2d Index By default, a 2d index on legacy coordinate pairs uses 26 bits of precision, which is roughly equivalent to 2 feet or 60 centimeters of precision using the default range of -180 to 180.
Precision is measured by the size in bits of the geohash values used to store location data. You can configure geospatial indexes with up to 32 bits of precision.
Index precision does not affect query accuracy. The actual grid coordinates are always used in the final query processing. Advantages to lower precision are a lower processing overhead for insert operations and use of less space. An
advantage to higher precision is that queries scan smaller portions of the index to return results.
To configure a location precision other than the default, use the bits option when creating the index. Use following
syntax:
db..createIndex( { : ""} ,
{ bits : } )

For information on the internals of geohash values, see Calculation of Geohash Values for 2d Indexes (page 561).
Query a 2d Index

On this page
•
•
•
•

Points within a Shape Defined on a Flat Surface (page 559)
Points within a Circle Defined on a Sphere (page 560)
Proximity to a Point on a Flat Surface (page 560)
Exact Matches on a Flat Surface (page 561)

The following sections describe queries supported by the 2d index.
Points within a Shape Defined on a Flat Surface To select all legacy coordinate pairs found within a given shape
on a flat surface, use the $geoWithin operator along with a shape operator. Use the following syntax:
db..find( { :
{ $geoWithin :
{ $box|$polygon|$center :
} } } )

The following queries for documents within a rectangle defined by [ 0 , 0 ] at the bottom left corner and by [
100 , 100 ] at the top right corner.
db.places.find( { loc :
{ $geoWithin :
{ $box : [ [ 0 , 0 ] ,
[ 100 , 100 ] ]
} } } )

10.9. Additional Considerations

559

MongoDB Documentation, Release 3.2.5

The following queries for documents that are within the circle centered on [ -74 , 40.74 ] and with a radius of
10:
db.places.find( { loc: { $geoWithin :
{ $center : [ [-74, 40.74 ] , 10 ]
} } } )

For syntax and examples for each shape, see the following:
• $box
• $polygon
• $center (defines a circle)
Points within a Circle Defined on a Sphere MongoDB supports rudimentary spherical queries on flat 2d indexes
for legacy reasons. In general, spherical calculations should use a 2dsphere index, as described in 2dsphere Indexes
(page 543).
To query for legacy coordinate pairs in a “spherical cap” on a sphere, use $geoWithin with the $centerSphere
operator. Specify an array that contains:
• The grid coordinates of the circle’s center point
• The circle’s radius measured in radians. To calculate radians, see Calculate Distance Using Spherical Geometry
(page 562).
Use the following syntax:
db..find( { :
{ $geoWithin :
{ $centerSphere : [ [ , ] , ] }
} } )

The following example query returns all documents within a 10-mile radius of longitude 88 W and latitude 30 N. The
example converts distance to radians by dividing distance by the approximate equatorial radius of the earth, 3963.2
miles:
db..find( { loc : { $geoWithin :
{ $centerSphere :
[ [ 88 , 30 ] , 10 / 3963.2 ]
} } } )

Proximity to a Point on a Flat Surface Proximity queries return the legacy coordinate pairs closest to the defined
point and sort the results by distance. Use either the $near operator or geoNear command. Both require a 2d
index.
The $near operator uses the following syntax:
db..find( { :
{ $near : [ , ]
} } )

For examples, see $near.
The geoNear command uses the following syntax:
db.runCommand( { geoNear: , near: [ , ] } )

The geoNear command offers more options and returns more information than does the $near operator. To run the
command, see geoNear.
560

Chapter 10. Indexes

MongoDB Documentation, Release 3.2.5

Exact Matches on a Flat Surface Changed in version 2.6: Previously, 2d indexes would support exact-match
queries for coordinate pairs.
You cannot use a 2d index to return an exact match for a coordinate pair. Use a scalar, ascending or descending, index
on a field that stores coordinates to return exact matches.
In the following example, the find() operation will return an exact match on a location if you have a { ’loc’:
1} index:
db..find( { loc: [ , ] } )

This query will return any documents with the value of [ , ].
2d Index Internals

On this page
• Calculation of Geohash Values for 2d Indexes (page 561)
• Multi-location Documents for 2d Indexes (page 561)
This document provides a more in-depth explanation of the internals of MongoDB’s 2d geospatial indexes. This
material is not necessary for normal operations or application development but may be useful for troubleshooting and
for further understanding.
Calculation of Geohash Values for 2d Indexes When you create a geospatial index on legacy coordinate pairs,
MongoDB computes geohash values for the coordinate pairs within the specified location range (page 558) and then
indexes the geohash values.
To calculate a geohash value, recursively divide a two-dimensional map into quadrants. Then assign each quadrant a
two-bit value. For example, a two-bit representation of four quadrants would be:
01

These two-bit values (00, 01, 10, and 11) represent each of the quadrants and all points within each quadrant. For
a geohash with two bits of resolution, all points in the bottom left quadrant would have a geohash of 00. The top
left quadrant would have the geohash of 01. The bottom right and top right would have a geohash of 10 and 11,
respectively.
To provide additional precision, continue dividing each quadrant into sub-quadrants. Each sub-quadrant would have
the geohash value of the containing quadrant concatenated with the value of the sub-quadrant. The geohash for the
upper-right quadrant is 11, and the geohash for the sub-quadrants would be (clockwise from the top left): 1101,
1111, 1110, and 1100, respectively.
Multi-location Documents for 2d Indexes
Note: 2dsphere (page 543) indexes can cover multiple geospatial fields in a document, and can express lists of points
using MultiPoint (page 555) embedded documents.
While 2d geospatial indexes do not support more than one geospatial field in a document, you can use a multi-key
index (page 525) to index multiple coordinate pairs in a single document. In the simplest example you may have a
field (e.g. locs) that holds an array of coordinates, as in the following example:

10.9. Additional Considerations

561

MongoDB Documentation, Release 3.2.5

db.places.save( {
locs : [ [ 55.5 , 42.3 ] ,
[ -74 , 44.74 ] ,
{ lng : 55.5 , lat : 42.3 } ]
} )

The values of the array may be either arrays, as in [ 55.5, 42.3 ], or embedded documents, as in { lng :
55.5 , lat : 42.3 }.
You could then create a geospatial index on the locs field, as in the following:
db.places.createIndex( { "locs": "2d" } )

You may also model the location data as a field inside of an embedded document. In this case, the document would
contain a field (e.g. addresses) that holds an array of documents where each document has a field (e.g. loc:) that
holds location coordinates. For example:
db.records.save( {
name : "John Smith",
addresses : [ {
context
loc : [
} ,
{
context
loc : [
}
]
} )

: "home" ,
55.5, 42.3 ]

: "work",
-74 , 44.74 ]

You could then create the geospatial index on the addresses.loc field as in the following example:
db.records.createIndex( { "addresses.loc": "2d" } )

To include the location field with the distance field in multi-location document queries, specify includeLocs:
true in the geoNear command.
Calculate Distance Using Spherical Geometry

On this page
• Distance Multiplier (page 564)

Note: While basic queries using spherical distance are supported by the 2d index, consider moving to a 2dsphere
index if your data is primarily longitude and latitude.
The 2d index supports queries that calculate distances on a Euclidean plane (flat surface). The index also supports the
following query operators and command that calculate distances using spherical geometry:
• $nearSphere
• $centerSphere
• $near
• geoNear command with the { spherical:

562

true } option.

Chapter 10. Indexes

MongoDB Documentation, Release 3.2.5

Important: These three queries use radians for distance. Other query types do not.
For spherical query operators to function properly, you must convert distances to radians, and convert from radians to
the distances units used by your application.
To convert:
• distance to radians: divide the distance by the radius of the sphere (e.g. the Earth) in the same units as the
distance measurement.
• radians to distance: multiply the radian measure by the radius of the sphere (e.g. the Earth) in the units system
that you want to convert the distance to.
The equatorial radius of the Earth is approximately 3,963.2 miles or 6,378.1 kilometers.
The following query would return documents from the places collection within the circle described by the center [
-74, 40.74 ] with a radius of 100 miles:
db.places.find( { loc: { $geoWithin: { $centerSphere: [ [ -74, 40.74 ] ,
100 / 3963.2 ] } } } )

You may also use the distanceMultiplier option to the geoNear to convert radians in the mongod process,
rather than in your application code. See distance multiplier (page 564).
The following spherical query, returns all documents in the collection places within 100 miles from the point [
-74, 40.74 ].
db.runCommand( { geoNear: "places",
near: [ -74, 40.74 ],
spherical: true
} )

The output of the above command would be:
{
// [ ... ]
"results" : [
{
"dis" : 0.01853688938212826,
"obj" : {
"_id" : ObjectId( ... )
"loc" : [
-73,
40
]
}
}
],
"stats" : {
// [ ... ]
"avgDistance" : 0.01853688938212826,
"maxDistance" : 0.01853714811400047
},
"ok" : 1
}

Warning: Spherical queries that wrap around the poles or at the transition from -180 to 180 longitude raise an
error.

10.9. Additional Considerations

563

MongoDB Documentation, Release 3.2.5

Note: While the default Earth-like bounds for geospatial indexes are between -180 inclusive, and 180, valid values
for latitude are between -90 and 90.

Distance Multiplier The distanceMultiplier option of the geoNear command returns distances only after
multiplying the results by an assigned value. This allows MongoDB to return converted values, and removes the
requirement to convert units in application logic.
Using distanceMultiplier in spherical queries provides results from the geoNear command that do not need
radian-to-distance conversion. The following example uses distanceMultiplier in the geoNear command
with a spherical (page 562) example:
db.runCommand( { geoNear: "places",
near: [ -74, 40.74 ],
spherical: true,
distanceMultiplier: 3963.2
} )

The output of the above operation would resemble the following:
{
// [ ... ]
"results" : [
{
"dis" : 73.46525170413567,
"obj" : {
"_id" : ObjectId( ... )
"loc" : [
-73,
40
]
}
}
],
"stats" : {
// [ ... ]
"avgDistance" : 0.01853688938212826,
"maxDistance" : 0.01853714811400047
},
"ok" : 1
}

10.9.7 Hashed Indexes
On this page
• Hashing Function (page 565)
• Create a Hashed Index (page 565)
• Considerations (page 565)
New in version 2.4.
Hashed indexes maintain entries with hashes of the values of the indexed field.
Hashed indexes support sharding (page 733) using hashed shard keys. Hashed based sharding (page 748) uses a
hashed index of a field as the shard key to partition data across your sharded cluster.

564

Chapter 10. Indexes

MongoDB Documentation, Release 3.2.5

Using a hashed shard key to shard a collection results in a more random distribution of data. See Shard a Collection
Using a Hashed Shard Key (page 773) for more details.
Hashing Function
Hashed indexes uses a hashing function to compute the hash of the value of the index field. The hashing function
collapses embedded documents and computes the hash for the entire value but does not support multi-key (i.e. arrays)
indexes.
Tip
MongoDB automatically computes the hashes when resolving queries using hashed indexes. Applications do not need
to compute hashes.

Create a Hashed Index
To create a hashed index (page 564), specify hashed as the value of the index key, as in the following example:
db.collection.createIndex( { _id: "hashed" } )

Considerations
MongoDB supports hashed indexes of any single field. The hashing function collapses embedded documents and
computes the hash for the entire value, but does not support multi-key (i.e. arrays) indexes.
You may not create compound indexes that have hashed index fields or specify a unique constraint
on a hashed index; however, you can create both a hashed index and an ascending/descending
(i.e. non-hashed) index on the same field: MongoDB will use the scalar index for range queries.
Warning: MongoDB hashed indexes truncate floating point numbers to 64-bit integers before hashing. For
example, a hashed index would store the same value for a field that held a value of 2.3, 2.2, and 2.9. To
prevent collisions, do not use a hashed index for floating point numbers that cannot be reliably converted to
64-bit integers (and then back to floating point). MongoDB hashed indexes do not support floating point values
larger than 253 .

10.9.8 Index Properties
In addition to the numerous index types (page 516) MongoDB supports, indexes can also have various properties. The
following documents detail the index properties that you can select when building an index.
TTL Indexes (page 566) The TTL index is used for TTL collections, which expire data after a period of time.
Unique Indexes (page 568) A unique index causes MongoDB to reject all documents that contain a duplicate value
for the indexed field.
Partial Indexes (page 570) A partial index indexes only documents that meet specified filter criteria.
Sparse Indexes (page 574) A sparse index does not index documents that do not have the indexed field.

10.9. Additional Considerations

565

MongoDB Documentation, Release 3.2.5

TTL Indexes

On this page
• Behavior (page 566)
• Restrictions (page 567)
TTL indexes are special single-field indexes that MongoDB can use to automatically remove documents from a collection after a certain amount of time. Data expiration is useful for certain types of information like machine generated
event data, logs, and session information that only need to persist in a database for a finite amount of time.
To create a TTL index, use the db.collection.createIndex() method with the expireAfterSeconds
option on a field whose value is either a date (page 15) or an array that contains date values (page 15).
For example, to create a TTL index on the lastModifiedDate field of the eventlog collection, use the following
operation in the mongo shell:
db.eventlog.createIndex( { "lastModifiedDate": 1 }, { expireAfterSeconds: 3600 } )

Behavior

Expiration of Data TTL indexes expire documents after the specified number of seconds has passed since the
indexed field value; i.e. the expiration threshold is the indexed field value plus the specified number of seconds.
If the field is an array, and there are multiple date values in the index, MongoDB uses lowest (i.e. earliest) date value
in the array to calculate the expiration threshold.
If the indexed field in a document is not a date or an array that holds a date value(s), the document will not expire.
If a document does not contain the indexed field, the document will not expire.
Delete Operations A background thread in mongod reads the values in the index and removes expired documents
from the collection.
When the TTL thread is active, you will see delete (page 114) operations in the output of db.currentOp() or in
the data collected by the database profiler (page 326).
Timing of the Delete Operation When you build a TTL index in the background (page 577), the TTL thread can
begin deleting documents while the index is building. If you build a TTL index in the foreground, MongoDB begins
removing expired documents as soon as the index finishes building.
The TTL index does not guarantee that expired data will be deleted immediately upon expiration. There may be a
delay between the time a document expires and the time that MongoDB removes the document from the database.
The background task that removes expired documents runs every 60 seconds. As a result, documents may remain in a
collection during the period between the expiration of the document and the running of the background task.
Because the duration of the removal operation depends on the workload of your mongod instance, expired data may
exist for some time beyond the 60 second period between runs of the background task.
Replica Sets On replica sets, the TTL background thread only deletes documents on the primary. However, the TTL
background thread does run on secondaries. Secondary members replicate deletion operations from the primary.
Support for Queries A TTL index supports queries in the same way non-TTL indexes do.
566

Chapter 10. Indexes

MongoDB Documentation, Release 3.2.5

Record Allocation A collection with a TTL index has usePowerOf2Sizes enabled, and you cannot modify this
setting for the collection. As a result of enabling usePowerOf2Sizes, MongoDB must allocate more disk space
relative to data size. This approach helps mitigate the possibility of storage fragmentation caused by frequent delete
operations and leads to more predictable storage use patterns.
Restrictions

• TTL indexes are a single-field indexes. Compound indexes (page 522) do not support TTL and ignores the
expireAfterSeconds option.
• The _id field does not support TTL indexes.
• You cannot create a TTL index on a capped collection (page 6) because MongoDB cannot remove documents
from a capped collection.
• You cannot use createIndex() to change the value of expireAfterSeconds of an existing index.
Instead use the collMod database command in conjunction with the index collection flag. Otherwise, to
change the value of the option of an existing index, you must drop the index first and recreate.
• If a non-TTL single-field index already exists for a field, you cannot create a TTL index on the same field
since you cannot create indexes that have the same key specification and differ only by the options. To
change a non-TTL single-field index to a TTL index, you must drop the index first and recreate with the
expireAfterSeconds option.

On this page
Expire Data from Collections by Setting TTL

• Procedures (page 567)

This document provides an introduction to MongoDB’s “time to live” or TTL collection feature. TTL collections make
it possible to store data in MongoDB and have the mongod automatically remove data after a specified number of
seconds or at a specific clock time.
Data expiration is useful for some classes of information, including machine generated event data, logs, and session
information that only need to persist for a limited period of time.
A special TTL index property (page 566) supports the implementation of TTL collections. The TTL feature relies on a
background thread in mongod that reads the date-typed values in the index and removes expired documents from the
collection.
Procedures To create a TTL index (page 566), use the db.collection.createIndex() method with the
expireAfterSeconds option on a field whose value is either a date (page 15) or an array that contains date
values (page 15).
Note: The TTL index is a single field index. Compound indexes do not support the TTL property. For more
information on TTL indexes, see TTL Indexes (page 566).
You can modify the expireAfterSeconds of an existing TTL index using the collMod command.
Expire Documents after a Specified Number of Seconds To expire data after a specified number of seconds has
passed since the indexed field, create a TTL index on a field that holds values of BSON date type or an array of BSON
date-typed objects and specify a positive non-zero value in the expireAfterSeconds field. A document will

10.9. Additional Considerations

567

MongoDB Documentation, Release 3.2.5

expire when the number of seconds in the expireAfterSeconds field has passed since the time specified in its
indexed field. 13
For example, the following operation creates an index on the log_events collection’s createdAt field and specifies the expireAfterSeconds value of 3600 to set the expiration time to be one hour after the time specified by
createdAt.
db.log_events.createIndex( { "createdAt": 1 }, { expireAfterSeconds: 3600 } )

When adding documents to the log_events collection, set the createdAt field to the current time:
db.log_events.insert( {
"createdAt": new Date(),
"logEvent": 2,
"logMessage": "Success!"
} )

MongoDB will automatically delete documents from the log_events collection when the document’s createdAt
value 1 is older than the number of seconds specified in expireAfterSeconds.
See also:
$currentDate operator
Expire Documents at a Specific Clock Time To expire documents at a specific clock time, begin by creating a
TTL index on a field that holds values of BSON date type or an array of BSON date-typed objects and specify an
expireAfterSeconds value of 0. For each document in the collection, set the indexed date field to a value
corresponding to the time the document should expire. If the indexed date field contains a date in the past, MongoDB
considers the document expired.
For example, the following operation creates an index on the log_events collection’s expireAt field and specifies
the expireAfterSeconds value of 0:
db.log_events.createIndex( { "expireAt": 1 }, { expireAfterSeconds: 0 } )

For each document, set the value of expireAt to correspond to the time the document should expire. For instance,
the following insert() operation adds a document that should expire at July 22, 2013 14:00:00.
db.log_events.insert( {
"expireAt": new Date('July 22, 2013 14:00:00'),
"logEvent": 2,
"logMessage": "Success!"
} )

MongoDB will automatically delete documents from the log_events collection when the documents’ expireAt
value is older than the number of seconds specified in expireAfterSeconds, i.e. 0 seconds older in this case. As
such, the data expires at the specified expireAt value.
Unique Indexes

On this page
• Create a Unique Index (page 569)
• Behavior (page 569)
13 If the field contains an array of BSON date-typed objects, data expires if at least one of BSON date-typed object is older than the number of
seconds specified in expireAfterSeconds.

568

Chapter 10. Indexes

MongoDB Documentation, Release 3.2.5

A unique index ensures that the indexed fields do not store duplicate values; i.e. enforces uniqueness for the indexed
fields. By default, MongoDB creates a unique index on the _id (page 11) field during the creation of a collection.
Create a Unique Index

To create a unique index, use the db.collection.createIndex() method with the unique option set to
true.
db.collection.createIndex( , { unique: true } )

Unique Index on a Single Field For example, to create a unique index on the user_id field of the members
collection, use the following operation in the mongo shell:
db.members.createIndex( { "user_id": 1 }, { unique: true } )

Unique Compound Index You can also enforce a unique constraint on compound indexes (page 522). If you use
the unique constraint on a compound index (page 522), then MongoDB will enforce uniqueness on the combination of
the index key values.
For example, to create a unique index on groupNumber, lastname, and firstname fields of the members
collection, use the following operation in the mongo shell:
db.members.createIndex( { groupNumber: 1, lastname: 1, firstname: 1 }, { unique: true } )

The created index enforces uniqueness for the combination of groupNumber, lastname, and firstname values.
Behavior

Restrictions MongoDB cannot create a unique index (page 568) on the specified index field(s) if the collection
already contains data that would violate the unique constraint for the index.
You may not specify a unique constraint on a hashed index (page 564).
Unique Constraint Across Separate Documents The unique constraint applies to separate documents in the collection. That is, the unique index prevents separate documents from having the same value for the indexed key, but the
index does not prevent a document from having multiple elements or embedded documents in an indexed array from
having the same value. In the case of a single document with repeating values, the repeated value is inserted into the
index only once.
For example, a collection has a unique index on a.b:
db.collection.createIndex( { "a.b": 1 }, { unique: true } )

The unique index permits the insertion of the following document into the collection if no other document in the
collection has the a.b value of 5:
db.collection.insert( { a: [ { b: 5 }, { b: 5 } ] } )

Unique Index and Missing Field If a document does not have a value for the indexed field in a unique index, the
index will store a null value for this document. Because of the unique constraint, MongoDB will only permit one
document that lacks the indexed field. If there is more than one document without a value for the indexed field or is
missing the indexed field, the index build will fail with a duplicate key error.

10.9. Additional Considerations

569

MongoDB Documentation, Release 3.2.5

For example, a collection has a unique index on x:
db.collection.createIndex( { "x": 1 }, { unique: true } )

The unique index allows the insertion of a document without the field x if the collection does not already contain a
document missing the field x:
db.collection.insert( { y: 1 } )

However, the unique index errors on the insertion of a document without the field x if the collection already contains
a document missing the field x:
db.collection.insert( { z: 1 } )

The operation fails to insert the document because of the violation of the unique constraint on the value of the field x:
WriteResult({
"nInserted" : 0,
"writeError" : {
"code" : 11000,
"errmsg" : "E11000 duplicate key error index: test.collection.$a.b_1 dup key: { : null }"
}
})

See also:
Unique Partial Indexes (page 570)
Unique Partial Indexes New in version 3.2.
Partial indexes only index the documents in a collection that meet a specified filter expression. If you specify both
the partialFilterExpression and a unique constraint (page 568), the unique constraint only applies to the
documents that meet the filter expression.
A partial index with a unique constraint does not prevent the insertion of documents that do not meet the unique
constraint if the documents do not meet the filter criteria. For an example, see Partial Index with Unique Constraint
(page 573).
Partial Indexes

On this page
•
•
•
•

Create a Partial Index (page 571)
Behavior (page 571)
Restrictions (page 572)
Examples (page 573)

New in version 3.2.
Partial indexes only index the documents in a collection that meet a specified filter expression. By indexing a subset
of the documents in a collection, partial indexes have lower storage requirements and reduced performance costs for
index creation and maintenance.

570

Chapter 10. Indexes

MongoDB Documentation, Release 3.2.5

Create a Partial Index

To create a partial index, use the db.collection.createIndex() method with the new
partialFilterExpression option. The partialFilterExpression option accepts a document that
specifies the filter condition using:
• equality expressions (i.e. field:
• $exists:

value or using the $eq operator),

true expression,

• $gt, $gte, $lt, $lte expressions,
• $type expressions,
• $and operator at the top-level only
For example, the following operation creates a compound index that indexes only the documents with a rating field
greater than 5.
db.restaurants.createIndex(
{ cuisine: 1, name: 1 },
{ partialFilterExpression: { rating: { $gt: 5 } } }
)

You can specify a partialFilterExpression option for all MongoDB index types (page 516).
Behavior

Query Coverage MongoDB will not use the partial index for a query or sort operation if using the index results in
an incomplete result set.
To use the partial index, a query must contain the filter expression (or a modified filter expression that specifies a
subset of the filter expression) as part of its query condition.
For example, given the following index:
db.restaurants.createIndex(
{ cuisine: 1 },
{ partialFilterExpression: { rating: { $gt: 5 } } }
)

The following query can use the index since the query predicate includes the condition rating: { $gte:
} that matches a subset of documents matched by the index filter expression ratings: { $gt: 5 }:

db.restaurants.find( { cuisine: "Italian", rating: { $gte: 8 } } )

However, the following query cannot use the partial index on the cuisine field because using the index results in
an incomplete result set. Specifically, the query predicate includes the condition rating: { $lt: 8 } while
the index has the filter rating: { $gt: 5 }. That is, the query { cuisine: "Italian", rating:
{ $lt: 8 } } matches more documents (e.g. an Italian restaurant with a rating equal to 1) than are indexed.
db.restaurants.find( { cuisine: "Italian", rating: { $lt: 8 } } )

Similarly, the following query cannot use the partial index because the query predicate does not include the filter
expression and using the index would return an incomplete result set.
db.restaurants.find( { cuisine: "Italian" } )

10.9. Additional Considerations

571

MongoDB Documentation, Release 3.2.5

Comparison with the sparse Index
Tip
Partial indexes represent a superset of the functionality offered by sparse indexes and should be preferred over sparse
indexes.
Partial indexes offer a more expressive mechanism than Sparse Indexes (page 574) indexes to specify which documents
are indexed.
Sparse indexes selects documents to index solely based on the existence of the indexed field, or for compound indexes,
the existence of the indexed fields.
Partial indexes determine the index entries based on the specified filter. The filter can include fields other than the
index keys and can specify conditions other than just an existence check. For example, a partial index can implement
the same behavior as a sparse index:
db.contacts.createIndex(
{ name: 1 },
{ partialFilterExpression: { name: { $exists: true } } }
)

This partial index supports the same queries as a sparse index on the name field.
However, a partial index can also specify filter expressions on fields other than the index key. For example, the
following operation creates a partial index, where the index is on the name field but the filter expression is on the
email field:
db.contacts.createIndex(
{ name: 1 },
{ partialFilterExpression: { email: { $exists: true } } }
)

For the query optimizer to choose this partial index, the query predicate must include a non-null match on the email
field as well as a condition on the name field.
For example, the following query can use the index:
db.contacts.find( { name: "xyz", email: { $regex: /\.org$/ } } )

However, the following query cannot use the index:
db.contacts.find( { name: "xyz", email: { $exists: false } } )

Restrictions

In MongoDB, you cannot create multiple versions of an index that differ only in the options. As such, you cannot
create multiple partial indexes that differ only by the filter expression.
You cannot specify both the partialFilterExpression option and the sparse option.
Earlier versions of MongoDB do not support partial indexes. For sharded clusters or replica sets, all nodes must be
version 3.2.
_id indexes cannot be partial indexes.
Shard key indexes cannot be partial indexes.

572

Chapter 10. Indexes

MongoDB Documentation, Release 3.2.5

Examples

Create a Partial Index On A Collection
the following

Consider a collection restaurants containing documents that resemble

{
"_id" : ObjectId("5641f6a7522545bc535b5dc9"),
"address" : {
"building" : "1007",
"coord" : [
-73.856077,
40.848447
],
"street" : "Morris Park Ave",
"zipcode" : "10462"
},
"borough" : "Bronx",
"cuisine" : "Bakery",
"rating" : { "date" : ISODate("2014-03-03T00:00:00Z"),
"grade" : "A",
"score" : 2
},
"name" : "Morris Park Bake Shop",
"restaurant_id" : "30075445"
}

You could add a partial index on the borough and cuisine fields choosing only to index documents where the
rating.grade field is A:
db.restaurants.createIndex(
{ borough: 1, cuisine: 1 },
{ partialFilterExpression: { 'rating.grade': { $eq: "A" } } }
)

Then, the following query on the restaurants collection uses the partial index to return the restaurants in the
Bronx with rating.grade equal to A:
db.restaurants.find( { borough: "Bronx", 'rating.grade': "A" } )

However, the following query cannot use the partial index because the query expression does not include the
rating.grade field:
db.restaurants.find( { borough: "Bronx", cuisine: "Bakery" } )

Partial Index with Unique Constraint Partial indexes only index the documents in a collection that meet a specified
filter expression. If you specify both the partialFilterExpression and a unique constraint (page 568), the
unique constraint only applies to the documents that meet the filter expression. A partial index with a unique constraint
does not prevent the insertion of documents that do not meet the unique constraint if the documents do not meet the
filter criteria.
For example, a collection users contains the following documents:
{ "_id" : ObjectId("56424f1efa0358a27fa1f99a"), "username" : "david", "age" : 29 }
{ "_id" : ObjectId("56424f37fa0358a27fa1f99b"), "username" : "amanda", "age" : 35 }
{ "_id" : ObjectId("56424fe2fa0358a27fa1f99c"), "username" : "rajiv", "age" : 57 }

The following operation creates an index that specifies a unique constraint (page 568) on the username field and a
partial filter expression age: { $gte: 21 }.

10.9. Additional Considerations

573

MongoDB Documentation, Release 3.2.5

db.users.createIndex(
{ username: 1 },
{ unique: true, partialFilterExpression: { age: { $gte: 21 } } }
)

The index prevents the insertion of the following documents since documents already exist with the specified usernames and the age fields are greater than 21:
db.users.insert( { username: "david", age: 27 } )
db.users.insert( { username: "amanda", age: 25 } )
db.users.insert( { username: "rajiv", age: 32 } )

However, the following documents with duplicate usernames are allowed since the unique constraint only applies to
documents with age greater than or equal to 21.
db.users.insert( { username: "david", age: 20 } )
db.users.insert( { username: "amanda" } )
db.users.insert( { username: "rajiv", age: null } )

Sparse Indexes

On this page
• Create a Sparse Index (page 574)
• Behavior (page 575)
• Examples (page 575)
Sparse indexes only contain entries for documents that have the indexed field, even if the index field contains a null
value. The index skips over any document that is missing the indexed field. The index is “sparse” because it does not
include all documents of a collection. By contrast, non-sparse indexes contain all documents in a collection, storing
null values for those documents that do not contain the indexed field.
Important: Changed in version 3.2: Starting in MongoDB 3.2, MongoDB provides the option to create partial
indexes (page 570). Partial indexes offer a superset of the functionality of sparse indexes. If you are using MongoDB
3.2 or later, partial indexes (page 570) should be preferred over sparse indexes.

Create a Sparse Index

To create a sparse index, use the db.collection.createIndex() method with the sparse option set to
true. For example, the following operation in the mongo shell creates a sparse index on the xmpp_id field of the
addresses collection:
db.addresses.createIndex( { "xmpp_id": 1 }, { sparse: true } )

The index does not index documents that do not include the xmpp_id field.
Note: Do not confuse sparse indexes in MongoDB with block-level14 indexes in other databases. Think of them as
dense indexes with a specific filter.
14 http://en.wikipedia.org/wiki/Database_index#Sparse_index

574

Chapter 10. Indexes

MongoDB Documentation, Release 3.2.5

Behavior

sparse Index and Incomplete Results Changed in version 2.6.
If a sparse index would result in an incomplete result set for queries and sort operations, MongoDB will not use that
index unless a hint() explicitly specifies the index.
For example, the query { x: { $exists: false } } will not use a sparse index on the x field unless
explicitly hinted. See Sparse Index On A Collection Cannot Return Complete Results (page 575) for an example that
details the behavior.
Indexes that are sparse by Default 2dsphere (version 2) (page 543), 2d (page 557), geoHaystack, and text
(page 533) indexes are always sparse.
sparse Compound Indexes Sparse compound indexes (page 522) that only contain ascending/descending index
keys will index a document as long as the document contains at least one of the keys.
For sparse compound indexes that contain a geospatial key (i.e. 2dsphere (page 543), 2d (page 557), or
geoHaystack index keys) along with ascending/descending index key(s), only the existence of the geospatial
field(s) in a document determine whether the index references the document.
For sparse compound indexes that contain text (page 533) index keys along with ascending/descending index keys,
only the existence of the text index field(s) determine whether the index references a document.
sparse and unique Properties An index that is both sparse and unique (page 568) prevents collection from
having documents with duplicate values for a field but allows multiple documents that omit the key.
Examples

Create a Sparse Index On A Collection Consider a collection scores that contains the following documents:
{ "_id" : ObjectId("523b6e32fb408eea0eec2647"), "userid" : "newbie" }
{ "_id" : ObjectId("523b6e61fb408eea0eec2648"), "userid" : "abby", "score" : 82 }
{ "_id" : ObjectId("523b6e6ffb408eea0eec2649"), "userid" : "nina", "score" : 90 }

The collection has a sparse index on the field score:
db.scores.createIndex( { score: 1 } , { sparse: true } )

Then, the following query on the scores collection uses the sparse index to return the documents that have the
score field less than ($lt) 90:
db.scores.find( { score: { $lt: 90 } } )

Because the document for the userid "newbie" does not contain the score field and thus does not meet the query
criteria, the query can use the sparse index to return the results:
{ "_id" : ObjectId("523b6e61fb408eea0eec2648"), "userid" : "abby", "score" : 82 }

Sparse Index On A Collection Cannot Return Complete Results Consider a collection scores that contains the
following documents:
{ "_id" : ObjectId("523b6e32fb408eea0eec2647"), "userid" : "newbie" }
{ "_id" : ObjectId("523b6e61fb408eea0eec2648"), "userid" : "abby", "score" : 82 }
{ "_id" : ObjectId("523b6e6ffb408eea0eec2649"), "userid" : "nina", "score" : 90 }

10.9. Additional Considerations

575

MongoDB Documentation, Release 3.2.5

The collection has a sparse index on the field score:
db.scores.createIndex( { score: 1 } , { sparse: true } )

Because the document for the userid "newbie" does not contain the score field, the sparse index does not contain
an entry for that document.
Consider the following query to return all documents in the scores collection, sorted by the score field:
db.scores.find().sort( { score: -1 } )

Even though the sort is by the indexed field, MongoDB will not select the sparse index to fulfill the query in order to
return complete results:
{ "_id" : ObjectId("523b6e6ffb408eea0eec2649"), "userid" : "nina", "score" : 90 }
{ "_id" : ObjectId("523b6e61fb408eea0eec2648"), "userid" : "abby", "score" : 82 }
{ "_id" : ObjectId("523b6e32fb408eea0eec2647"), "userid" : "newbie" }

To use the sparse index, explicitly specify the index with hint():
db.scores.find().sort( { score: -1 } ).hint( { score: 1 } )

The use of the index results in the return of only those documents with the score field:
{ "_id" : ObjectId("523b6e6ffb408eea0eec2649"), "userid" : "nina", "score" : 90 }
{ "_id" : ObjectId("523b6e61fb408eea0eec2648"), "userid" : "abby", "score" : 82 }

See also:
explain() and Analyze Query Performance (page 159)
Sparse Index with Unique Constraint Consider a collection scores that contains the following documents:
{ "_id" : ObjectId("523b6e32fb408eea0eec2647"), "userid" : "newbie" }
{ "_id" : ObjectId("523b6e61fb408eea0eec2648"), "userid" : "abby", "score" : 82 }
{ "_id" : ObjectId("523b6e6ffb408eea0eec2649"), "userid" : "nina", "score" : 90 }

You could create an index with a unique constraint (page 568) and sparse filter on the score field using the following
operation:
db.scores.createIndex( { score: 1 } , { sparse: true, unique: true } )

This index would permit the insertion of documents that had unique values for the score field or did not include a
score field. As such, given the existing documents in the scores collection, the index permits the following insert
operations (page 137):
db.scores.insert(
db.scores.insert(
db.scores.insert(
db.scores.insert(

{
{
{
{

"userid":
"userid":
"userid":
"userid":

"AAAAAAA", "score": 43 } )
"BBBBBBB", "score": 34 } )
"CCCCCCC" } )
"DDDDDDD" } )

However, the index would not permit the addition of the following documents since documents already exists with
score value of 82 and 90:
db.scores.insert( { "userid": "AAAAAAA", "score": 82 } )
db.scores.insert( { "userid": "BBBBBBB", "score": 90 } )

10.9.9 Index Build

576

Chapter 10. Indexes

MongoDB Documentation, Release 3.2.5

On this page
•
•
•
•

Background Construction (page 577)
Index Names (page 578)
View Index Build Operations (page 579)
Terminate Index Build Operation (page 579)

By default, creating an index blocks all other operations on a database. When building an index on a collection, the
database that holds the collection is unavailable for read or write operations until the index build completes. Any
operation that requires a read or write lock on all databases (e.g. listDatabases) will wait for the foreground index
build to complete.
Background Construction
For potentially long running index building operations, consider the background operation so that the MongoDB
database remains available during the index building operation. For example, to create an index in the background of
the zipcode field of the people collection, issue the following:
db.people.createIndex( { zipcode: 1}, {background: true} )

By default, background is false for building MongoDB indexes.
You can combine the background option with other options, as in the following:
db.people.createIndex( { zipcode: 1}, {background: true, sparse: true } )

Behavior

As of MongoDB version 2.4, a mongod instance can build more than one index in the background concurrently.
Changed in version 2.4: Before 2.4, a mongod instance could only build one background index per database at a time.
Background indexing operations run in the background so that other database operations can run while creating the
index. However, the mongo shell session or connection where you are creating the index will block until the index
build is complete. To continue issuing commands to the database, open another connection or mongo instance.
Queries will not use partially-built indexes: the index will only be usable once the index build is complete.
Note:
If MongoDB is building an index in the background, you cannot perform other administrative operations involving that collection, including running repairDatabase, dropping the collection (i.e.
db.collection.drop()), and running compact. These operations will return an error during background
index builds.

Performance

The background index operation uses an incremental approach that is slower than the normal “foreground” index
builds. If the index is larger than the available RAM, then the incremental process can take much longer than the
foreground build.
If your application includes createIndex() operations, and an index doesn’t exist for other operational concerns,
building the index can have a severe impact on the performance of the database.

10.9. Additional Considerations

577

MongoDB Documentation, Release 3.2.5

To avoid performance issues, make sure that your application checks for the indexes at start up using the
getIndexes() method or the equivalent method for your driver15 and terminates if the proper indexes do not
exist. Always build indexes in production instances using separate application code, during designated maintenance
windows.
Interrupted Index Builds

If a background index build is in progress when the mongod process terminates, when the instance restarts the index
build will restart as foreground index build. If the index build encounters any errors, such as a duplicate key error, the
mongod will exit with an error.
To start the mongod after a failed index build,
--noIndexBuildRetry to skip the index build on start up.

use

the

storage.indexBuildRetry

Building Indexes on Secondaries

Changed in version 2.6: Secondary members can now build indexes in the background. Previously all index builds on
secondaries were in the foreground.
Background index operations on a replica set secondaries begin after the primary completes building the index. If
MongoDB builds an index in the background on the primary, the secondaries will then build that index in the background.
To build large indexes on secondaries the best approach is to restart one secondary at a time in standalone mode and
build the index. After building the index, restart as a member of the replica set, allow it to catch up with the other
members of the set, and then build the index on the next secondary. When all the secondaries have the new index, step
down the primary, restart it as a standalone, and build the index on the former primary.
The amount of time required to build the index on a secondary must be within the window of the oplog, so that the
secondary can catch up with the primary.
Indexes on secondary members in “recovering” mode are always built in the foreground to allow them to catch up as
soon as possible.
See Build Indexes on Replica Sets (page 579) for a complete procedure for building indexes on secondaries.
Index Names
The default name for an index is the concatenation of the indexed keys and each key’s direction in the index, 1 or -1.
Example
Issue the following command to create an index on item and quantity:
db.products.createIndex( { item: 1, quantity: -1 } )

The resulting index is named: item_1_quantity_-1.
Optionally, you can specify a name for an index instead of using the default name.
Example
Issue the following command to create an index on item and quantity and specify inventory as the index
name:
15 https://api.mongodb.org/

578

Chapter 10. Indexes

MongoDB Documentation, Release 3.2.5

db.products.createIndex( { item: 1, quantity: -1 } , { name: "inventory" } )

The resulting index has the name inventory.
To view the name of an index, use the getIndexes() method.
View Index Build Operations
To see the status of an index build operation, you can use the db.currentOp() method in the mongo shell. To
filter the current operations for index creation operations, see currentOp-index-creation for an example.
The msg field will include the percent of the build that is complete.
Terminate Index Build Operation
To terminate an ongoing index build, use the db.killOp() method in the mongo shell. For index builds, the effects
of db.killOp() may not be immediate and may occur well after much of the index build operation has completed.
You cannot terminate a replicated index build on secondary members of a replica set. To minimize the impact of
building an index on replica sets, see Build Indexes on Replica Sets (page 579).
Changed in version 2.4: Before MongoDB 2.4, you could only terminate background index builds. After 2.4, you can
terminate both background index builds and foreground index builds.
See also:
db.currentOp(), db.killOp()
Build Indexes on Replica Sets

On this page
• Considerations (page 579)
• Procedure (page 580)
For replica sets, secondaries will begin building indexes after the primary finishes building the index. In sharded
clusters, the mongos will send createIndex() to the primary members of the replica set for each shard, which
then replicate to the secondaries after the primary finishes building the index.
To minimize the impact of building an index on your replica set, use the following procedure to build indexes.
Considerations
• Ensure that your oplog is large enough to permit the indexing or re-indexing operation to complete without
falling too far behind to catch up. See the oplog sizing (page 657) documentation for additional information.
• This procedure does take one member out of the replica set at a time. However, this procedure will only affect
one member of the set at a time rather than all secondaries at the same time.
• Before version 2.6 Background index creation operations (page 577) become foreground indexing operations
on secondary members of replica sets. After 2.6, background index builds replicate as background index builds
on the secondaries.

10.9. Additional Considerations

579

MongoDB Documentation, Release 3.2.5

Procedure
Note: If you need to build an index in a sharded cluster, repeat the following procedure for each replica set that
provides each shard.

Stop One Secondary Stop the mongod process on one secondary. Restart the mongod process without the
--replSet option and running on a different port. 16 This instance is now in “standalone” mode.
For example, if your mongod normally runs with on the default port of 27017 with the --replSet option you
would use the following invocation:
mongod --port 47017

Build the Index Create the new index using the createIndex() in the mongo shell, or comparable method in
your driver. This operation will create or rebuild the index on this mongod instance
For example, to create an ascending index on the username field of the records collection, use the following
mongo shell operation:
db.records.createIndex( { username: 1 } )

Restart the Program mongod When the index build completes, start the mongod instance with the --replSet
option on its usual port:
mongod --port 27017 --replSet rs0

Modify the port number (e.g. 27017) or the replica set name (e.g. rs0) as needed.
Allow replication to catch up on this member.
Build Indexes on all Secondaries Changed in version 2.6: Secondary members can now build indexes in the background (page 577). Previously all index builds on secondaries were in the foreground.
For each secondary in the set, build an index according to the following steps:
1. Stop One Secondary (page 580)
2. Build the Index (page 580)
3. Restart the Program mongod (page 580)
Build the Index on the Primary To build an index on the primary you can either:
1. Build the index in the background (page 577) on the primary.
2. Step down the primary using the rs.stepDown() method in the mongo shell to cause the current primary to
become a secondary graceful and allow the set to elect another member as primary.
Then repeat the index building procedure, listed below, to build the index on the primary:
(a) Stop One Secondary (page 580)
(b) Build the Index (page 580)
(c) Restart the Program mongod (page 580)
16 By running the mongod on a different port, you ensure that the other members of the replica set and all clients will not contact the member
while you are building the index.

580

Chapter 10. Indexes

MongoDB Documentation, Release 3.2.5

Building the index on the background, takes longer than the foreground index build and results in a less compact index
structure. Additionally, the background index build may impact write performance on the primary. However, building
the index in the background allows the set to be continuously up for write operations while MongoDB builds the index.

10.9.10 Index Intersection
On this page
• Index Prefix Intersection (page 581)
• Index Intersection and Compound Indexes (page 581)
• Index Intersection and Sort (page 582)
New in version 2.6.
MongoDB can use the intersection of multiple indexes to fulfill queries. 17 In general, each index intersection involves
two indexes; however, MongoDB can employ multiple/nested index intersections to resolve a query.
To illustrate index intersection, consider a collection orders that has the following indexes:
{ qty: 1 }
{ item: 1 }

MongoDB can use the intersection of the two indexes to support the following query:
db.orders.find( { item: "abc123", qty: { $gt: 15 } } )

To determine if MongoDB used index intersection, run explain(); the results of explain() will include either an
AND_SORTED stage or an AND_HASH stage.
Index Prefix Intersection
With index intersection, MongoDB can use an intersection of either the entire index or the index prefix. An index
prefix is a subset of a compound index, consisting of one or more keys starting from the beginning of the index.
Consider a collection orders with the following indexes:
{ qty: 1 }
{ status: 1, ord_date: -1 }

To fulfill the following query which specifies a condition on both the qty field and the status field, MongoDB can
use the intersection of the two indexes:
db.orders.find( { qty: { $gt: 10 } , status: "A" } )

Index Intersection and Compound Indexes
Index intersection does not eliminate the need for creating compound indexes (page 522). However, because both the
list order (i.e. the order in which the keys are listed in the index) and the sort order (i.e. ascending or descending),
matter in compound indexes (page 522), a compound index may not support a query condition that does not include
the index prefix keys (page 524) or that specifies a different sort order.
For example, if a collection orders has the following compound index, with the status field listed before the
ord_date field:
17

In previous versions, MongoDB could use only a single index to fulfill most queries. The exception to this is queries with $or clauses, which
could use a single index for each $or clause.

10.9. Additional Considerations

581

MongoDB Documentation, Release 3.2.5

{ status: 1, ord_date: -1 }

The compound index can support the following queries:
db.orders.find( { status: { $in: ["A", "P" ] } } )
db.orders.find(
{
ord_date: { $gt: new Date("2014-02-01") },
status: {$in:[ "P", "A" ] }
}
)

But not the following two queries:
db.orders.find( { ord_date: { $gt: new Date("2014-02-01") } } )
db.orders.find( { } ).sort( { ord_date: 1 } )

However, if the collection has two separate indexes:
{ status: 1 }
{ ord_date: -1 }

The two indexes can, either individually or through index intersection, support all four aforementioned queries.
The choice between creating compound indexes that support your queries or relying on index intersection depends on
the specifics of your system.
See also:
compound indexes (page 522), Create Compound Indexes to Support Several Different Queries (page 587)
Index Intersection and Sort
Index intersection does not apply when the sort() operation requires an index completely separate from the query
predicate.
For example, the orders collection has the following indexes:
{
{
{
{

qty: 1 }
status: 1, ord_date: -1 }
status: 1 }
ord_date: -1 }

MongoDB cannot use index intersection for the following query with sort:
db.orders.find( { qty: { $gt: 10 } } ).sort( { status: 1 } )

That is, MongoDB does not use the { qty: 1 } index for the query, and the separate { status:
{ status: 1, ord_date: -1 } index for the sort.

1 } or the

However, MongoDB can use index intersection for the following query with sort since the index { status:
ord_date: -1 } can fulfill part of the query predicate.

db.orders.find( { qty: { $gt: 10 } , status: "A" } ).sort( { ord_date: -1 } )

10.9.11 Manage Indexes

582

Chapter 10. Indexes

MongoDB Documentation, Release 3.2.5

On this page
•
•
•
•

View Existing Indexes (page 583)
Remove Indexes (page 583)
Modify an Index (page 584)
Rebuild Indexes (page 584)

The following procedures provides some common procedures for managing existing indexes. For instructions on
creating indexes, refer to the specific index type pages.
View Existing Indexes
List all Indexes on a Collection

To return a list of all indexes on a collection, use the db.collection.getIndexes() method or a similar
method for your driver18 .
For example, to view all indexes on the people collection:
db.people.getIndexes()

List all Indexes for a Database

To list all indexes on all collections in a database, you can use the following operation in the mongo shell:
db.getCollectionNames().forEach(function(collection) {
indexes = db[collection].getIndexes();
print("Indexes for " + collection + ":");
printjson(indexes);
});

MongoDB 3.0 deprecates direct access to the system.indexes collection.
For MongoDB 3.0 deployments using the WiredTiger (page 595) storage engine, if you run
db.getCollectionNames() and db.collection.getIndexes() from a version of the mongo shell
before 3.0 or a version of the driver prior to 3.0 compatible version (page 950), db.getCollectionNames()
and db.collection.getIndexes() will return no data, even if there are existing collections and indexes. For
more information, see WiredTiger and Driver Version Compatibility (page 946).
Remove Indexes
To remove an index from a collection, you can use the db.collection.dropIndex() method. To rebuild
indexes, see Rebuild Indexes (page 584) instead.
Remove a Specific Index

To remove an index, use the db.collection.dropIndex() method.
For example, the following operation removes an ascending index on the tax-id field in the accounts collection:
18 https://api.mongodb.org/

10.9. Additional Considerations

583

MongoDB Documentation, Release 3.2.5

db.accounts.dropIndex( { "tax-id": 1 } )

The operation returns a document with the status of the operation:
{ "nIndexesWas" : 3, "ok" : 1 }

Where the value of nIndexesWas reflects the number of indexes before removing this index.
For text (page 533) indexes, pass the index name to the db.collection.dropIndex() method. See Use the
Index Name to Drop a text Index (page 541) for details.
Remove All Indexes

You can also use the db.collection.dropIndexes() to remove all indexes, except for the _id index (page 515)
from a collection.
These shell helpers provide wrappers around the dropIndexes database command. Your client library may
have a different or additional interface for these operations.
Modify an Index
To modify an existing index, you need to drop and recreate the index with the exception of m TTL indexes.
If you need to rebuild indexes for a collection you can use the db.collection.reIndex() method to rebuild all
indexes on a collection in a single operation. This operation drops all indexes, including the _id index (page 515), and
then rebuilds all indexes.
Rebuild Indexes
If you need to rebuild indexes for a collection you can use the db.collection.reIndex() method to rebuild
all indexes on a collection in a single operation. This operation drops all indexes for a collection, including the _id
index, and then rebuilds all indexes.
Note: For replica sets, db.collection.reIndex() will not propagate from the primary to secondaries.
db.collection.reIndex() will only affect a single mongod instance.
Important: db.collection.reIndex() will rebuild indexes in the background (page 577) if the index was
originally specified with this option. However, db.collection.reIndex() will rebuild the _id index in the
foreground, which takes the database’s write lock.
db.accounts.reIndex()

This shell helper provides a wrapper around the reIndex database command. Your client library may have
a different or additional interface for this operation.
To build or rebuild indexes for a replica set, see Build Indexes on Replica Sets (page 579).

10.9.12 Measure Index Use

584

Chapter 10. Indexes

MongoDB Documentation, Release 3.2.5

On this page
•
•
•
•

Get Index Access Information with $indexStats (page 585)
Return Query Plan with explain() (page 585)
Control Index Use with hint() (page 585)
Instance Index Use Reporting (page 586)

Get Index Access Information with $indexStats
Use $indexStats to get usage statistics about an index.
Return Query Plan with explain()
Use the db.collection.explain() or the cursor.explain() method in executionStats mode to return
statistics about the query process, including the index used, the number of documents scanned, and the time the query
takes to process in milliseconds.
Run db.collection.explain() or the cursor.explain() method in allPlansExecution mode to view
partial execution statistics collected during plan selection.
db.collection.explain() provides information on the execution of other operations,
db.collection.update(). See db.collection.explain() for details.

such as

Control Index Use with hint()
To force MongoDB to use a particular index for a db.collection.find() operation, specify the index with the
hint() method. Append the hint() method to the find() method. Consider the following example:
db.people.find(
{ name: "John Doe", zipcode: { $gt: "63000" } }
).hint( { zipcode: 1 } )

To view the execution statistics for a specific index, append to the db.collection.find() the hint() method
followed by cursor.explain(), e.g.:
db.people.find(
{ name: "John Doe", zipcode: { $gt: "63000" } }
).hint( { zipcode: 1 } ).explain("executionStats")

Or, append hint() method to db.collection.explain().find():
db.people.explain("executionStats").find(
{ name: "John Doe", zipcode: { $gt: "63000" } }
).hint( { zipcode: 1 } )

Specify the $natural operator to the hint() method to prevent MongoDB from using any index:
db.people.find(
{ name: "John Doe", zipcode: { $gt: "63000" } }
).hint( { $natural: 1 } )

10.9. Additional Considerations

585

MongoDB Documentation, Release 3.2.5

Instance Index Use Reporting
MongoDB provides a number of metrics of index use and operation that you may want to consider when analyzing
index use for your database:
In the output of
serverStatus:
In the output of collStats:
In the output of dbStats:

metrics.queryExecutor.scanned
metrics.operation.scanAndOrder
totalIndexSize
indexSizes
dbStats.indexes
dbStats.indexSize

10.9.13 Indexing Strategies
The best indexes for your application must take a number of factors into account, including the kinds of queries you
expect, the ratio of reads to writes, and the amount of free memory on your system.
When developing your indexing strategy you should have a deep understanding of your application’s queries. Before
you build indexes, map out the types of queries you will run so that you can build indexes that reference those fields.
Indexes come with a performance cost, but are more than worth the cost for frequent queries on large data set. Consider
the relative frequency of each query in the application and whether the query justifies an index.
The best overall strategy for designing indexes is to profile a variety of index configurations with data sets similar to
the ones you’ll be running in production to see which configurations perform best.Inspect the current indexes created
for your collections to ensure they are supporting your current and planned queries. If an index is no longer used, drop
the index.
Generally, MongoDB only uses one index to fulfill most queries. However, each clause of an $or query may use a
different index, and starting in 2.6, MongoDB can use an intersection (page 581) of multiple indexes.
The following documents introduce indexing strategies:
Create Indexes to Support Your Queries (page 586) An index supports a query when the index contains all the fields
scanned by the query. Creating indexes that supports queries results in greatly increased query performance.
Use Indexes to Sort Query Results (page 587) To support efficient queries, use the strategies here when you specify
the sequential order and sort order of index fields.
Ensure Indexes Fit in RAM (page 589) When your index fits in RAM, the system can avoid reading the index from
disk and you get the fastest processing.
Create Queries that Ensure Selectivity (page 590) Selectivity is the ability of a query to narrow results using the
index. Selectivity allows MongoDB to use the index for a larger portion of the work associated with fulfilling
the query.
Create Indexes to Support Your Queries

On this page
• Create a Single-Key Index if All Queries Use the Same, Single Key (page 587)
• Create Compound Indexes to Support Several Different Queries (page 587)
An index supports a query when the index contains all the fields scanned by the query. The query scans the index and
not the collection. Creating indexes that support queries results in greatly increased query performance.
This document describes strategies for creating indexes that support queries.

586

Chapter 10. Indexes

MongoDB Documentation, Release 3.2.5

Create a Single-Key Index if All Queries Use the Same, Single Key

If you only ever query on a single key in a given collection, then you need to create just one single-key index for that
collection. For example, you might create an index on category in the product collection:
db.products.createIndex( { "category": 1 } )

Create Compound Indexes to Support Several Different Queries

If you sometimes query on only one key and at other times query on that key combined with a second key, then creating
a compound index is more efficient than creating a single-key index. MongoDB will use the compound index for both
queries. For example, you might create an index on both category and item.
db.products.createIndex( { "category": 1, "item": 1 } )

This allows you both options. You can query on just category, and you also can query on category combined
with item. A single compound index (page 522) on multiple fields can support all the queries that search a “prefix”
subset of those fields.
Example
The following index on a collection:
{ x: 1, y: 1, z: 1 }

Can support queries that the following indexes support:
{ x: 1 }
{ x: 1, y: 1 }

There are some situations where the prefix indexes may offer better query performance: for example if z is a large
array.
The { x:

1, y:

1, z:

1 } index can also support many of the same queries as the following index:

{ x: 1, z: 1 }

Also, { x:

1, z:

1 } has an additional use. Given the following query:

db.collection.find( { x: 5 } ).sort( { z: 1} )

The { x: 1, z: 1 } index supports both the query and the sort operation, while the { x: 1, y: 1,
z: 1 } index only supports the query. For more information on sorting, see Use Indexes to Sort Query Results
(page 587).
Starting in version 2.6, MongoDB can use index intersection (page 581) to fulfill queries. The choice between creating
compound indexes that support your queries or relying on index intersection depends on the specifics of your system.
See Index Intersection and Compound Indexes (page 581) for more details.
Use Indexes to Sort Query Results

On this page
• Sort with a Single Field Index (page 588)
• Sort on Multiple Fields (page 588)

10.9. Additional Considerations

587

MongoDB Documentation, Release 3.2.5

In MongoDB, sort operations can obtain the sort order by retrieving documents based on the ordering in an index. If
the query planner cannot obtain the sort order from an index, it will sort the results in memory. Sort operations that
use an index often have better performance than those that do not use an index. In addition, sort operations that do not
use an index will abort when they use 32 megabytes of memory.
Sort with a Single Field Index

If an ascending or a descending index is on a single field, the sort operation on the field can be in either direction.
For example, create an ascending index on the field a for a collection records:
db.records.createIndex( { a: 1 } )

This index can support an ascending sort on a:
db.records.find().sort( { a: 1 } )

The index can also support the following descending sort on a by traversing the index in reverse order:
db.records.find().sort( { a: -1 } )

Sort on Multiple Fields

Create a compound index (page 522) to support sorting on multiple fields.
You can specify a sort on all the keys of the index or on a subset; however, the sort keys must be listed in the same
order as they appear in the index. For example, an index key pattern { a: 1, b: 1 } can support a sort on {
a: 1, b: 1 } but not on { b: 1, a: 1 }.
The sort must specify the same sort direction (i.e.ascending/descending) for all its keys as the index key pattern or
specify the reverse sort direction for all its keys as the index key pattern. For example, an index key pattern { a:
1, b: 1 } can support a sort on { a: 1, b: 1 } and { a: -1, b: -1 } but not on { a: -1,
b: 1 }.
Sort and Index Prefix If the sort keys correspond to the index keys or an index prefix, MongoDB can use the index
to sort the query results. A prefix of a compound index is a subset that consists of one or more keys at the start of the
index key pattern.
For example, create a compound index on the data collection:
db.data.createIndex( { a:1, b: 1, c: 1, d: 1 } )

Then, the following are prefixes for that index:
{ a: 1 }
{ a: 1, b: 1 }
{ a: 1, b: 1, c: 1 }

The following query and sort operations use the index prefixes to sort the results. These operations do not need to sort
the result set in memory.

588

Chapter 10. Indexes

MongoDB Documentation, Release 3.2.5

Example
db.data.find().sort(
db.data.find().sort(
db.data.find().sort(
db.data.find().sort(
db.data.find().sort(
db.data.find( { a:
1 } )

{
{
{
{
{

a:
a:
a:
a:
a:

{ $gt:

1 } )
-1 } )
1, b: 1 } )
-1, b: -1 } )
1, b: 1, c: 1 } )
4 } } ).sort( { a:

1, b:

Index Prefix
{ a: 1 }
{ a: 1 }
{ a: 1, b:
{ a: 1, b:
{ a: 1, b:
1 }
{ a: 1, b:

1 }
1 }
1, c:
1 }

Consider the following example in which the prefix keys of the index appear in both the query predicate and the sort:
db.data.find( { a: { $gt: 4 } } ).sort( { a: 1, b: 1 } )

In such cases, MongoDB can use the index to retrieve the documents in order specified by the sort. As the example
shows, the index prefix in the query predicate can be different from the prefix in the sort.
Sort and Non-prefix Subset of an Index An index can support sort operations on a non-prefix subset of the index
key pattern. To do so, the query must include equality conditions on all the prefix keys that precede the sort keys.
For example, the collection data has the following index:
{ a: 1, b: 1, c: 1, d: 1 }

The following operations can use the index to get the sort order:
Example
db.data.find( { a:

5 } ).sort( { b:

db.data.find( { b:
db.data.find( { a:
1 } )

1, c:

1 } )

3, a:

4 } ).sort( { c:

1 } )

5, b:

{ $lt:

3} } ).sort( { b:

Index Prefix
{ a: 1 , b: 1, c:
1 }
{ a: 1, b: 1, c: 1
}
{ a: 1, b: 1 }

As the last operation shows, only the index fields preceding the sort subset must have the equality conditions in the
query document; the other index fields may specify other conditions.
If the query does not specify an equality condition on an index prefix that precedes or overlaps with the sort specification, the operation will not efficiently use the index. For example, the following operations specify a sort document
of { c: 1 }, but the query documents do not contain equality matches on the preceding index fields a and b:
db.data.find( { a: { $gt: 2 } } ).sort( { c: 1 } )
db.data.find( { c: 5 } ).sort( { c: 1 } )

These operations will not efficiently use the index { a:
the index to retrieve the documents.

1, b:

1, c:

1, d:

1 } and may not even use

Ensure Indexes Fit in RAM

On this page
• Indexes that Hold Only Recent Values in RAM (page 590)
For the fastest processing, ensure that your indexes fit entirely in RAM so that the system can avoid reading the index
from disk.

10.9. Additional Considerations

589

MongoDB Documentation, Release 3.2.5

To check the size of your indexes, use the db.collection.totalIndexSize() helper, which returns data in
bytes:
> db.collection.totalIndexSize()
4294976499

The above example shows an index size of almost 4.3 gigabytes. To ensure this index fits in RAM, you must not only
have more than that much RAM available but also must have RAM available for the rest of the working set. Also
remember:
If you have and use multiple collections, you must consider the size of all indexes on all collections. The indexes and
the working set must be able to fit in memory at the same time.
There are some limited cases where indexes do not need to fit in memory. See Indexes that Hold Only Recent Values
in RAM (page 590).
See also:
collStats and db.collection.stats()
Indexes that Hold Only Recent Values in RAM

Indexes do not have to fit entirely into RAM in all cases. If the value of the indexed field increments with every insert,
and most queries select recently added documents; then MongoDB only needs to keep the parts of the index that hold
the most recent or “right-most” values in RAM. This allows for efficient index use for read and write operations and
minimize the amount of RAM required to support the index.
Create Queries that Ensure Selectivity
Selectivity is the ability of a query to narrow results using the index. Effective indexes are more selective and allow
MongoDB to use the index for a larger portion of the work associated with fulfilling the query.
To ensure selectivity, write queries that limit the number of possible documents with the indexed field. Write queries
that are appropriately selective relative to your indexed data.
Example
Suppose you have a field called status where the possible values are new and processed. If you add an index
on status you’ve created a low-selectivity index. The index will be of little help in locating records.
A better strategy, depending on your queries, would be to create a compound index (page 522) that includes the lowselectivity field and another field. For example, you could create a compound index on status and created_at.
Another option, again depending on your use case, might be to use separate collections, one for each status.
Example
Consider an index { a : 1 } (i.e. an index on the key a sorted in ascending order) on a collection where a has
three values evenly distributed across the collection:
{
{
{
{
{
{
{

_id:
_id:
_id:
_id:
_id:
_id:
_id:

590

ObjectId(),
ObjectId(),
ObjectId(),
ObjectId(),
ObjectId(),
ObjectId(),
ObjectId(),

a:
a:
a:
a:
a:
a:
a:

1,
1,
1,
2,
2,
2,
3,

b:
b:
b:
b:
b:
b:
b:

"ab"
"cd"
"ef"
"jk"
"lm"
"no"
"pq"

}
}
}
}
}
}
}

Chapter 10. Indexes

MongoDB Documentation, Release 3.2.5

{ _id: ObjectId(), a: 3, b: "rs" }
{ _id: ObjectId(), a: 3, b: "tv" }

If you query for { a: 2, b: "no" } MongoDB must scan 3 documents in the collection to return the one
matching result. Similarly, a query for { a: { $gt: 1}, b: "tv" } must scan 6 documents, also to
return one result.
Consider the same index on a collection where a has nine values evenly distributed across the collection:
{
{
{
{
{
{
{
{
{

_id:
_id:
_id:
_id:
_id:
_id:
_id:
_id:
_id:

ObjectId(),
ObjectId(),
ObjectId(),
ObjectId(),
ObjectId(),
ObjectId(),
ObjectId(),
ObjectId(),
ObjectId(),

a:
a:
a:
a:
a:
a:
a:
a:
a:

1,
2,
3,
4,
5,
6,
7,
8,
9,

b:
b:
b:
b:
b:
b:
b:
b:
b:

"ab"
"cd"
"ef"
"jk"
"lm"
"no"
"pq"
"rs"
"tv"

}
}
}
}
}
}
}
}
}

If you query for { a: 2, b: "cd" }, MongoDB must scan only one document to fulfill the query. The index
and query are more selective because the values of a are evenly distributed and the query can select a specific document
using the index.
However, although the index on a is more selective, a query such as { a:
still need to scan 4 documents.

{ $gt:

5 }, b:

"tv" } would

If overall selectivity is low, and if MongoDB must read a number of documents to return results, then some queries
may perform faster without indexes. To determine performance, see Measure Index Use (page 584).

10.9.14 Indexing Reference
On this page
•
•
•
•

Indexing Methods in the mongo Shell (page 592)
Indexing Database Commands (page 592)
Geospatial Query Selectors (page 592)
Indexing Query Modifiers (page 593)

10.9. Additional Considerations

591

MongoDB Documentation, Release 3.2.5

Indexing Methods in the mongo Shell
Name
Description
db.collection.createIndex()
Builds an index on a collection.
db.collection.dropIndex()
Removes a specified index on a collection.
db.collection.dropIndexes()
Removes all indexes on a collection.
db.collection.getIndexes()
Returns an array of documents that describe the existing indexes on a collection.
db.collection.reIndex()
Rebuilds all existing indexes on a collection.
db.collection.totalIndexSize()
Reports the total size used by the indexes on a collection. Provides a wrapper around
the totalIndexSize field of the collStats output.
cursor.explain()
Reports on the query execution plan for a cursor.
cursor.hint()
Forces MongoDB to use a specific index for a query.
cursor.max()
Specifies an exclusive upper index bound for a cursor. For use with
cursor.hint()
cursor.min()
Specifies an inclusive lower index bound for a cursor. For use with
cursor.hint()
cursor.snapshot() Forces the cursor to use the index on the _id field. Ensures that the cursor returns
each document, with regards to the value of the _id field, only once.
Indexing Database Commands
Name
createIndexes
dropIndexes
compact
reIndex
validate
geoNear
geoSearch
checkShardingIndex

Description
Builds one or more indexes for a collection.
Removes indexes from a collection.
Defragments a collection and rebuilds the indexes.
Rebuilds all indexes on a collection.
Internal command that scans for a collection’s data and indexes for correctness.
Performs a geospatial query that returns the documents closest to a given point.
Performs a geospatial query that uses MongoDB’s haystack index functionality.
Internal command that validates index on shard key.

Geospatial Query Selectors
Name
Description
$geoWithin Selects geometries within a bounding GeoJSON geometry (page 554). The 2dsphere (page 543)
and 2d (page 557) indexes support $geoWithin.
$geoIntersects
Selects geometries that intersect with a GeoJSON geometry. The 2dsphere (page 543) index
supports $geoIntersects.
$near
Returns geospatial objects in proximity to a point. Requires a geospatial index. The 2dsphere
(page 543) and 2d (page 557) indexes support $near.
$nearSphereReturns geospatial objects in proximity to a point on a sphere. Requires a geospatial index. The
2dsphere (page 543) and 2d (page 557) indexes support $nearSphere.

592

Chapter 10. Indexes

MongoDB Documentation, Release 3.2.5

Indexing Query Modifiers
Name
$explain
$hint
$max
$min
$returnKey
$snapshot

Description
Forces MongoDB to report on query execution plans. See explain().
Forces MongoDB to use a specific index. See hint()
Specifies an exclusive upper limit for the index to use in a query. See max().
Specifies an inclusive lower limit for the index to use in a query. See min().
Forces the cursor to only return fields included in the index.
Guarantees that a query returns each document no more than once. See snapshot().

10.10 Additional Resources
• Quick Reference Cards19

19 https://www.mongodb.com/lp/misc/quick-reference-cards?jmp=docs

10.10. Additional Resources

593

MongoDB Documentation, Release 3.2.5

594

Chapter 10. Indexes

CHAPTER 11

Storage

The storage engine (page 595) is the primary component of MongoDB responsible for managing data. MongoDB
provides a variety of storage engines, allowing you to choose one most suited to your application.
The journal is a log that helps the database recover in the event of a hard shutdown. There are several configurable
options that allows the journal to strike a balance between performance and reliability that works for your particular
use case.
GridFS (page 611) is a versatile storage system that is suited to handling large files, such as those exceeding the 16
MB document size limit.

11.1 Storage Engines
The storage engine is the component of the database that is responsible for managing how data is stored, both in
memory and on disk. MongoDB supports multiple storage engines, as different engines perform better for specific
workloads. Choosing the appropriate storage engine for your use case can significantly impact the performance of
your applications.
WiredTiger (page 595) is the default storage engine starting in MongoDB 3.2. It is well-suited for most workloads and
is recommended for new deployments. WiredTiger provides a document-level concurrency model, checkpointing, and
compression, among other features. In MongoDB Enterprise, WiredTiger also supports Encryption At Rest (page 461).
MMAPv1 (page 603) is the original MongoDB storage engine and is the default storage engine for MongoDB versions
before 3.2. It performs well on workloads with high volumes of reads and writes, as well as in-place updates.
The In-Memory Storage Engine (page 605) is available in MongoDB Enterprise. Rather than storing documents ondisk, it retains them in-memory for more predictable data latencies. This storage engine is in beta – do not use in
production.

11.1.1 WiredTiger Storage Engine
On this page
•
•
•
•
•

Document Level Concurrency (page 596)
Snapshots and Checkpoints (page 596)
Journal (page 596)
Compression (page 597)
Memory Use (page 597)

595

MongoDB Documentation, Release 3.2.5

Starting in MongoDB 3.0, the WiredTiger storage engine is available in the 64-bit builds.
Changed in version 3.2: The WiredTiger storage engine is the default storage engine starting in MongoDB 3.2. For existing deployments, if you do not specify the --storageEngine or the storage.engine setting, MongoDB 3.2
can automatically determine the storage engine used to create the data files in the --dbpath or storage.dbPath.
See Default Storage Engine Change (page 898).
Document Level Concurrency
WiredTiger uses document-level concurrency control for write operations. As a result, multiple clients can modify
different documents of a collection at the same time.
For most read and write operations, WiredTiger uses optimistic concurrency control. WiredTiger uses only intent locks
at the global, database and collection levels. When the storage engine detects conflicts between two operations, one
will incur a write conflict causing MongoDB to transparently retry that operation.
Some global operations, typically short lived operations involving multiple databases, still require a global “instancewide” lock. Some other operations, such as dropping a collection, still require an exclusive database lock.
Snapshots and Checkpoints
WiredTiger uses MultiVersion Concurrency Control (MVCC). At the start of an operation, WiredTiger provides a
point-in-time snapshot of the data to the transaction. A snapshot presents a consistent view of the in-memory data.
When writing to disk, WiredTiger writes all the data in a snapshot to disk in a consistent way across all data files. The
now-durable data act as a checkpoint in the data files. The checkpoint ensures that the data files are consistent up to
and including the last checkpoint; i.e. checkpoints can act as recovery points.
MongoDB configures WiredTiger to create checkpoints (i.e. write the snapshot data to disk) at intervals of 60 seconds
or 2 gigabytes of journal data.
During the write of a new checkpoint, the previous checkpoint is still valid. As such, even if MongoDB terminates or
encounters an error while writing a new checkpoint, upon restart, MongoDB can recover from the last valid checkpoint.
The new checkpoint becomes accessible and permanent when WiredTiger’s metadata table is atomically updated to
reference the new checkpoint. Once the new checkpoint is accessible, WiredTiger frees pages from the old checkpoints.
Using WiredTiger, even without journaling (page 596), MongoDB can recover from the last checkpoint; however, to
recover changes made after the last checkpoint, run with journaling (page 596).
Journal
WiredTiger uses a write-ahead transaction log in combination with checkpoints (page 596) to ensure data durability.
The WiredTiger journal persists all data modifications between checkpoints. If MongoDB exits between checkpoints,
it uses the journal to replay all data modified since the last checkpoint. For information on the frequency with which
MongoDB writes the journal data to disk, see Journaling Process (page 607).
WiredTiger journal is compressed using the snappy compression library. To specify an alternate compression algorithm
or no compression, use the storage.wiredTiger.engineConfig.journalCompressor setting.
Note: Minimum log record size for WiredTiger is 128 bytes. If a log record is 128 bytes or smaller, WiredTiger does
not compress that record.
You can disable journaling by setting storage.journal.enabled to false, which can reduce the overhead of
maintaining the journal.
596

Chapter 11. Storage

MongoDB Documentation, Release 3.2.5

For standalone instances, not using the journal means that you will lose some data modifications when MongoDB
exits unexpectedly between checkpoints. For members of replica sets, the replication process may provide sufficient
durability guarantees.
See also:
Journaling with WiredTiger (page 606)
Compression
With WiredTiger, MongoDB supports compression for all collections and indexes. Compression minimizes storage
use at the expense of additional CPU.
By default, WiredTiger uses block compression with the snappy compression library for all collections and prefix
compression for all indexes.
For collections, block compression with zlib is also available. To specify an alternate compression algorithm or no
compression, use the storage.wiredTiger.collectionConfig.blockCompressor setting.
For indexes, to disable prefix compression, use the storage.wiredTiger.indexConfig.prefixCompression
setting.
Compression settings are also configurable on a per-collection and per-index basis during collection and index creation.
See create-collection-storage-engine-options and db.collection.createIndex() storageEngine option.
For most workloads, the default compression settings balance storage efficiency and processing requirements.
The WiredTiger journal is also compressed by default.
(page 596).

For information on journal compression, see Journal

Memory Use
With WiredTiger, MongoDB utilizes both the WiredTiger cache and the filesystem cache.
Changed in version 3.2: Starting in MongoDB 3.2, the WiredTiger cache, by default, will use the larger of either:
• 60% of RAM minus 1 GB, or
• 1 GB.
For systems with up to 10 GB of RAM, the new default setting is less than or equal to the 3.0 default setting (For
MongoDB 3.0, the WiredTiger cache uses either 1 GB or half of the installed physical RAM, whichever is larger).
For systems with more than 10 GB of RAM, the new default setting is greater than the 3.0 setting.
Via the filesystem cache, MongoDB automatically uses all free memory that is not used by the WiredTiger cache or
by other processes. Data in the filesystem cache is compressed.
To adjust the size of the WiredTiger cache, see storage.wiredTiger.engineConfig.cacheSizeGB and
--wiredTigerCacheSizeGB. Avoid increasing the WiredTiger cache size above its default value.
See also:
http://wiredtiger.com
Change Standalone to WiredTiger

New in version 3.0: The WiredTiger storage engine is available.
Changed in version 3.2: WiredTiger is the new default storage engine for MongoDB.

11.1. Storage Engines

597

MongoDB Documentation, Release 3.2.5

This tutorial gives an overview of changing the storage engine of a standalone MongoDB instance to WiredTiger
(page 595).
Considerations This tutorial uses the mongodump and mongorestore utilities to export and import data. Ensure
that these MongoDB package components are installed and updated on your system. In addition, make sure you have
sufficient drive space available for the mongodump export file and the data files of your new mongod instance running
with WiredTiger.
You must be using MongoDB version 3.0 or greater in order to use the WiredTiger storage engine. If upgrading from
an earlier version of MongoDB, see the guides on Upgrading to MongoDB 3.0 (page 953) or Upgrading to MongoDB
3.2 (page 901) before proceeding with changing your storage engine.
Procedure
Step 1: Start the mongod you wish to change to WiredTiger. If mongod is already running, you can skip this
step.
Step 2: Export data using mongodump.
mongodump --out

Specify additional options as appropriate, such as username and password if running with authorization enabled. See
mongodump for available options.
Step 3: Create a data directory for the new mongod running with WiredTiger. Create a data directory for
the new mongod instance that will run with the WiredTiger storage engine. mongod must have read and write
permissions for this directory.
mongod with WiredTiger will not start with data files created with a different storage engine.
Step 4: Start mongod with WiredTiger. Start mongod, specifying wiredTiger as the --storageEngine
and the newly created data directory for WiredTiger as the --dbpath. Specify additional options as appropriate.
mongod --storageEngine wiredTiger --dbpath

You can also specify the options in a configuration file.
storage.engine setting.

To specify the storage engine, use the

Step 5: Upload the exported data using mongorestore.
mongorestore

Specify additional options as appropriate. See mongorestore for available options.
Change Replica Set to WiredTiger

New in version 3.0: The WiredTiger storage engine is available. Also, replica sets may have members with different
storage engines.
Changed in version 3.2: WiredTiger is the new default storage engine for MongoDB.
This tutorial gives an overview of changing the storage engine of a member of a replica set to WiredTiger (page 595).

598

Chapter 11. Storage

MongoDB Documentation, Release 3.2.5

Considerations Replica sets can have members with different storage engines. As such, you can update members to
use the WiredTiger storage engine in a rolling fashion. Before changing all the members to use WiredTiger, you may
prefer to run with mixed storage engines for some period. However, performance can vary according to workload.
You must be using MongoDB version 3.0 or greater in order to use the WiredTiger storage engine. If upgrading from
an earlier version of MongoDB, see the guides on Upgrading to MongoDB 3.0 (page 953) or Upgrading to MongoDB
3.2 (page 901) before proceeding with changing your storage engine.
Before enabling the new WiredTiger storage engine, ensure that all replica set/sharded cluster members are running at
least MongoDB version 2.6.8, and preferably version 3.0.0 or newer.
Procedure This procedure completely removes a secondary replica set member’s data, starts mongod with
WiredTiger, and performs an initial sync (page 699).
To update all members of the replica set to use WiredTiger, update the secondary members first. Then step down the
primary, and update the stepped-down member.
Step 1: Shut down the secondary member. In the mongo shell, shut down the secondary mongod instance you
wish to upgrade.
db.shutdownServer()

Step 2: Prepare a data directory for the new mongod running with WiredTiger. Prepare a data directory for
the new mongod instance that will run with the WiredTiger storage engine. mongod must have read and write
permissions for this directory. You can either delete the contents of the stopped secondary member’s current data
directory or create a new directory entirely.
mongod with WiredTiger will not start with data files created with a different storage engine.
Step 3: Start mongod with WiredTiger. Start mongod, specifying wiredTiger as the --storageEngine
and the prepared data directory for WiredTiger as the --dbpath. Specify additional options as appropriate for this
replica set member.
mongod --storageEngine wiredTiger --dbpath --replSet

Since no data exists in the --dbpath, the mongod will perform an initial sync (page 699). The length of the initial
sync process depends on the size of the database and network connection between members of the replica set.
You can also specify the options in a configuration file.
storage.engine setting.

To specify the storage engine, use the

Step 4: Repeat the procedure for other replica set secondaries you wish to upgrade. Perform this procedure
again for the rest of the secondary members of the replica set you wish to use the WiredTiger storage engine.
Change Sharded Cluster to WiredTiger

New in version 3.0: The WiredTiger storage engine is available. Also, sharded clusters may have individual shards
with different storage engine configurations.
Changed in version 3.2: WiredTiger is the new default storage engine for MongoDB.
This tutorial gives an overview of changing the storage engines of a component of a sharded cluster to WiredTiger
(page 595).

11.1. Storage Engines

599

MongoDB Documentation, Release 3.2.5

Considerations This procedure may involve downtime, especially if one or more of your shards is a standalone. If
you change the host or port of any shard, you must update the shard configuration as well.
You must be using MongoDB version 3.0 or greater in order to use the WiredTiger storage engine. If upgrading from
an earlier version of MongoDB, see the guides on Upgrading to MongoDB 3.0 (page 953) or Upgrading to MongoDB
3.2 (page 901) before proceeding with changing your storage engine.
Before enabling the new WiredTiger storage engine, ensure that all replica set/sharded cluster members are running at
least MongoDB version 2.6.8, and preferably version 3.0.0 or newer.
Change Shards to WiredTiger
Note: A sharded cluster can have mixed storage engines for its individual shards.
To change the storage engine for the shards to WiredTiger, refer to the appropriate procedure for each shard:
• If the shard is a standalone, see Change Standalone to WiredTiger (page 597).
• If the shard is a replica set, see Change Replica Set to WiredTiger (page 598).
Change Config Servers to WiredTiger To change the storage engines of the config servers of a sharded cluster, see
Change Config Servers to WiredTiger (page 600).
You may safely continue to use MMAPv1 (page 603) for the config servers even if the shards of the sharded cluster
is using the WiredTiger storage engine. If you do choose to update the config servers to use WiredTiger, you must
update all three.
See also:
Change Config Servers to WiredTiger (page 600)
Change Config Servers to WiredTiger New in version 3.0: The WiredTiger storage engine is available.
Changed in version 3.2: WiredTiger is the new default storage engine for MongoDB.
This tutorial gives an overview of changing the storage engine of the config servers in a sharded cluster to WiredTiger
(page 595).
Considerations You may safely continue to use MMAPv1 (page 603) for the config servers even if the shards of the
sharded cluster is using the WiredTiger storage engine. If you do choose to update the config servers to use WiredTiger,
you must update all three.
You must be using MongoDB version 3.0 or greater in order to use the WiredTiger storage engine. If upgrading from
an earlier version of MongoDB, see the guides on Upgrading to MongoDB 3.0 (page 953) or Upgrading to MongoDB
3.2 (page 901) before proceeding with changing your storage engine.
Procedure This tutorial assumes that you have three config servers for this sharded cluster. The three servers are
named first, second, and third, based on their position in the mongos configDB setting.
Important: During this process, at most only two config servers will be running at any given time to ensure that the
sharded cluster’s metadata is read-only.

Step 1: Disable the balancer.
sh.disableBalancer()

Turn off the balancer (page 758) in the sharded cluster, as described in Disable the Balancer (page 802).
600

Chapter 11. Storage

MongoDB Documentation, Release 3.2.5

Step 2: Shut down the third config server to ensure read-only metadata. Connect a mongo shell to the third
config server and use db.shutdownServer() to shut down the third config server.
The third config server is the last one listed in the mongos configDB setting.
db.shutdownServer()

Step 3: Export the data of the second config server with mongodump. While the third config server is down to
ensure the config servers are read-only, prepare to upgrade the second config server to use WiredTiger. The second
config server is the second server listed in the mongos setting configDB.
Export the data of the second config server with mongodump.
mongodump --out

Specify additional options as appropriate, such as username and password if running with authorization enabled. See
mongodump for available options.
Step 4: For the second config server, create a new data directory for use with WiredTiger. Create a data directory in preparation for having the second config server run with WiredTiger. mongod will not start if the --dbpath
directory contains data files created with a different storage engine.
mongod must have read and write permissions for the new directory.
Step 5: Stop the second config server. Connect a mongo shell to the second config server and use
db.shutdownServer() to shut down the second config server.
db.shutdownServer()

Step 6: Start the second config server mongod with the WiredTiger storage engine option. Start mongod
as a config server, specifying wiredTiger as the --storageEngine and the newly created data directory for
WiredTiger as the --dbpath. Specify additional options as appropriate.
mongod --storageEngine wiredTiger --dbpath --configsvr

You can also specify the options in a configuration file.
storage.engine setting.

To specify the storage engine, use the

Step 7: Upload the exported data using mongorestore to the second config server. Use mongorestore to
upload the exported data. Specify additional options as appropriate. See mongorestore for available options.
mongorestore

When the mongorestore finishes, the second config server upgrade to use WiredTiger is complete.
Step 8: Shut down the second config server to ensure read-only metadata. When the second config server
upgrade is complete, shut down the second config server in preparation to upgrade the other config servers. This is
necessary to maintain at most only two active config servers and keep the sharded cluster’s metadata read-only.
Connect a mongo shell to the second config server and use db.shutdownServer() to shut down the second
config server.
db.shutdownServer()

11.1. Storage Engines

601

MongoDB Documentation, Release 3.2.5

Step 9: Restart the third config server to prepare for its upgrade. Restart the third config server with its original
startup options. Do not change its options to use the WiredTiger storage engine at this point.
mongod --configsvr --dbpath

Include any other options in use for the third config server.
Step 10: Export the data of the third config server with mongodump.
mongodump --out

Specify additional options as appropriate, such as username and password if running with authorization enabled. See
mongodump for available options.
Step 11: For the third config server, create a new data directory for use with WiredTiger. Create a data directory
in preparation for having the third config server run with WiredTiger. mongod will not start if the --dbpath
directory contains data files created with a different storage engine.
mongod must have read and write permissions for the new directory.
Step 12: Stop the third config server. Connect a mongo shell to the third config server and use
db.shutdownServer() to shut down the third config server.
db.shutdownServer()

Step 13: Start the third config server with the WiredTiger storage engine option. Start mongod as a config
server, specifying wiredTiger as the --storageEngine and the newly created data directory for WiredTiger as
the --dbpath. Specify additional options as appropriate.
mongod --storageEngine wiredTiger --dbpath --configsvr

You can also specify the options in a configuration file.
storage.engine setting.

To specify the storage engine, use the

Step 14: Upload the exported data using mongorestore to the third config server. Use mongorestore to
upload the exported data. Specify additional options as appropriate. See mongorestore for available options.
mongorestore

When the mongorestore finishes, the third config server upgrade to use WiredTiger is complete.
Step 15: Export data of the first config server with mongodump. To prepare for the upgrade of the first config
server to use WiredTiger, export the data of the first config server with mongodump.
mongodump --out

Specify additional options as appropriate, such as username and password if running with authorization enabled. See
mongodump for available options.
Step 16: For the first config server, create a new data directory for use with WiredTiger. Create a data directory
in preparation for having the first config server run with WiredTiger. mongod will not start if the --dbpath directory
contains data files created with a different storage engine.
mongod must have read and write permissions for the new directory.
602

Chapter 11. Storage

MongoDB Documentation, Release 3.2.5

Step 17: Stop the first config server. Connect a mongo shell to the first config server and use
db.shutdownServer() to shut down the first config server.
db.shutdownServer()

Step 18: Start the first config server with the WiredTiger storage engine option. Start mongod as a config
server, specifying wiredTiger as the --storageEngine and the newly created data directory for WiredTiger as
the --dbpath. Specify additional options as appropriate.
mongod --storageEngine wiredTiger --dbpath --configsvr

You can also specify the options in a configuration file.
storage.engine setting.

To specify the storage engine, use the

Step 19: Upload the exported data using mongorestore to the first config server. Use mongorestore to
upload the exported data. Specify additional options as appropriate. See mongorestore for available options.
mongorestore

When the mongorestore finishes, the first config server upgrade to use WiredTiger is complete.
Step 20: Restart the second config server to enable writes to the sharded cluster’s metadata. Restart the second
config server, specifying WiredTiger as the --storageEngine and the newly created WiredTiger data directory as
the --dbpath. Specify additional options as appropriate.
mongod --storageEngine wiredTiger --dbpath --configsvr

You can also specify the options in a configuration file.
storage.engine setting.

To specify the storage engine, use the

Once all three config servers are up, the sharded cluster’s metadata is available for writes.
Step 21: Re-enable the balancer. Once all three config servers are up and running with WiredTiger, re-enable the
balancer (page 803).
sh.startBalancer()

11.1.2 MMAPv1 Storage Engine
On this page
•
•
•
•

Journal (page 604)
Record Storage Characteristics (page 604)
Record Allocation Strategies (page 604)
Memory Use (page 605)

MMAPv1 is MongoDB’s original storage engine based on memory mapped files. It excels at workloads with high
volume inserts, reads, and in-place updates.
Changed in version 3.2: Starting in MongoDB 3.2, the MMAPv1 is no longer the default storage engine; instead, the
WiredTiger (page 595) storage engine is the default storage engine . See Default Storage Engine Change (page 898).

11.1. Storage Engines

603

MongoDB Documentation, Release 3.2.5

Journal
In order to ensure that all modifications to a MongoDB data set are durably written to disk, MongoDB, by default,
records all modifications to an on-disk journal. MongoDB writes more frequently to the journal than it writes the data
files.
In the default configuration for the MMAPv1 storage engine (page 603), MongoDB writes to the data files on disk
every 60 seconds and writes to the journal files roughly every 100 milliseconds.
To change the interval for writing to the data files, use the storage.syncPeriodSecs setting. For the journal
files, see storage.journal.commitIntervalMs setting.
These values represent the maximum amount of time between the completion of a write operation and when MongoDB
writes to the data files or to the journal files. In many cases MongoDB and the operating system flush data to disk
more frequently, so that the above values represents a theoretical maximum.
The journal allows MongoDB to successfully recover data from data files after a mongod instance exits without
flushing all changes. See Journaling (page 606) for more information about the journal in MongoDB.
Record Storage Characteristics
All records are contiguously located on disk, and when a document becomes larger than the allocated record, MongoDB must allocate a new record. New allocations require MongoDB to move a document and update all indexes that
refer to the document, which takes more time than in-place updates and leads to storage fragmentation.
Changed in version 3.0.0.
By default, MongoDB uses Power of 2 Sized Allocations (page 604) so that every document in MongoDB is stored in
a record which contains the document itself and extra space, or padding. Padding allows the document to grow as the
result of updates while minimizing the likelihood of reallocations.
Record Allocation Strategies
MongoDB supports multiple record allocation strategies that determine how mongod adds padding to a document
when creating a record. Because documents in MongoDB may grow after insertion and all records are contiguous on
disk, the padding can reduce the need to relocate documents on disk following updates. Relocations are less efficient
than in-place updates and can lead to storage fragmentation. As a result, all padding strategies trade additional space
for increased efficiency and decreased fragmentation.
Different allocation strategies support different kinds of workloads: the power of 2 allocations (page 604) are more
efficient for insert/update/delete workloads; while exact fit allocations (page 605) is ideal for collections without update
and delete workloads.
Power of 2 Sized Allocations

Changed in version 3.0.0.
MongoDB 3.0 uses the power of 2 sizes allocation as the default record allocation strategy for MMAPv1. With the
power of 2 sizes allocation strategy, each record has a size in bytes that is a power of 2 (e.g. 32, 64, 128, 256, 512 ... 2
MB). For documents larger than 2 MB, the allocation is rounded up to the nearest multiple of 2 MB.
The power of 2 sizes allocation strategy has the following key properties:
• Can efficiently reuse freed records to reduce fragmentation. Quantizing record allocation sizes into a fixed set
of sizes increases the probability that an insert will fit into the free space created by an earlier document deletion
or relocation.

604

Chapter 11. Storage

MongoDB Documentation, Release 3.2.5

• Can reduce moves. The added padding space gives a document room to grow without requiring a move. In
addition to saving the cost of moving, this results in less updates to indexes. Although the power of 2 sizes
strategy can minimize moves, it does not eliminate them entirely.
No Padding Allocation Strategy

Changed in version 3.0.0.
For collections whose workloads do not change the document sizes, such as workloads that consist of insert-only
operations or update operations that do not increase document size (such as incrementing a counter), you can
disable the power of 2 allocation (page 604) using the collMod command with the noPadding flag or the
db.createCollection() method with the noPadding option.
Prior to version 3.0.0, MongoDB used an allocation strategy that included a dynamically calculated padding as a
factor of the document size.
Memory Use
With MMAPv1, MongoDB automatically uses all free memory on the machine as its cache. System resource monitors
show that MongoDB uses a lot of memory, but its usage is dynamic. If another process suddenly needs half the server’s
RAM, MongoDB will yield cached memory to the other process.
Technically, the operating system’s virtual memory subsystem manages MongoDB’s memory. This means that MongoDB will use as much free memory as it can, swapping to disk as needed. Deployments with enough memory to fit
the application’s working data set in RAM will achieve the best performance.

11.1.3 In-Memory Storage Engine
On this page
• Specify In-Memory Storage Engine (page 605)
• Concurrency (page 606)
• Durability (page 606)
Warning: The in-memory storage engine is currently in beta. Do not use in production.
Starting in MongoDB Enterprise 3.2, an in-memory storage engine is available in the 64-bit builds for beta-testing
purposes. Other than some metadata and diagnoistic data, the in-memory storage engine does not maintain any on-disk
data. By avoiding disk I/O, the in-memory storage engine allows for more predictable latency of database operations.
Specify In-Memory Storage Engine
To select the in-memory storage engine, specify:
• inMemory for the --storageEngine option, or the storage.engine setting if using a configuration
file.
• --dbpath, or storage.dbPath if using a configuration file. Although the in-memory storage engine does
not write data to the filesystem, it maintains in the --dbpath small metadata files and diagnostic data as well
temporary files for building large indexes.
For example, from the command line:

11.1. Storage Engines

605

MongoDB Documentation, Release 3.2.5

mongod --storageEngine inMemory --dbpath

Or, if using the YAML configuration file format:
storage:
engine: inMemory
dbPath:

See cli-mongod-inmemory for configuration options specific to this storage engine.
Warning: The in-memory storage engine does not persist data after process shutdown.

Concurrency
The in-memory storage engine uses document-level concurrency control for write operations. As a result, multiple
clients can modify different documents of a collection at the same time.
Durability
The in-memory storage engine is non-persistent and does not write data to a persistent storage. As such, the concept
of journal or waiting for data to become durable does not apply to the in-memory storage engine.
Write operations that specify a write concern journaled (page 181) are acknowledged immediately. When an
mongod instance shuts down, either as result of the shutdown command or due to a system error, recovery of
in-memory data is impossible.

11.2 Journaling
On this page
• Journaling and the WiredTiger Storage Engine (page 606)
• Journaling and the MMAPv1 Storage Engine (page 607)
• Journaling and the In-Memory Storage Engine (page 609)
To provide durability in the event of a failure, MongoDB uses write ahead logging to on-disk journal files.

11.2.1 Journaling and the WiredTiger Storage Engine
Important: The log mentioned in this section refers to the WiredTiger write-ahead log (i.e. the journal) and not the
MongoDB log file.
WiredTiger (page 595) uses checkpoints (page 596) to provide a consistent view of data on disk and allow MongoDB
to recover from the last checkpoint. However, if MongoDB exits unexpectedly in between checkpoints, journaling is
required to recover information that occurred after the last checkpoint.
With journaling, the recovery process:
1. Looks in the data files to find the identifier of the last checkpoint.
2. Searches in the journal files for the record that matches the identifier of the last checkpoint.

606

Chapter 11. Storage

MongoDB Documentation, Release 3.2.5

3. Apply the operations in the journal files since the last checkpoint.
Journaling Process
Changed in version 3.2.
With journaling, WiredTiger creates one journal record for each client initiated write operation. The journal record
includes any internal write operations caused by the initial write. For example, an update to a document in a collection
may result in modifications to the indexes; WiredTiger creates a single journal record that includes both the update
operation and its associated index modifications.
MongoDB configures WiredTiger to use in-memory buffering for storing the journal records. Threads coordinate to
allocate and copy into their portion of the buffer. All journal records up to 128 kB are buffered.
WiredTiger syncs the buffered journal records to disk according to the following intervals or conditions:
• New in version 3.2: Every 50 milliseconds.
• MongoDB sets checkpoints to occur in WiredTiger on user data at an interval of 60 seconds or when 2 GB of
journal data has been written, whichever occurs first.
• If the write operation includes a write concern of j:
WiredTiger journal files.

true (page 181), WiredTiger forces a sync of the

• Because MongoDB uses a journal file size limit of 100 MB, WiredTiger creates a new journal file approximately
every 100 MB of data. When WiredTiger creates a new journal file, WiredTiger syncs the previous journal file.
Important: In between write operations, while the journal records remain in the WiredTiger buffers, updates can be
lost following a hard shutdown of mongod.
See also:
The serverStatus command returns information on the WiredTiger journal statistics in the wiredTiger.log
field.
Journal Files
For the journal files, MongoDB creates a subdirectory named journal under the dbPath directory. WiredTiger
journal files have names with the following format WiredTigerLog. where is a
zero-padded number starting from 0000000001.
Journal files contain a record per each write operation. Each record has a unique identifier.
MongoDB configures WiredTiger to use snappy compression for the journaling data.
Minimum log record size for WiredTiger is 128 bytes. If a log record is 128 bytes or smaller, WiredTiger does not
compress that record.
WiredTiger journal files for MongoDB have a maximum size limit of approximately 100 MB. Once the file exceeds
that limit, WiredTiger creates a new journal file.
WiredTiger automatically removes old journal files to maintain only the files needed to recover from last checkpoint.
WiredTiger will pre-allocate journal files.

11.2.2 Journaling and the MMAPv1 Storage Engine
With MMAPv1 (page 603), when a write operation occurs, MongoDB updates the in-memory view. With journaling
enabled, MongoDB writes the in-memory changes first to on-disk journal files. If MongoDB should terminate or
11.2. Journaling

607

MongoDB Documentation, Release 3.2.5

encounter an error before committing the changes to the data files, MongoDB can use the journal files to apply the
write operation to the data files and maintain a consistent state.
Journaling Process
With journaling, MongoDB’s storage layer has two internal views of the data set: the private view, used to write to the
journal files, and the shared view, used to write to the data files:
1. MongoDB first applies write operations to the private view.
2. MongoDB then applies the changes in the private view to the on-disk journal files (page 608) in the journal
directory roughly every 100 milliseconds. MongoDB records the write operations to the on-disk journal files
in batches called group commits. Grouping the commits help minimize the performance impact of journaling since these commits must block all writers during the commit. Writes to the journal are atomic, ensuring the consistency of the on-disk journal files. For information on the frequency of the commit interval, see
storage.journal.commitIntervalMs.
3. Upon a journal commit, MongoDB applies the changes from the journal to the shared view.
4. Finally, MongoDB applies the changes in the shared view to the data files. More precisely, at default intervals of
60 seconds, MongoDB asks the operating system to flush the shared view to the data files. The operating system
may choose to flush the shared view to disk at a higher frequency than 60 seconds, particularly if the system is
low on free memory. To change the interval for writing to the data files, use the storage.syncPeriodSecs
setting.
If the mongod instance were to crash without having applied the writes to the data files, the journal could replay the
writes to the shared view for eventual write to the data files.
When MongoDB flushes write operations to the data files, MongoDB notes which journal writes have been flushed.
Once a journal file contains only flushed writes, it is no longer needed for recovery and MongoDB can recycle it for a
new journal file.
Once the journal operations have been applied to the shared view and flushed to disk (i.e. pages in the shared view and
private view are in sync), MongoDB asks the operating system to remap the shared view to the private view in order
to save physical RAM. MongoDB routinely asks the operating system to remap the shared view to the private view in
order to save physical RAM. Upon a new remapping, the operating system knows that physical memory pages can be
shared between the shared view and the private view mappings.
Note: The interaction between the shared view and the on-disk data files is similar to how MongoDB works without
journaling. Without journaling, MongoDB asks the operating system to flush in-memory changes to the data files
every 60 seconds.

Journal Files
With journaling enabled, MongoDB creates a subdirectory named journal under the dbPath directory. The
journal directory contains journal files named j._ where is an integer starting from
0 and a “last sequence number” file lsn.
Journal files contain the write ahead logs; each journal entry describes the bytes the write operation changed in the
data files. Journal files are append-only files. When a journal file holds 1 gigabyte of data, MongoDB creates a new
journal file. If you use the storage.smallFiles option when starting mongod, you limit the size of each journal
file to 128 megabytes.
The lsn file contains the last time MongoDB flushed the changes to the data files.
Once MongoDB applies all the write operations in a particular journal file to the data files, MongoDB can recycle it
for a new journal file.
608

Chapter 11. Storage

MongoDB Documentation, Release 3.2.5

Unless you write many bytes of data per second, the journal directory should contain only two or three journal files.
A clean shutdown removes all the files in the journal directory. A dirty shutdown (crash) leaves files in the journal
directory; these are used to automatically recover the database to a consistent state when the mongod process is
restarted.
Journal Directory

To speed the frequent sequential writes that occur to the current journal file, you can ensure that the journal directory
is on a different filesystem from the database data files.
Important: If you place the journal on a different filesystem from your data files, you cannot use a filesystem
snapshot alone to capture valid backups of a dbPath directory. In this case, use fsyncLock() to ensure that
database files are consistent before the snapshot and fsyncUnlock() once the snapshot is complete.

Preallocation Lag

MongoDB may preallocate journal files if the mongod process determines that it is more efficient to preallocate
journal files than create new journal files as needed.
Depending on your filesystem, you might experience a preallocation lag the first time you start a mongod instance
with journaling enabled. The amount of time required to pre-allocate files might last several minutes; during this
time, you will not be able to connect to the database. This is a one-time preallocation and does not occur with future
invocations.
To avoid preallocation lag, see Avoid Preallocation Lag for MMAPv1 (page 610).

11.2.3 Journaling and the In-Memory Storage Engine
Warning: The in-memory storage engine is currently in beta. Do not use in production.
The In-Memory Storage Engine (page 605) is available in MongoDB Enterprise 3.2 and later. Because its data is
kept in memory, there is no separate journal. Write operations with a write concern of j: true (page 181) are
immediately acknowledged.
See also:
In-Memory Storage Engine: Durability (page 606)
Manage Journaling

On this page
• Procedures (page 610)
MongoDB uses write ahead logging to an on-disk journal to guarantee write operation (page 114) durability. The
MMAPv1 storage engine also requires the journal in order to provide crash resiliency.
The WiredTiger storage engine does not require journaling to guarantee a consistent state after a crash. The database
will be restored to the last consistent checkpoint (page 596) during recovery. However, if MongoDB exits unexpectedly
in between checkpoints, journaling is required to recover writes that occurred after the last checkpoint.
11.2. Journaling

609

MongoDB Documentation, Release 3.2.5

With journaling enabled, if mongod stops unexpectedly, the program can recover everything written to the journal.
MongoDB will re-apply the write operations on restart and maintain a consistent state. By default, the greatest extent
of lost writes, i.e., those not made to the journal, are those made in the last 100 milliseconds, plus the time it takes to
perform the actual journal writes. See commitIntervalMs for more information on the default.
Procedures

Enable Journaling For 64-bit builds of mongod, journaling is enabled by default.
To enable journaling, start mongod with the --journal command line option.

Disable Journaling

2. Create a set of journal files by staring a mongod instance that uses the temporary directory:
mongod --port 10000 --dbpath ~/tmpDbpath --journal

3. When you see the following log output, indicating mongod has the files, press CONTROL+C to stop the
mongod instance:

610

Chapter 11. Storage

MongoDB Documentation, Release 3.2.5

[initandlisten] waiting for connections on port 10000

5. Start the new mongod instance:
mongod --port 27017 --dbpath /data/db --journal

11.3 GridFS
On this page
•
•
•
•
•

When to Use GridFS (page 612)
Use GridFS (page 612)
GridFS Collections (page 612)
GridFS Indexes (page 614)
Additional Resources (page 615)

11.3. GridFS

611

MongoDB Documentation, Release 3.2.5

GridFS is a specification for storing and retrieving files that exceed the BSON-document size limit of 16 MB.
Instead of storing a file in a single document, GridFS divides the file into parts, or chunks 1 , and stores each chunk as
a separate document. By default, GridFS uses a chunk size of 255 kB; that is, GridFS divides a file into chunks of 255
kB with the exception of the last chunk. The last chunk is only as large as necessary. Similarly, files that are no larger
than the chunk size only have a final chunk, using only as much space as needed plus some additional metadata.
GridFS uses two collections to store files. One collection stores the file chunks, and the other stores file metadata. The
section GridFS Collections (page 612) describes each collection in detail.
When you query GridFS for a file, the driver will reassemble the chunks as needed. You can perform range queries on
files stored through GridFS. You can also access information from arbitrary sections of files, such as to “skip” to the
middle of a video or audio file.
GridFS is useful not only for storing files that exceed 16 MB but also for storing any files for which you want access
without having to load the entire file into memory. See also When to Use GridFS (page 612).
Changed in version 2.4.10: The default chunk size changed from 256 kB to 255 kB.

11.3.1 When to Use GridFS
In MongoDB, use GridFS for storing files larger than 16 MB.
In some situations, storing large files may be more efficient in a MongoDB database than on a system-level filesystem.
• If your filesystem limits the number of files in a directory, you can use GridFS to store as many files as needed.
• When you want to access information from portions of large files without having to load whole files into memory,
you can use GridFS to recall sections of files without reading the entire file into memory.
• When you want to keep your files and metadata automatically synced and deployed across a number of systems
and facilities, you can use GridFS. When using geographically distributed replica sets (page 642), MongoDB
can distribute files and their metadata automatically to a number of mongod instances and facilities.
Do not use GridFS if you need to update the content of the entire file atomically. As an alternative you can store
multiple versions of each file and specify the current version of the file in the metadata. You can update the metadata
field that indicates “latest” status in an atomic update after uploading the new version of the file, and later remove
previous versions if needed.
Furthermore, if your files are all smaller the 16 MB BSON Document Size limit, consider storing the file manually
within a single document instead of using GridFS. You may use the BinData data type to store the binary data. See
your drivers documentation for details on using BinData.

11.3.2 Use GridFS
To store and retrieve files using GridFS, use either of the following:
• A MongoDB driver. See the drivers documentation for information on using GridFS with your driver.
• The mongofiles command-line tool. See the mongofiles reference for documentation.

11.3.3 GridFS Collections
GridFS stores files in two collections:
• chunks stores the binary chunks. For details, see The chunks Collection (page 613).
1

The use of the term chunks in the context of GridFS is not related to the use of the term chunks in the context of sharding.

612

Chapter 11. Storage

MongoDB Documentation, Release 3.2.5

• files stores the file’s metadata. For details, see The files Collection (page 613).
GridFS places the collections in a common bucket by prefixing each with the bucket name. By default, GridFS uses
two collections with a bucket named fs:
• fs.files
• fs.chunks
You can choose a different bucket name, as well as create multiple buckets in a single database. The full collection
name, which includes the bucket name, is subject to the namespace length limit.
The chunks Collection
Each document in the chunks 1 collection represents a distinct chunk of a file as represented in GridFS. Documents
in this collection have the following form:
{
"_id" : ,
"files_id" : ,
"n" : ,
"data" :
}

A document from the chunks collection contains the following fields:
chunks._id
The unique ObjectId of the chunk.
chunks.files_id
The _id of the “parent” document, as specified in the files collection.
chunks.n
The sequence number of the chunk. GridFS numbers all chunks, starting with 0.
chunks.data
The chunk’s payload as a BSON Binary type.
The files Collection
Each document in the files collection represents a file in GridFS. Consider a document in the files collection,
which has the following form:
{
"_id" : ,
"length" : ,
"chunkSize" : ,
"uploadDate" : ,
"md5" : ,
"filename" : ,
"contentType" : ,
"aliases" : ,
"metadata" : ,
}

Documents in the files collection contain some or all of the following fields:
files._id
The unique identifier for this document. The _id is of the data type you chose for the original document. The
default type for MongoDB documents is BSON ObjectId.
11.3. GridFS

613

MongoDB Documentation, Release 3.2.5

files.length
The size of the document in bytes.
files.chunkSize
The size of each chunk in bytes. GridFS divides the document into chunks of size chunkSize, except for the
last, which is only as large as needed. The default size is 255 kilobytes (kB).
Changed in version 2.4.10: The default chunk size changed from 256 kB to 255 kB.
files.uploadDate
The date the document was first stored by GridFS. This value has the Date type.
files.md5
An MD5 hash of the complete file returned by the filemd5 command. This value has the String type.
files.filename
Optional. A human-readable name for the GridFS file.
files.contentType
Optional. A valid MIME type for the GridFS file.
files.aliases
Optional. An array of alias strings.
files.metadata
Optional. Any additional information you want to store.
Applications may create additional arbitrary fields.

11.3.4 GridFS Indexes
GridFS uses indexes on each of the chunks and files collections for efficiency. Drivers that conform to the
GridFS specification2 automatically create these indexes for convenience. You can also create any additional indexes
as desired to suit your application’s needs.
The chunks Index
GridFS uses a unique, compound index on the chunks collection using the files_id and n fields. This allows for
efficient retrieval of chunks, as demonstrated in the following example:
db.fs.chunks.find( { files_id: myFileID } ).sort( { n: 1 } )

Drivers that conform to the GridFS specification3 will automatically ensure that this index exists before read and
write operations. See the relevant driver documentation for the specific behavior of your GridFS application.
If this index does not exist, you can issue the following operation to create it using the mongo shell:
db.fs.chunks.createIndex( { files_id: 1, n: 1 }, { unique: true } );

The files Index
GridFS uses an index on the files collection using the filename and uploadDate fields. This index allows for
efficient retrieval of files, as shown in this example:
2 https://github.com/mongodb/specifications/blob/master/source/gridfs/gridfs-spec.rst
3 https://github.com/mongodb/specifications/blob/master/source/gridfs/gridfs-spec.rst

614

Chapter 11. Storage

MongoDB Documentation, Release 3.2.5

db.fs.files.find( { filename: myFileName } ).sort( { uploadDate: 1 } )

Drivers that conform to the GridFS specification4 will automatically ensure that this index exists before read and
write operations. See the relevant driver documentation for the specific behavior of your GridFS application.
If this index does not exist, you can issue the following operation to create it using the mongo shell:
db.fs.files.createIndex( { filename: 1, uploadDate: 1 } );

11.3.5 Additional Resources
• Building MongoDB Applications with Binary Files Using GridFS: Part 15
• Building MongoDB Applications with Binary Files Using GridFS: Part 26

11.4 FAQ: MongoDB Storage
On this page
•
•
•
•
•
•

Storage Engine Fundamentals (page 850)
Can you mix storage engines in a replica set? (page 850)
WiredTiger Storage Engine (page 851)
MMAPv1 Storage Engine (page 852)
Can I manually pad documents to prevent moves during updates? (page 855)
Data Storage Diagnostics (page 855)

This document addresses common questions regarding MongoDB’s storage system.

11.4.1 Storage Engine Fundamentals
What is a storage engine?
A storage engine is the part of a database that is responsible for managing how data is stored, both in memory and on
disk. Many databases support multiple storage engines, where different engines perform better for specific workloads.
For example, one storage engine might offer better performance for read-heavy workloads, and another might support
a higher-throughput for write operations.
See also:
Storage Engines (page 595)

11.4.2 Can you mix storage engines in a replica set?
Yes. You can have a replica set members that use different storage engines.
When designing these multi-storage engine deployments consider the following:
4 https://github.com/mongodb/specifications/blob/master/source/gridfs/gridfs-spec.rst
5 http://www.mongodb.com/blog/post/building-mongodb-applications-binary-files-using-gridfs-part-1?jmp=docs
6 http://www.mongodb.com/blog/post/building-mongodb-applications-binary-files-using-gridfs-part-2?jmp=docs

11.4. FAQ: MongoDB Storage

615

MongoDB Documentation, Release 3.2.5

• the oplog on each member may need to be sized differently to account for differences in throughput between
different storage engines.
• recovery from backups may become more complex if your backup captures data files from MongoDB: you may
need to maintain backups for each storage engine.

11.4.3 WiredTiger Storage Engine
Can I upgrade an existing deployment to a WiredTiger?
Yes. See:
• Change Standalone to WiredTiger (page 597)
• Change Replica Set to WiredTiger (page 598)
• Change Sharded Cluster to WiredTiger (page 599)
How much compression does WiredTiger provide?
The ratio of compressed data to uncompressed data depends on your data and the compression library used. By default,
collection data in WiredTiger use Snappy block compression; zlib compression is also available. Index data use prefix
compression by default.
To what size should I set the WiredTiger cache?
With WiredTiger, MongoDB utilizes both the WiredTiger cache and the filesystem cache.
Changed in version 3.2: Starting in MongoDB 3.2, the WiredTiger cache, by default, will use the larger of either:
• 60% of RAM minus 1 GB, or
• 1 GB.
For systems with up to 10 GB of RAM, the new default setting is less than or equal to the 3.0 default setting (For
MongoDB 3.0, the WiredTiger cache uses either 1 GB or half of the installed physical RAM, whichever is larger).
For systems with more than 10 GB of RAM, the new default setting is greater than the 3.0 setting.
Via the filesystem cache, MongoDB automatically uses all free memory that is not used by the WiredTiger cache or
by other processes. Data in the filesystem cache is compressed.
To adjust the size of the WiredTiger cache, see storage.wiredTiger.engineConfig.cacheSizeGB and
--wiredTigerCacheSizeGB. Avoid increasing the WiredTiger cache size above its default value.
Note: The storage.wiredTiger.engineConfig.cacheSizeGB only limits the size of the WiredTiger
cache, not the total amount of memory used by mongod. The WiredTiger cache is only one component of the RAM
used by MongoDB. MongoDB also automatically uses all free memory on the machine via the filesystem cache (data
in the filesystem cache is compressed).
In addition, the operating system will use any free RAM to buffer filesystem blocks.
To accommodate the additional consumers of RAM, you may have to decrease WiredTiger cache size.
The default WiredTiger cache size value assumes that there is a single mongod instance per machine. If a single machine contains multiple MongoDB instances, then you should decrease the setting to accommodate the other mongod
instances.

616

Chapter 11. Storage

MongoDB Documentation, Release 3.2.5

If you run mongod in a container (e.g. lxc, cgroups, Docker, etc.) that does not have access to all of the RAM
available in a system, you must set storage.wiredTiger.engineConfig.cacheSizeGB to a value less
than the amount of RAM available in the container. The exact amount depends on the other processes running in the
container.
To view statistics on the cache and eviction rate, see the wiredTiger.cache field returned from the
serverStatus command.
How frequently does WiredTiger write to disk?
MongoDB configures WiredTiger to create checkpoints (i.e. write the snapshot data to disk) at intervals of 60 seconds
or 2 gigabytes of journal data.
For journal data, MongoDB writes to disk according to the following intervals or condition:
• New in version 3.2: Every 50 milliseconds.
• MongoDB sets checkpoints to occur in WiredTiger on user data at an interval of 60 seconds or when 2 GB of
journal data has been written, whichever occurs first.
• If the write operation includes a write concern of j:
WiredTiger journal files.

true (page 181), WiredTiger forces a sync of the

11.4.4 MMAPv1 Storage Engine
What are memory mapped files?
A memory-mapped file is a file with data that the operating system places in memory by way of the mmap() system
call. mmap() thus maps the file to a region of virtual memory. Memory-mapped files are the critical piece of the
MMAPv1 storage engine in MongoDB. By using memory mapped files, MongoDB can treat the contents of its data
files as if they were in memory. This provides MongoDB with an extremely fast and simple method for accessing and
manipulating data.
How do memory mapped files work?
MongoDB uses memory mapped files for managing and interacting with all data.
Memory mapping assigns files to a block of virtual memory with a direct byte-for-byte correlation. MongoDB memory
maps data files to memory as it accesses documents. Unaccessed data is not mapped to memory.
Once mapped, the relationship between file and memory allows MongoDB to interact with the data in the file as if it
were memory.
How frequently does MMAPv1 write to disk?
In the default configuration for the MMAPv1 storage engine (page 603), MongoDB writes to the data files on disk
every 60 seconds and writes to the journal files roughly every 100 milliseconds.
To change the interval for writing to the data files, use the storage.syncPeriodSecs setting. For the journal
files, see storage.journal.commitIntervalMs setting.

11.4. FAQ: MongoDB Storage

617

MongoDB Documentation, Release 3.2.5

These values represent the maximum amount of time between the completion of a write operation and when MongoDB
writes to the data files or to the journal files. In many cases MongoDB and the operating system flush data to disk
more frequently, so that the above values represents a theoretical maximum.
Why are the files in my data directory larger than the data in my database?
The data files in your data directory, which is the /data/db directory in default configurations, might be larger than
the data set inserted into the database. Consider the following possible causes:
Preallocated data files

MongoDB preallocates its data files to avoid filesystem fragmentation, and because of this, the size of these files do
not necessarily reflect the size of your data.
The storage.mmapv1.smallFiles option will reduce the size of these files, which may be useful if you have
many small databases on disk.
The oplog

If this mongod is a member of a replica set, the data directory includes the oplog.rs file, which is a preallocated
capped collection in the local database.
The default allocation is approximately 5% of disk space on 64-bit installations. In most cases, you should not need
to resize the oplog. See Oplog Sizing (page 657) for more information.
The journal

The data directory contains the journal files, which store write operations on disk before MongoDB applies them to
databases. See Journaling (page 606).
Empty records

MongoDB maintains lists of empty records in data files as it deletes documents and collections. MongoDB can reuse
this space, but will not, by default, return this space to the operating system.
To allow MongoDB to more effectively reuse the space, you can de-fragment your data. To de-fragment, use the
compact command. The compact requires up to 2 gigabytes of extra disk space to run. Do not use compact if
you are critically low on disk space. For more information on its behavior and other considerations, see compact.
compact only removes fragmentation from MongoDB data files within a collection and does not return any disk space
to the operating system. To return disk space to the operating system, see How do I reclaim disk space? (page 853).
How do I reclaim disk space?
The following provides some options to consider when reclaiming disk space.
Note: You do not need to reclaim disk space for MongoDB to reuse freed space. See Empty records (page 853) for
information on reuse of freed space.

618

Chapter 11. Storage

MongoDB Documentation, Release 3.2.5

repairDatabase

You can use repairDatabase on a database to rebuilds the database, de-fragmenting the associated storage in the
process.
repairDatabase requires free disk space equal to the size of your current data set plus 2 gigabytes. If the volume
that holds dbpath lacks sufficient space, you can mount a separate volume and use that for the repair. For additional
information and considerations, see repairDatabase.
Warning: Do not use repairDatabase if you are critically low on disk space.
repairDatabase will block all other operations and may take a long time to complete.
You can only run repairDatabase on a standalone mongod instance.
You can also run the repairDatabase operation for all databases on the server by restarting your mongod standalone instance with the --repair and --repairpath options. All databases on the server will be unavailable
during this operation.
Resync the Member of the Replica Set

For a secondary member of a replica set, you can perform a resync of the member (page 699) by: stopping the
secondary member to resync, deleting all data and subdirectories from the member’s data directory, and restarting.
For details, see Resync a Member of a Replica Set (page 699).
What is the working set?
Working set represents the total body of data that the application uses in the course of normal operation. Often this is
a subset of the total data size, but the specific size of the working set depends on actual moment-to-moment use of the
database.
If you run a query that requires MongoDB to scan every document in a collection, the working set will expand to
include every document. Depending on physical memory size, this may cause documents in the working set to “page
out,” or to be removed from physical memory by the operating system. The next time MongoDB needs to access these
documents, MongoDB may incur a hard page fault.
For best performance, the majority of your active set should fit in RAM.
What are page faults?
With the MMAPv1 storage engine, page faults can occur as MongoDB reads from or writes data to parts of its data
files that are not currently located in physical memory. In contrast, operating system page faults happen when physical
memory is exhausted and pages of physical memory are swapped to disk.
If there is free memory, then the operating system can find the page on disk and load it to memory directly. However,
if there is no free memory, the operating system must:
• find a page in memory that is stale or no longer needed, and write the page to disk.
• read the requested page from disk and load it into memory.
This process, on an active system, can take a long time, particularly in comparison to reading a page that is already in
memory.
See Page Faults (page 311) for more information.

11.4. FAQ: MongoDB Storage

619

MongoDB Documentation, Release 3.2.5

What is the difference between soft and hard page faults?
Page faults occur when MongoDB, with the MMAP storage engine, needs access to data that isn’t currently in active
memory. A “hard” page fault refers to situations when MongoDB must access a disk to access the data. A “soft” page
fault, by contrast, merely moves memory pages from one list to another, such as from an operating system file cache.
See Page Faults (page 311) for more information.

11.4.5 Can I manually pad documents to prevent moves during updates?
Changed in version 3.0.0.
With the MMAPv1 storage engine (page 603), an update can cause a document to move on disk if the document grows
in size. To minimize document movements, MongoDB uses padding.
You should not have to pad manually because by default, MongoDB uses Power of 2 Sized Allocations (page 604) to
add padding automatically (page 604). The Power of 2 Sized Allocations (page 604) ensures that MongoDB allocates
document space in sizes that are powers of 2, which helps ensure that MongoDB can efficiently reuse free space
created by document deletion or relocation as well as reduce the occurrences of reallocations in many cases.
However, if you must pad a document manually, you can add a temporary field to the document and then $unset the
field, as in the following example.
Warning: Do not manually pad documents in a capped collection. Applying manual padding to a document in a
capped collection can break replication. Also, the padding is not preserved if you re-sync the MongoDB instance.
var myTempPadding = [ "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"];
db.myCollection.insert( { _id: 5, paddingField: myTempPadding } );
db.myCollection.update( { _id: 5 },
{ $unset: { paddingField: "" } }
)
db.myCollection.update( { _id: 5 },
{ $set: { realField: "Some text that I might have needed padding for" } }
)

See also:
Record Allocation Strategies (page 604)

11.4.6 Data Storage Diagnostics
How can I check the size of a collection?
To view the statistics for a collection, including the data size, use the db.collection.stats() method from the
mongo shell. The following example issues db.collection.stats() for the orders collection:
db.orders.stats();

MongoDB also provides the following methods to return specific sizes for the collection:
• db.collection.dataSize() to return data size in bytes for the collection.
620

Chapter 11. Storage

MongoDB Documentation, Release 3.2.5

• db.collection.storageSize() to return allocation size in bytes, including unused space.
• db.collection.totalSize() to return the data size plus the index size in bytes.
• db.collection.totalIndexSize() to return the index size in bytes.
The following script prints the statistics for each database:
db._adminCommand("listDatabases").databases.forEach(function (d) {
mdb = db.getSiblingDB(d.name);
printjson(mdb.stats());
})

The following script prints the statistics for each collection in each database:
db._adminCommand("listDatabases").databases.forEach(function (d) {
mdb = db.getSiblingDB(d.name);
mdb.getCollectionNames().forEach(function(c) {
s = mdb[c].stats();
printjson(s);
})
})

How can I check the size of indexes for a collection?
To view the size of the data allocated for an index, use the db.collection.stats() method and check the
indexSizes field in the returned document.
How can I get information on the storage use of a database?
The db.stats() method in the mongo shell returns the current state of the “active” database. For the description
of the returned fields, see dbStats Output.

11.4. FAQ: MongoDB Storage

621

MongoDB Documentation, Release 3.2.5

622

Chapter 11. Storage

CHAPTER 12

Replication

A replica set in MongoDB is a group of mongod processes that maintain the same data set. Replica sets provide
redundancy and high availability, and are the basis for all production deployments. This section introduces replication
in MongoDB as well as the components and architecture of replica sets. The section also provides tutorials for common
tasks related to replica sets.
Replication Introduction (page 623) An introduction to replica sets, their behavior, operation, and use.
Replication Concepts (page 627) The core documentation of replica set operations, configurations, architectures and
behaviors.
Replica Set Members (page 628) Introduces the components of replica sets.
Replica Set Deployment Architectures (page 636) Introduces architectural considerations related to replica
sets deployment planning.
Replica Set High Availability (page 644) Presents the details of the automatic failover and recovery process
with replica sets.
Replica Set Read and Write Semantics (page 648) Presents the semantics for targeting read and write operations to the replica set, with an awareness of location and set configuration.
Replica Set Tutorials (page 665) Tutorials for common tasks related to the use and maintenance of replica sets.
Replication Reference (page 716) Reference for functions and operations related to replica sets.

12.1 Replication Introduction
On this page
• Redundancy and Data Availability (page 623)
• Replication in MongoDB (page 624)
• Additional Resources (page 627)
Replication is the process of synchronizing data across multiple servers.

12.1.1 Redundancy and Data Availability
Replication provides redundancy and increases data availability. With multiple copies of data on different database
servers, replication provides a level of fault tolerance against the loss of a single database server.

623

MongoDB Documentation, Release 3.2.5

In some cases, replication can provide increased read capacity as clients can send read operations to different servers.
Maintaining copies of data in different data centers can increase data locality and availability for distributed applications. You can also maintain additional copies for dedicated purposes, such as disaster recovery, reporting, or backup.

12.1.2 Replication in MongoDB
A replica set is a group of mongod instances that maintain the same data set. A replica set contains several data
bearing nodes and optionally one arbiter node. Of the data bearing nodes, one and only one member is deemed the
primary node, while the other nodes are deemed secondary nodes.
The primary node (page 628) receives all write operations. A replica set can have only one primary capable of
confirming writes with { w: "majority" } (page 180) write concern; although in some circumstances, another
mongod instance may transiently believe itself to also be primary. 1 The primary records all changes to its data sets
in its operation log, i.e. oplog (page 656). For more information on primary node operation, see Replica Set Primary
(page 628).

1 In some circumstances (page 729), two nodes in a replica set may transiently believe that they are the primary, but at most, one of them
will be able to complete writes with { w: "majority" } (page 180) write concern. The node that can complete { w: "majority" }
(page 180) writes is the current primary, and the other node is a former primary that has not yet recognized its demotion, typically due to a network
partition. When this occurs, clients that connect to the former primary may observe stale data despite having requested read preference primary
(page 728), and new writes to the former primary will eventually roll back.

624

Chapter 12. Replication

MongoDB Documentation, Release 3.2.5

The secondaries (page 628) replicate the primary’s oplog and apply the operations to their data sets such that the
secondaries’ data sets reflect the primary’s data set. If the primary is unavailable, an eligible secondary will hold
an election to elect itself the new primary. For more information on secondary members, see Replica Set Secondary
Members (page 628).

You may add an extra mongod instance to a replica set as an arbiter (page 635). Arbiters do not maintain a data set.
The purpose of an arbiter is to maintain a quorum in a replica set by responding to heartbeat and election requests
by other replica set members. Because they do not store a data set, arbiters can be a good way to provide replica set
quorum functionality with a cheaper resource cost than a fully functional replica set member with a data set. If your
replica set has an even number of members, add an arbiter to obtain a majority of votes in an election for primary.
Arbiters do not require dedicated hardware. For more information on arbiters, see Replica Set Arbiter (page 635).

An arbiter (page 635) will always be an arbiter whereas a primary (page 628) may step down and become a secondary
(page 628) and a secondary (page 628) may become the primary during an election.
Asynchronous Replication
Secondaries apply operations from the primary asynchronously. By applying operations after the primary, sets can
continue to function despite the failure of one or more members. For more information on replication mechanics, see
Replica Set Oplog (page 656) and Replica Set Data Synchronization (page 658).

12.1. Replication Introduction

625

MongoDB Documentation, Release 3.2.5

Automatic Failover
When a primary does not communicate with the other members of the set for more than 10 seconds, an eligible
secondary will hold an election to elect itself the new primary. The first secondary to hold an election and receive a
majority of the members’ votes becomes primary.
New in version 3.2: MongoDB introduces a version 1 of the replication protocol (protocolVersion: 1
(page 718)) to reduce replica set failover time and accelerates the detection of multiple simultaneous primaries. New
replica sets will, by default, use protocolVersion: 1 (page 718). Previous versions of MongoDB use version
0 of the protocol.

See Replica Set Elections (page 644) and Rollbacks During Replica Set Failover (page 647) for more information.
Read Operations
By default, clients read from the primary 1 ; however, clients can specify a read preference (page 651) to send read
operations to secondaries. Asynchronous replication (page 625) to secondaries means that reads from secondaries may
return data that does not reflect the state of the data on the primary. For information on reading from replica sets, see
Read Preference (page 651).
In MongoDB, clients can see the results of writes before the writes are durable:
• Regardless of write concern (page 179), other clients using "local" (page 182) (i.e. the default) readConcern
can see the result of a write operation before the write operation is acknowledged to the issuing client.
626

Chapter 12. Replication

MongoDB Documentation, Release 3.2.5

• Clients using "local" (page 182) (i.e. the default) readConcern can read data which may be subsequently
rolled back (page 647).
For more information on read isolations, consistency and recency for MongoDB, see Read Isolation, Consistency, and
Recency (page 133).
Additional Features
Replica sets provide a number of options to support application needs. For example, you may deploy a replica
set with members in multiple data centers (page 642), or control the outcome of elections by adjusting the
members[n].priority (page 720) of some members. Replica sets also support dedicated members for reporting,
disaster recovery, or backup functions.
See Priority 0 Replica Set Members (page 631), Hidden Replica Set Members (page 633) and Delayed Replica Set
Members (page 634) for more information.

12.1.3 Additional Resources
• Quick Reference Cards2
• Webinar: Managing Your Mission Critical App - Ensuring Zero Downtime3

12.2 Replication Concepts
These documents describe and provide examples of replica set operation, configuration, and behavior. For an overview
of replication, see Replication Introduction (page 623). For documentation of the administration of replica sets, see
Replica Set Tutorials (page 665). The Replication Reference (page 716) documents commands and operations specific
to replica sets.
Replica Set Members (page 628) Introduces the components of replica sets.
Replica Set Primary (page 628) The primary is the only member of a replica set that accepts write operations.
Replica Set Secondary Members (page 628) Secondary members replicate the primary’s data set and accept
read operations. If the set has no primary, a secondary can become primary.
Priority 0 Replica Set Members (page 631) Priority 0 members are secondaries that cannot become the primary.
Hidden Replica Set Members (page 633) Hidden members are secondaries that are invisible to applications.
These members support dedicated workloads, such as reporting or backup.
Replica Set Arbiter (page 635) An arbiter does not maintain a copy of the data set but participate in elections.
Replica Set Deployment Architectures (page 636) Introduces architectural considerations related to replica sets deployment planning.
Replica Set High Availability (page 644) Presents the details of the automatic failover and recovery process with
replica sets.
Replica Set Elections (page 644) Elections occur when the primary becomes unavailable and the replica set
members autonomously select a new primary.
Read Preference (page 651) Read preference specifies where (i.e. which members of the replica set) the drivers
should direct the read operations.
2 https://www.mongodb.com/lp/misc/quick-reference-cards?jmp=docs
3 http://www.mongodb.com/webinar/managing-mission-critical-app-downtime?jmp=docs

12.2. Replication Concepts

627

MongoDB Documentation, Release 3.2.5

Replication Processes (page 656) Mechanics of the replication process and related topics.
Master Slave Replication (page 659) Master-slave replication provided redundancy in early versions of MongoDB.
Replica sets replace master-slave for most use cases.

12.2.1 Replica Set Members
A replica set in MongoDB is a group of mongod processes that provide redundancy and high availability. The
members of a replica set are:
Primary (page ??). The primary receives all write operations.
Secondaries (page ??). Secondaries replicate operations from the primary to maintain an identical data set. Secondaries may have additional configurations for special usage profiles. For example, secondaries may be nonvoting (page 646) or priority 0 (page 631).
You can also maintain an arbiter (page ??) as part of a replica set. Arbiters do not keep a copy of the data. However,
arbiters play a role in the elections that select a primary if the current primary is unavailable.
The minimum requirements for a replica set are: A primary (page ??), a secondary (page ??), and an arbiter (page ??).
Most deployments, however, will keep three members that store data: A primary (page ??) and two secondary members
(page ??).
Changed in version 3.0.0: A replica set can have up to 50 members (page 942) but only 7 voting members.
previous versions, replica sets can have up to 12 members.

Replica Set Primary
The primary is the only member in the replica set that receives write operations. MongoDB applies write operations
on the primary and then records the operations on the primary’s oplog (page 656). Secondary (page ??) members
replicate this log and apply the operations to their data sets.
In the following three-member replica set, the primary accepts all write operations. Then the secondaries replicate the
oplog to apply to their data sets.
All members of the replica set can accept read operations. However, by default, an application directs its read operations to the primary member. See Read Preference (page 651) for details on changing the default read behavior.
The replica set can have at most one primary. 5 If the current primary becomes unavailable, an election determines the
new primary. See Replica Set Elections (page 644) for more details.
In the following 3-member replica set, the primary becomes unavailable. This triggers an election which selects one
of the remaining secondaries as the new primary.
Replica Set Secondary Members
A secondary maintains a copy of the primary’s data set. To replicate data, a secondary applies operations from the
primary’s oplog (page 656) to its own data set in an asynchronous process. A replica set can have one or more
secondaries.
4 While replica sets are the recommended solution for production, a replica set can support up to 50 members in total. If your deployment
requires more than 50 members, you’ll need to use master-slave (page 659) replication. However, master-slave replication lacks the automatic
failover capabilities.
5 In some circumstances (page 729), two nodes in a replica set may transiently believe that they are the primary, but at most, one of them
will be able to complete writes with { w: "majority" } (page 180) write concern. The node that can complete { w: "majority" }
(page 180) writes is the current primary, and the other node is a former primary that has not yet recognized its demotion, typically due to a network
partition. When this occurs, clients that connect to the former primary may observe stale data despite having requested read preference primary
(page 728), and new writes to the former primary will eventually roll back.

628

Chapter 12. Replication

MongoDB Documentation, Release 3.2.5

12.2. Replication Concepts

629

MongoDB Documentation, Release 3.2.5

630

Chapter 12. Replication

MongoDB Documentation, Release 3.2.5

The following three-member replica set has two secondary members. The secondaries replicate the primary’s oplog
and apply the operations to their data sets.

Although clients cannot write data to secondaries, clients can read data from secondary members. See Read Preference
(page 651) for more information on how clients direct read operations to replica sets.
A secondary can become a primary. If the current primary becomes unavailable, the replica set holds an election to
choose which of the secondaries becomes the new primary.
In the following three-member replica set, the primary becomes unavailable. This triggers an election where one of
the remaining secondaries becomes the new primary.
See Replica Set Elections (page 644) for more details.
You can configure a secondary member for a specific purpose. You can configure a secondary to:
• Prevent it from becoming a primary in an election, which allows it to reside in a secondary data center or to
serve as a cold standby. See Priority 0 Replica Set Members (page 631).
• Prevent applications from reading from it, which allows it to run applications that require separation from normal
traffic. See Hidden Replica Set Members (page 633).
• Keep a running “historical” snapshot for use in recovery from certain errors, such as unintentionally deleted
databases. See Delayed Replica Set Members (page 634).
Priority 0 Replica Set Members

On this page
• Priority 0 Members as Standbys (page 633)
• Priority 0 Members and Failover (page 633)
• Configuration (page 633)
A priority 0 member is a secondary that cannot become primary. Priority 0 members cannot trigger elections.
Otherwise these members function as normal secondaries. A priority 0 member maintains a copy of the data set,
accepts read operations, and votes in elections. Configure a priority 0 member to prevent secondaries from becoming
primary, which is particularly useful in multi-data center deployments.
In a three-member replica set, in one data center hosts the primary and a secondary. A second data center hosts one
priority 0 member that cannot become primary.
12.2. Replication Concepts

631

MongoDB Documentation, Release 3.2.5

632

Chapter 12. Replication

MongoDB Documentation, Release 3.2.5

Priority 0 Members as Standbys A priority 0 member can function as a standby. In some replica sets, it might not
be possible to add a new member in a reasonable amount of time. A standby member keeps a current copy of the data
to be able to replace an unavailable member.
In many cases, you need not set standby to priority 0. However, in sets with varied hardware or geographic distribution
(page 642), a priority 0 standby ensures that only qualified members become primary.
A priority 0 standby may also be valuable for some members of a set with different hardware or workload profiles.
In these cases, deploy a member with priority 0 so it can’t become primary. Also consider using an hidden member
(page 633) for this purpose.
If your set already has seven voting members, also configure the member as non-voting (page 646).
Priority 0 Members and Failover When configuring a priority 0 member, consider potential failover patterns,
including all possible network partitions. Always ensure that your main data center contains both a quorum of voting
members and contains members that are eligible to be primary.
Configuration To configure a priority 0 member, see Prevent Secondary from Becoming Primary (page 686).
Hidden Replica Set Members

On this page
• Behavior (page 633)
• Further Reading (page 634)
A hidden member maintains a copy of the primary’s data set but is invisible to client applications. Hidden members
are good for workloads with different usage patterns from the other members in the replica set. Hidden members must
always be priority 0 members (page 631) and so cannot become primary. The db.isMaster() method does not
display hidden members. Hidden members, however, may vote in elections (page 644).
In the following five-member replica set, all four secondary members have copies of the primary’s data set, but one of
the secondary members is hidden.

Behavior

12.2. Replication Concepts

633

MongoDB Documentation, Release 3.2.5

Read Operations Clients will not distribute reads with the appropriate read preference (page 651) to hidden members. As a result, these members receive no traffic other than basic replication. Use hidden members for dedicated
tasks such as reporting and backups. Delayed members (page 634) should be hidden.
In a sharded cluster, mongos do not interact with hidden members.
Voting Hidden members may vote in replica set elections. If you stop a voting hidden member, ensure that the set
has an active majority or the primary will step down.
For the purposes of backups,
• If using the MMAPv1 storage engine, you can avoid stopping a hidden member with the db.fsyncLock()
and db.fsyncUnlock() operations to flush all writes and lock the mongod instance for the duration of the
backup operation.
• Changed in version 3.2: Starting in MongoDB 3.2, db.fsyncLock() can ensure that the data files do not
change for MongoDB instances using either the MMAPv1 or the WiredTiger storage engine, thus providing
consistency for the purposes of creating backups.
In previous MongoDB version, db.fsyncLock() cannot guarantee a consistent set of files for low-level
backups (e.g. via file copy cp, scp, tar) for WiredTiger.
Further Reading For more information about backing up MongoDB databases, see MongoDB Backup Methods
(page 282). To configure a hidden member, see Configure a Hidden Replica Set Member (page 687).
Delayed Replica Set Members

On this page
• Considerations (page 634)
• Example (page 635)
• Configuration (page 635)
Delayed members contain copies of a replica set’s data set. However, a delayed member’s data set reflects an earlier,
or delayed, state of the set. For example, if the current time is 09:52 and a member has a delay of an hour, the delayed
member has no operation more recent than 08:52.
Because delayed members are a “rolling backup” or a running “historical” snapshot of the data set, they may help
you recover from various kinds of human error. For example, a delayed member can make it possible to recover from
unsuccessful application upgrades and operator errors including dropped databases and collections.
Considerations
Requirements Delayed members:
• Must be priority 0 (page 631) members. Set the priority to 0 to prevent a delayed member from becoming
primary.
• Should be hidden (page 633) members. Always prevent applications from seeing and querying delayed members.
• do vote in elections for primary, if members[n].votes (page 721) is set to 1.

634

Chapter 12. Replication

MongoDB Documentation, Release 3.2.5

Behavior Delayed members copy and apply operations from the source oplog on a delay. When choosing the amount
of delay, consider that the amount of delay:
• must be equal to or greater than your expected maintenance window durations.
• must be smaller than the capacity of the oplog. For more information on oplog size, see Oplog Size (page 657).
Sharding In sharded clusters, delayed members have limited utility when the balancer is enabled. Because delayed
members replicate chunk migrations with a delay, the state of delayed members in a sharded cluster are not useful for
recovering to a previous state of the sharded cluster if any migrations occur during the delay window.
Example In the following 5-member replica set, the primary and all secondaries have copies of the data set. One
member applies operations with a delay of 3600 seconds (one hour). This delayed member is also hidden and is a
priority 0 member.

Configuration A delayed member has its members[n].priority (page 720) equal to 0,
members[n].hidden (page 720) equal to true, and its members[n].slaveDelay (page 721) equal
to the number of seconds of delay:
{
"_id" : ,
"host" : ,
"priority" : 0,
"slaveDelay" : ,
"hidden" : true
}

To configure a delayed member, see Configure a Delayed Replica Set Member (page 689).
Replica Set Arbiter

On this page
• Example (page 636)
• Security (page 636)

12.2. Replication Concepts

635

MongoDB Documentation, Release 3.2.5

An arbiter does not have a copy of data set and cannot become a primary. Replica sets may have arbiters to add a
vote in elections of for primary (page 644). Arbiters always have exactly 1 vote election, and thus allow replica sets
to have an uneven number of members, without the overhead of a member that replicates data.
Important: Do not run an arbiter on systems that also host the primary or the secondary members of the replica set.
Only add an arbiter to sets with even numbers of members. If you add an arbiter to a set with an odd number of
members, the set may suffer from tied elections. To add an arbiter, see Add an Arbiter to Replica Set (page 677).
Example

For example, in the following replica set, an arbiter allows the set to have an odd number of votes for elections:

Security

Authentication When running with authorization, arbiters exchange credentials with other members of the
set to authenticate. MongoDB encrypts the authentication process. The MongoDB authentication exchange is cryptographically secure.
Arbiters use keyfiles to authenticate to the replica set.
Communication The only communication between arbiters and other set members are: votes during elections,
heartbeats, and configuration data. These exchanges are not encrypted.
However, if your MongoDB deployment uses TLS/SSL, MongoDB will encrypt all communication between replica
set members. See Configure mongod and mongos for TLS/SSL (page 451) for more information.
As with all MongoDB components, run arbiters in trusted network environments.

12.2.2 Replica Set Deployment Architectures

636

Chapter 12. Replication

MongoDB Documentation, Release 3.2.5

On this page
• Strategies (page 637)
• Replica Set Naming (page 638)
• Deployment Patterns (page 638)
The architecture of a replica set affects the set’s capacity and capability. This document provides strategies for replica
set deployments and describes common architectures.
The standard replica set deployment for production system is a three-member replica set. These sets provide redundancy and fault tolerance. Avoid complexity when possible, but let your application requirements dictate the
architecture.
Strategies
Determine the Number of Members

Add members in a replica set according to these strategies.
Maximum Number of Voting Members A replica set can have up to 50 members, but only 7 voting
members. 6 If the replica set already has 7 voting members, additional members must be non-voting members
(page 646).
Deploy an Odd Number of Members Ensure that the replica set has an odd number of voting members. If you have
an even number of voting members, deploy an arbiter (page ??) so that the set has an odd number of voting members.
An arbiter does not store a copy of the data and requires fewer resources. As a result, you may run an arbiter on
an application server or other shared process. With no copy of the data, it may be possible to place an arbiter into
environments that you would not place other members of the replica set. Consult your security policies.
Warning: In general, avoid deploying more than one arbiter per replica set.

Consider Fault Tolerance Fault tolerance for a replica set is the number of members that can become unavailable
and still leave enough members in the set to elect a primary. In other words, it is the difference between the number
of members in the set and the majority of voting members needed to elect a primary. Without a primary, a replica set
cannot accept write operations. Fault tolerance is an effect of replica set size, but the relationship is not direct. See the
following table:
Number of Members
3
4
5
6

Majority Required to Elect a New Primary
2
3
3
4

Fault Tolerance
1
1
2
2

Adding a member to the replica set does not always increase the fault tolerance. However, in these cases, additional
members can provide support for dedicated functions, such as backups or reporting.
6

While replica sets are the recommended solution for production, a replica set can support up to 50 members in total. If your deployment
requires more than 50 members, you’ll need to use master-slave (page 659) replication. However, master-slave replication lacks the automatic
failover capabilities.

12.2. Replication Concepts

637

MongoDB Documentation, Release 3.2.5

Use Hidden and Delayed Members for Dedicated Functions Add hidden (page 633) or delayed (page 634) members to support dedicated functions, such as backup or reporting.
Load Balance on Read-Heavy Deployments In a deployment with very high read traffic, you can improve read
throughput by distributing reads to secondary members. As your deployment grows, add or move members to alternate
data centers to improve redundancy and availability.
Always ensure that the main facility is able to elect a primary.
Add Capacity Ahead of Demand The existing members of a replica set must have spare capacity to support adding
a new member. Always add new members before the current demand saturates the capacity of the set.
Distribute Members Geographically

To protect your data in case of a data center failure, keep at least one member in an alternate data center. If possible,
use an odd number of data centers, and choose a distribution of members that maximizes the likelihood that even with
a loss of a data center, the remaining replica set members can form a majority or at minimum, provide a copy of your
data.
To ensure that the members in your main data center be elected primary before the members in the alternate data
center, set the members[n].priority (page 720) of the members in the alternate data center to be lower than that
of the members in the primary data center.
For more information, see Replica Sets Distributed Across Two or More Data Centers (page 642)
Target Operations with Tag Sets

Use replica set tag sets (page 700) to target read operations to specific members or to customize write concern to
request acknowledgement from specific members.
See also:
Data Center Awareness (page 308) and Operational Segregation in MongoDB Deployments (page 308).
Use Journaling to Protect Against Power Failures

MongoDB enables journaling (page 606) by default. Journaling protects against data loss in the event of service
interruptions, such as power failures and unexpected reboots.
Replica Set Naming
If your application connects to more than one replica set, each set should have a distinct name. Some drivers group
replica set connections by replica set name.
Deployment Patterns
The following documents describe common replica set deployment patterns. Other patterns are possible and effective
depending on the application’s requirements. If needed, combine features of each architecture in your own deployment:
Three Member Replica Sets (page 639) Three-member replica sets provide the minimum recommended architecture
for a replica set.

638

Chapter 12. Replication

MongoDB Documentation, Release 3.2.5

Replica Sets Distributed Across Two or More Data Centers (page 642) Geographically distributed sets include
members in multiple locations to protect against facility-specific failures, such as power outages.
Three Member Replica Sets

On this page
• Primary with Two Secondary Members (page 639)
• Primary with a Secondary and an Arbiter (page 639)
The minimum architecture of a replica set has three members. A three member replica set can have either three
members that hold data, or two members that hold data and an arbiter.
Primary with Two Secondary Members A replica set with three members that store data has:
• One primary (page 628).
• Two secondary (page 628) members. Both secondaries can become the primary in an election (page 644).

These deployments provide two complete copies of the data set at all times in addition to the primary. These replica
sets provide additional fault tolerance and high availability (page 644). If the primary is unavailable, the replica set
elects a secondary to be primary and continues normal operation. The old primary rejoins the set when available.
Primary with a Secondary and an Arbiter A three member replica set with a two members that store data has:
• One primary (page 628).
• One secondary (page 628) member. The secondary can become primary in an election (page 644).
• One arbiter (page 635). The arbiter only votes in elections.
Since the arbiter does not hold a copy of the data, these deployments provides only one complete copy of the data.
Arbiters require fewer resources, at the expense of more limited redundancy and fault tolerance.
However, a deployment with a primary, secondary, and an arbiter ensures that a replica set remains available if the
primary or the secondary is unavailable. If the primary is unavailable, the replica set will elect the secondary to be
primary.
See also:
12.2. Replication Concepts

639

MongoDB Documentation, Release 3.2.5

640

Chapter 12. Replication

MongoDB Documentation, Release 3.2.5

12.2. Replication Concepts

641

MongoDB Documentation, Release 3.2.5

Deploy a Replica Set (page 667).
Replica Sets Distributed Across Two or More Data Centers

On this page
•
•
•
•
•

Overview (page 642)
Distribution of the Members (page 642)
Electability of Members (page 643)
Connectivity (page 643)
Additional Resource (page 644)

Overview While replica sets provide basic protection against single-instance failure, replica sets whose members
are all located in a single data center are susceptible to data center failures. Power outages, network interruptions, and
natural disasters are all issues that can affect replica sets whose members are located in a single facility.
Distributing replica set members across geographically distincts data centers adds redundancy and provides fault tolerance if one of the data centers is unavailable.
Distribution of the Members To protect your data in case of a data center failure, keep at least one member in
an alternate data center. If possible, use an odd number of data centers, and choose a distribution of members that
maximizes the likelihood that even with a loss of a data center, the remaining replica set members can form a majority
or at minimum, provide a copy of your data.
Examples
Three-member Replica Set For example, for a three-member replica set, some possible distributions of members
include:
• Two data centers: two members to Data Center 1 and one member to Data Center 2. If one of the members of
the replica set is an arbiter, distribute the arbiter to Data Center 1 with a data-bearing member.
– If Data Center 1 goes down, the replica set becomes read-only.
– If Data Center 2 goes down, the replica set remains writeable as the members in Data Center 1 can hold an
election.
• Three data centers: one members to Data Center 1, one member to Data Center 2, and one member to Data
Center 3.
– If any Data Center goes down, the replica set remains writeable as the remaining members can hold an
election.
Five-member Replica Set For a replica set with 5 members, some possible distributions of members include:
• Two data centers: three members to Data Center 1 and two members to Data Center 2.
– If Data Center 1 goes down, the replica set becomes read-only.
– If Data Center 2 goes down, the replica set remains writeable as the members in Data Center 1 can create
a majority.

642

Chapter 12. Replication

MongoDB Documentation, Release 3.2.5

• Three data centers: two member to Data Center 1, two members to Data Center 2, and one member to site Data
Center 3.
– If any Data Center goes down, the replica set remains writeable as the remaining members can hold an
election.
For example, the following 5 member replica set distributes its members across three data centers.

Electability of Members Some members of the replica set, such as members that have networking restraint or
limited resources, should not be able to become primary in a failover. Configure members that should not become
primary to have priority 0 (page 631).
In some cases, you may prefer that the members in one data center be elected primary before the members in the other
data centers. You can modify the priority (page 720) of the members such that the members in the one data center
has higher priority (page 720) than the members in the other data centers.
In the following example, the replica set members in Data Center 1 have a higher priority than the members in Data
Center 2 and 3; the members in Data Center 2 have a higher priority than the member in Data Center 3:

Connectivity Verify that your network configuration allows communication among all members; i.e. each member
must be able to connect to every other member.
See also:
Deploy a Geographically Redundant Replica Set (page 672), Deploy a Replica Set (page 667), Add an Arbiter to
Replica Set (page 677), and Add Members to a Replica Set (page 679).

12.2. Replication Concepts

643

MongoDB Documentation, Release 3.2.5

Additional Resource
• Whitepaper: MongoDB Multi-Data Center Deployments7
• Webinar: Multi-Data Center Deployment8

12.2.3 Replica Set High Availability
Replica sets provide high availability using automatic failover. Failover allows a secondary member to become primary if the current primary becomes unavailable.
Changed in version 3.2: MongoDB introduces a version 1 of the replication protocol (protocolVersion: 1
(page 718)) to reduce replica set failover time and accelerates the detection of multiple simultaneous primaries. New
replica sets will, by default, use protocolVersion: 1 (page 718). Previous versions of MongoDB use version
0 of the protocol. To upgrade existing replica sets to use protocolVersion: 1 (page 718), see Upgrade a
Replica Set to 3.2 (page 902).
Replica set members keep the same data set but are otherwise independent. If the primary becomes unavailable, an
eligible secondary holds an election (page 644) to elect itself as a new primary. In some situations, the failover process
may undertake a rollback (page 647). 9
Replica Set Elections

On this page
• Factors and Conditions that Affect Elections (page 644)
• Non-Voting Members (page 646)
Replica sets use elections to determine which set member will become primary. Elections occur after initiating a
replica set, and also any time the primary becomes unavailable. The primary is the only member in the set that can
accept write operations. If a primary becomes unavailable, elections allow the set to recover normal operations without
manual intervention. Elections are part of the failover process (page 644).
In the following three-member replica set, the primary is unavailable. One of the remaining secondaries holds an
election to elect itself as a new primary.
Elections are essential for independent operation of a replica set; however, elections take time to complete. While
an election is in process, the replica set has no primary and cannot accept writes and all remaining members become
read-only. MongoDB avoids elections unless necessary.
If a majority of the replica set is inaccessible or unavailable to the current primary, the primary will step down and
become a secondary. The replica set cannot accept writes after this occurs, but remaining members can continue to
serve read queries if such queries are configured to run on secondaries.
Factors and Conditions that Affect Elections

Replication Election Protocol New in version 3.2: MongoDB introduces a version 1 of the replication protocol
(protocolVersion: 1 (page 718)) to reduce replica set failover time and accelerates the detection of multiple
simultaneous primaries. New replica sets will, by default, use protocolVersion: 1 (page 718). Previous
versions of MongoDB use version 0 of the protocol.
7 http://www.mongodb.com/lp/white-paper/multi-dc?jmp=docs
8 https://www.mongodb.com/presentations/webinar-multi-data-center-deployment?jmp=docs
9

Replica sets remove “rollback” data when needed without intervention. Administrators must apply or discard rollback data manually.

644

Chapter 12. Replication

MongoDB Documentation, Release 3.2.5

12.2. Replication Concepts

645

MongoDB Documentation, Release 3.2.5

Heartbeats Replica set members send heartbeats (pings) to each other every two seconds. If a heartbeat does not
return within 10 seconds, the other members mark the delinquent member as inaccessible.
Member Priority After a replica set has a stable primary, the election algorithm will make a “best-effort” attempt
to have the secondary with the highest priority (page 720) available call an election. Higher priority secondaries
call elections relatively sooner than lower priority secondaries; however, a lower priority node can still be elected as
primary for brief periods of time, even if a higher priority secondary is available. Replica set members will continue
to call elections until the highest priority available member becomes primary.
Members with a priority value of 0 cannot become primary and do not seek election. For details, see Priority 0 Replica
Set Members (page 631).
Loss of a Data Center With a distributed replica set, the loss of a data center may affect the ability of the remaining
members in other data center or data centers to elect a primary.
If possible, distribute the replica set members across data centers to maximize the likelihood that even with a loss of a
data center, one of the remaining replica set members can become the new primary.
See also:
Replica Sets Distributed Across Two or More Data Centers (page 642)
Network Partition A network partition may segregate a primary into a partition with a minority of nodes. When
the primary detects that it can only see a minority of nodes in the replica set, the primary steps down as primary and
becomes a secondary. Independently, a member in the partition that can communicate with a majority of the nodes
(including itself) holds an election to become the new primary.
Vetoes in Elections Changed in version 3.2: The protocolVersion: 1 (page 718) obviates the need for
vetos. The following veto discussion applies to replica sets that use the older protocolVersion: 0 (page 718).
For replica sets using protocolVersion: 0 (page 718), all members of a replica set can veto an election,
including non-voting members (page 646). A member will veto an election:
• If the member seeking an election is not a member of the voter’s set.
• If the current primary has more recent operations (i.e. a higher optime) than the member seeking election,
from the perspective of another voting member.
• If the current primary has the same or more recent operations (i.e. a higher or equal optime) than the member
seeking election.
• If a priority 0 member (page 631) 10 is the most current member at the time of the election. In this case, another
eligible member of the set will catch up to the state of the priority 0 member (page 631) member and then
attempt to become primary.
• If the member seeking an election has a lower priority than another member in the set that is also eligible for
election.
Non-Voting Members

Although non-voting members do not vote in elections, these members hold copies of the replica set’s data and can
accept read operations from client applications.
10

Hidden (page 633) and delayed (page 634) imply priority 0 (page 631) configuration.

646

Chapter 12. Replication

MongoDB Documentation, Release 3.2.5

Because a replica set can have up to 50 members, but only 7 voting members, non-voting members allow a
replica set to have more than seven members.
For instance, the following nine-member replica set has seven voting members and two non-voting members.

A non-voting member has a members[n].votes (page 721) setting equal to 0 in its member configuration:
{
"_id" :
"host" : ,
"votes" : 0
}

Important: Do not alter the number of votes to control which members will become primary. Instead, modify the
members[n].priority (page 720) option. Only alter the number of votes in exceptional cases. For example, to
permit more than seven members.
To configure a non-voting member, see Configure Non-Voting Replica Set Member (page 690).
Rollbacks During Replica Set Failover

On this page
• Collect Rollback Data (page 648)
• Avoid Replica Set Rollbacks (page 648)
• Rollback Limitations (page 648)
A rollback reverts write operations on a former primary when the member rejoins its replica set after a failover.
A rollback is necessary only if the primary had accepted write operations that the secondaries had not successfully
replicated before the primary stepped down. When the primary rejoins the set as a secondary, it reverts, or “rolls back,”
its write operations to maintain database consistency with the other members.
MongoDB attempts to avoid rollbacks, which should be rare. When a rollback does occur, it is often the result of a
network partition. Secondaries that can not keep up with the throughput of operations on the former primary, increase
the size and impact of the rollback.
A rollback does not occur if the write operations replicate to another member of the replica set before the primary
steps down and if that member remains available and accessible to a majority of the replica set.
12.2. Replication Concepts

647

MongoDB Documentation, Release 3.2.5

Collect Rollback Data

When a rollback does occur, MongoDB writes the rollback data to BSON files in the rollback/ folder under the
database’s dbPath directory. The names of rollback files have the following form:
...bson

For example:
records.accounts.2011-05-09T18-10-04.0.bson

To read the contents of the rollback files, use bsondump. Based on the content and the knowledge of their applications, administrators can decide the next course of action to take.
Avoid Replica Set Rollbacks

For replica sets, the default write concern {w: 1} (page 179) only provides acknowledgement of write operations
on the primary. With the default write concern, data may be rolled back if the primary steps down before the write
operations have replicated to any of the secondaries.
To prevent rollbacks of data that have been acknowledged to the client, use w: majority write concern (page 180) to
guarantee that the write operations propagate to a majority of the replica set nodes before returning with acknowledgement to the issuing client.
Note:
• Regardless of write concern (page 179), other clients using "local" (page 182) (i.e. the default) readConcern
can see the result of a write operation before the write operation is acknowledged to the issuing client.
• Clients using "local" (page 182) (i.e. the default) readConcern can read data which may be subsequently
rolled back (page 647).

Rollback Limitations

A mongod instance will not rollback more than 300 megabytes of data. If your system must rollback more than 300
megabytes, you must manually intervene to recover the data. If this is the case, the following line will appear in your
mongod log:
[replica set sync] replSet syncThread: 13410 replSet too much data to roll back

In this situation, save the data directly or force the member to perform an initial sync. To force initial sync, sync from
a “current” member of the set by deleting the content of the dbPath directory for the member that requires a larger
rollback.
See also:
Replica Set High Availability (page 644) and Replica Set Elections (page 644).

12.2.4 Replica Set Read and Write Semantics
From the perspective of a client application, whether a MongoDB instance is running as a single server (i.e. “standalone”) or a replica set is transparent. However, MongoDB provides additional read and write configurations for
replica sets.
Note: Sharded clusters where the shards are also replica sets provide the same operational semantics with regards to
648

Chapter 12. Replication

MongoDB Documentation, Release 3.2.5

write and read operations.
Write Concern for Replica Sets (page 649) Write concern describes the level of acknowledgement requested from
MongoDB for write operations.
Read Preference (page 651) Read preference specifies where (i.e. which members of the replica set) the drivers
should direct the read operations.
Read Preference Processes (page 654) Describes the mechanics of read preference.
Write Concern for Replica Sets

On this page
• Verify Write Operations to Replica Sets (page 649)
• Modify Default Write Concern (page 649)
• Custom Write Concerns (page 651)
From the perspective of a client application, whether a MongoDB instance is running as a single server (i.e. “standalone”) or a replica set is transparent. However, replica sets offer some configuration options for write. 11
Verify Write Operations to Replica Sets

For a replica set, the default write concern (page 179) requests acknowledgement only from the primary. You can,
however, override this default write concern, such as to confirm write operations on a specified number of the replica
set members.
To override the default write concern, specify a write concern with each write operation. For example, the following
method includes a write concern that specifies that the method return only after the write propagates to the primary
and at least one secondary or the method times out after 5 seconds.
db.products.insert(
{ item: "envelopes", qty : 100, type: "Clasp" },
{ writeConcern: { w: 2, wtimeout: 5000 } }
)

You can include a timeout threshold for a write concern. This prevents write operations from blocking indefinitely
if the write concern is unachievable. For example, if the write concern requires acknowledgement from 4 members
of the replica set and the replica set has only available 3 members, the operation blocks until those members become
available. See wtimeout (page 181).
See also:
Write Method Acknowledgements (page 1002)
Modify Default Write Concern

You can modify the default write concern for a replica set by setting the settings.getLastErrorDefaults
(page 722) setting in the replica set configuration (page 717). The following sequence of commands creates a configuration that waits for the write operation to complete on a majority of the voting members before returning:
11

Sharded clusters where the shards are also replica sets provide the same configuration options with regards to write and read operations.

12.2. Replication Concepts

649

MongoDB Documentation, Release 3.2.5

650

Chapter 12. Replication

MongoDB Documentation, Release 3.2.5

cfg = rs.conf()
cfg.settings = {}
cfg.settings.getLastErrorDefaults = { w: "majority", wtimeout: 5000 }
rs.reconfig(cfg)

If you issue a write operation with a specific write concern, the write operation uses its own write concern instead of
the default.
See also:
Write Concern (page 179)
Custom Write Concerns

You can tag (page 700) the members of replica sets and use the resulting tag sets to create custom write concerns. See
Configure Replica Set Tag Sets (page 700) for information on configuring custom write concerns using tag sets.
Read Preference

On this page
• Use Cases (page 652)
• Read Preference Modes (page 653)
• Tag Sets (page 653)
Read preference describes how MongoDB clients route read operations to the members of a replica set.

By default, an application directs its read operations to the primary member in a replica set.
12.2. Replication Concepts

651

MongoDB Documentation, Release 3.2.5

In MongoDB, in a replica set with one primary member 12 ,
• With "local" (page 182) readConcern, reads from the primary reflect the latest writes in absence of a
failover;
• With "majority" (page 182) readConcern, read operations from the primary or the secondaries have
eventual consistency.
Important: Exercise care when specifying read preferences: Modes other than primary (page 728) may return
stale data because with asynchronous replication (page 625), data in the secondary may not reflect the most recent
write operations. 1
Note: The read preference does not affect the visibility of data; i.e, clients can see the results of writes before they
are acknowledged or have propagated to a majority of replica set members:
• Regardless of write concern (page 179), other clients using "local" (page 182) (i.e. the default) readConcern
can see the result of a write operation before the write operation is acknowledged to the issuing client.
• Clients using "local" (page 182) (i.e. the default) readConcern can read data which may be subsequently
rolled back (page 647).

Use Cases

Indications The following are common use cases for using non-primary (page 728) read preference modes:
• Running systems operations that do not affect the front-end application.
Note: Read preferences aren’t relevant to direct connections to a single mongod instance. However, in order
to perform read operations on a direct connection to a secondary member of a replica set, you must set a read
preference, such as secondary.
• Providing local reads for geographically distributed applications.
If you have application servers in multiple data centers, you may consider having a geographically distributed
replica set (page 642) and using a non primary read preference or the nearest (page 729). This allows the
client to read from the lowest-latency members, rather than always reading from the primary.
• Maintaining availability during a failover.
Use primaryPreferred (page 728) if you want an application to read from the primary under normal
circumstances, but to allow stale reads from secondaries when the primary is unavailable. This provides a
“read-only mode” for your application during a failover.
Counter-Indications In general, do not use secondary (page 728) and secondaryPreferred (page 729) to
provide extra capacity for reads, because:
• All members of a replica have roughly equivalent write traffic; as a result, secondaries will service reads at
roughly the same rate as the primary.
12 In some circumstances (page 729), two nodes in a replica set may transiently believe that they are the primary, but at most, one of them
will be able to complete writes with { w: "majority" } (page 180) write concern. The node that can complete { w: "majority" }
(page 180) writes is the current primary, and the other node is a former primary that has not yet recognized its demotion, typically due to a network
partition. When this occurs, clients that connect to the former primary may observe stale data despite having requested read preference primary
(page 728), and new writes to the former primary will eventually roll back.

652

Chapter 12. Replication

MongoDB Documentation, Release 3.2.5

• Replication is asynchronous and there is some amount of delay between a successful write operation and its
replication to secondaries. Reading from a secondary can return out-of-date data; reading from different secondaries may result in non-monotonic reads.
• Distributing read operations to secondaries can compromise availability if any members of the set become
unavailable because the remaining members of the set will need to be able to handle all application requests.
• For queries of sharded collections, for clusters with the balancer (page 758) active, secondaries may return stale
results with missing or duplicated data because of incomplete or terminated chunk migrations.
Sharding (page 733) increases read and write capacity by distributing read and write operations across a group of
machines, and is often a better strategy for adding capacity.
See Read Preference Processes (page 654) for more information about the internal application of read preferences.
Read Preference Modes

Important: All read preference modes except primary (page 728) may return stale data because secondaries
replicate operations from the primary with some delay. 1 Ensure that your application can tolerate stale data if you
choose to use a non-primary (page 728) mode.
MongoDB drivers support five read preference modes.
Read Preference
Description
Mode
primary (page 728)
Default mode. All operations read from the current replica set primary.
primaryPreferred In most situations, operations read from the primary but if it is unavailable, operations
(page 728)
read from secondary members.
secondary
All operations read from the secondary members of the replica set.
(page 728)
secondaryPreferred In most situations, operations read from secondary members but if no secondary
(page 729)
members are available, operations read from the primary.
nearest (page 729)
Operations read from member of the replica set with the least network latency,
irrespective of the member’s type.
The syntax for specifying the read preference mode is specific to the driver and to the idioms of the host language13 .
Read preference modes are also available to clients connecting to a sharded cluster through a mongos. The mongos
instance obeys specified read preferences when connecting to the replica set that provides each shard in the cluster.
In the mongo shell, the readPref() cursor method provides access to read preferences.
For more information, see read preference background (page 651) and read preference behavior (page 654). See also
the documentation for your driver14 .
Tag Sets

Tag sets allow you to target read operations to specific members of a replica set.
Custom read preferences and write concerns evaluate tag sets in different ways. Read preferences consider the value
of a tag when selecting a member to read from. Write concerns ignore the value of a tag to when selecting a member,
except to consider whether or not the value is unique.
You can specify tag sets with the following read preference modes:
13 https://api.mongodb.org/
14 https://api.mongodb.org/

12.2. Replication Concepts

653

MongoDB Documentation, Release 3.2.5

• primaryPreferred (page 728)
• secondary (page 728)
• secondaryPreferred (page 729)
• nearest (page 729)
Tags are not compatible with mode primary (page 728) and, in general, only apply when selecting (page 654) a
secondary member of a set for a read operation. However, the nearest (page 729) read mode, when combined with
a tag set, selects the matching member with the lowest network latency. This member may be a primary or secondary.
All interfaces use the same member selection logic (page 654) to choose the member to which to direct read operations,
basing the choice on read preference mode and tag sets.
For information on configuring tag sets, see the Configure Replica Set Tag Sets (page 700) tutorial.
For more information on how read preference modes (page 728) interact with tag sets, see the documentation for each
read preference mode (page 727).
Read Preference Processes

On this page
•
•
•
•

Member Selection (page 654)
Request Association (page 655)
Auto-Retry (page 655)
Read Preference in Sharded Clusters (page 656)

MongoDB drivers use the following procedures to direct operations to replica sets and sharded clusters. To determine
how to route their operations, applications periodically update their view of the replica set’s state, identifying which
members are up or down, which member is primary, and verifying the latency to each mongod instance.
Member Selection

Clients, by way of their drivers, and mongos instances for sharded clusters, periodically update their view of the
replica set’s state.
When you select non-primary (page 728) read preference, the driver will determine which member to target using
the following process:
1. Assembles a list of suitable members, taking into account member type (i.e. secondary, primary, or all members).
2. Excludes members not matching the tag sets, if specified.
3. Determines which suitable member is the closest to the client in absolute terms.
4. Builds a list of members that are within a defined ping distance (in milliseconds) of the “absolute nearest”
member.
Applications can configure the threshold used in this stage. The default “acceptable latency” is 15 milliseconds,
which you can override in the drivers with their own secondaryAcceptableLatencyMS option. For
mongos you can use the --localThreshold or localPingThresholdMs runtime options to set this
value.
5. Selects a member from these hosts at random. The member receives the read operation.

654

Chapter 12. Replication

MongoDB Documentation, Release 3.2.5

Drivers can then associate the thread or connection with the selected member. This request association (page 655) is
configurable by the application. See your driver documentation about request association configuration and default
behavior.
Request Association

Important: Request association is configurable by the application. See your driver documentation about request
association configuration and default behavior.
Because secondary members of a replica set may lag behind the current primary by different amounts, reads for
secondary members may reflect data at different points in time. To prevent sequential reads from jumping around in
time, the driver can associate application threads to a specific member of the set after the first read, thereby preventing
reads from other members. The thread will continue to read from the same member until:
• The application performs a read with a different read preference,
• The thread terminates, or
• The client receives a socket exception, as is the case when there’s a network error or when the mongod closes
connections during a failover. This triggers a retry (page 655), which may be transparent to the application.
When using request association, if the client detects that the set has elected a new primary, the driver will discard all
associations between threads and members.
Auto-Retry

Connections between MongoDB drivers and mongod instances in a replica set must balance two concerns:
1. The client should attempt to prefer current results, and any connection should read from the same member of
the replica set as much as possible. Requests should prefer request association (page 655) (e.g. pinning).
2. The client should minimize the amount of time that the database is inaccessible as the result of a connection
issue, networking problem, or failover in a replica set.
As a result, MongoDB drivers:
• Reuse a connection to a specific mongod for as long as possible after establishing a connection to that instance.
This connection is pinned to this mongod.
• Attempt to reconnect to a new member, obeying existing read preference modes (page 728), if the connection to
mongod is lost.
Reconnections are transparent to the application itself. If the connection permits reads from secondary members, after reconnecting, the application can receive two sequential reads returning from different secondaries.
Depending on the state of the individual secondary member’s replication, the documents can reflect the state of
your database at different moments.
• Return an error only after attempting to connect to three members of the set that match the read preference mode
(page 728) and tag set (page 653). If there are fewer than three members of the set, the client will error after
connecting to all existing members of the set.
After this error, the driver selects a new member using the specified read preference mode. In the absence of a
specified read preference, the driver uses primary (page 728).
• After detecting a failover situation,
possible.

the driver attempts to refresh the state of the replica set as quickly as

15 When a failover occurs, all members of the set close all client connections that produce a socket error in the driver. This behavior prevents or
minimizes rollback.

12.2. Replication Concepts

655

MongoDB Documentation, Release 3.2.5

Changed in version 3.0.0: mongos instances take a slightly different approach. mongos instances return connections
to secondaries to the connection pool after every request. As a result, the mongos reevaluates read preference for
every operation.
Read Preference in Sharded Clusters

In most sharded clusters, each shard consists of a replica set. As such, read preferences are also applicable. With
regard to read preference, read operations in a sharded cluster are identical to unsharded replica sets.
Unlike simple replica sets, in sharded clusters, all interactions with the shards pass from the clients to the mongos
instances that are actually connected to the set members. mongos is then responsible for the application of read
preferences, which is transparent to applications.
There are no configuration changes required for full support of read preference modes in sharded environments, as long
as the mongos is at least version 2.2. All mongos maintain their own connection pool to the replica set members.
As a result:
• A request without a specified preference has primary (page 728), the default, unless, the mongos reuses an
existing connection that has a different mode set.
To prevent confusion, always explicitly set your read preference mode.
• All nearest (page 729) and latency calculations reflect the connection between the mongos and the mongod
instances, not the client and the mongod instances.
This produces the desired result, because all results must pass through the mongos before returning to the
client.

12.2.5 Replication Processes
Members of a replica set replicate data continuously. First, a member uses initial sync to capture the data set. Then the
member continuously records and applies every operation that modifies the data set. Every member records operations
in its oplog (page 656), which is a capped collection.
Replica Set Oplog (page 656) The oplog records all operations that modify the data in the replica set.
Replica Set Data Synchronization (page 658) Secondaries must replicate all changes accepted by the primary. This
process is the basis of replica set operations.
Replica Set Oplog

On this page
• Oplog Size (page 657)
• Workloads that Might Require a Larger Oplog Size (page 657)
• Oplog Status (page 658)
The oplog (operations log) is a special capped collection that keeps a rolling record of all operations that modify the
data stored in your databases. MongoDB applies database operations on the primary and then records the operations
on the primary’s oplog. The secondary members then copy and apply these operations in an asynchronous process.
All replica set members contain a copy of the oplog, in the local.oplog.rs (page 724) collection, which allows
them to maintain the current state of the database.
To facilitate replication, all replica set members send heartbeats (pings) to all other members. Any member can import
oplog entries from any other member.
656

Chapter 12. Replication

MongoDB Documentation, Release 3.2.5

Whether applied once or multiple times to the target dataset, each operation in the oplog produces the same results, i.e.
each operation in the oplog is idempotent. For proper replication operations, entries in the oplog must be idempotent:
• initial sync
• post-rollback catch-up
• sharding chunk migrations
Oplog Size

When you start a replica set member for the first time, MongoDB creates an oplog of a default size. The size depends
on the architectural details of your operating system.
In most cases, the default oplog size is sufficient. For example, if an oplog is 5% of free disk space and fills up in 24
hours of operations, then secondaries can stop copying entries from the oplog for up to 24 hours without becoming
too stale to continue replicating. However, most replica sets have much lower operation volumes, and their oplogs can
hold much higher numbers of operations.
Before mongod creates an oplog, you can specify its size with the oplogSizeMB option. However, after you have
started a replica set member for the first time, you can only change the size of the oplog using the Change the Size of
the Oplog (page 693) procedure.
By default, the size of the oplog is as follows:
• For 64-bit Linux, Solaris, FreeBSD, and Windows systems, MongoDB allocates 5% of the available free disk
space, but will always allocate at least 1 gigabyte and never more than 50 gigabytes.
• For 64-bit OS X systems, MongoDB allocates 183 megabytes of space to the oplog.
• For 32-bit systems, MongoDB allocates about 48 megabytes of space to the oplog.
Workloads that Might Require a Larger Oplog Size

If you can predict your replica set’s workload to resemble one of the following patterns, then you might want to create
an oplog that is larger than the default. Conversely, if your application predominantly performs reads with a minimal
amount of write operations, a smaller oplog may be sufficient.
The following workloads might require a larger oplog size.
Updates to Multiple Documents at Once The oplog must translate multi-updates into individual operations in order
to maintain idempotency. This can use a great deal of oplog space without a corresponding increase in data size or
disk use.
Deletions Equal the Same Amount of Data as Inserts If you delete roughly the same amount of data as you insert,
the database will not grow significantly in disk use, but the size of the operation log can be quite large.
Significant Number of In-Place Updates If a significant portion of the workload is updates that do not increase the
size of the documents, the database records a large number of operations but does not change the quantity of data on
disk.

12.2. Replication Concepts

657

MongoDB Documentation, Release 3.2.5

Oplog Status

To view oplog status, including the size and the time range of operations, issue the
rs.printReplicationInfo() method. For more information on oplog status, see Check the Size of the
Oplog (page 714).
Under various exceptional situations, updates to a secondary’s oplog might lag behind the desired performance time.
Use db.getReplicationInfo() from a secondary member and the replication status output to assess
the current state of replication and determine if there is any unintended replication delay.
See Replication Lag (page 712) for more information.
Replica Set Data Synchronization

On this page
• Initial Sync (page 658)
• Replication (page 658)
In order to maintain up-to-date copies of the shared data set, secondary members of a replica set sync or replicate
data from other members. MongoDB uses two forms of data synchronization: initial sync (page 658) to populate new
members with the full data set, and replication to apply ongoing changes to the entire data set.
Initial Sync

Initial sync copies all the data from one member of the replica set to another member. A member uses initial sync
when the member has no data, such as when the member is new, or when the member has data but is missing a history
of the set’s replication.
When you perform an initial sync, MongoDB:
1. Clones all databases. To clone, the mongod queries every collection in each source database and inserts all data
into its own copies of these collections. At this time, _id indexes are also built. The clone process only copies
valid data, omitting invalid documents.
2. Applies all changes to the data set. Using the oplog from the source, the mongod updates its data set to reflect
the current state of the replica set.
3. Builds all indexes on all collections (except _id indexes, which were already completed).
When the mongod finishes building all index builds, the member can transition to a normal state, i.e. secondary.
Changed in version 3.0: When the clone process omits an invalid document from the sync, MongoDB writes a message
to the logs that begins with Cloner: found corrupt document in .
To perform an initial sync, see Resync a Member of a Replica Set (page 699).
Replication

Secondary members replicate data continuously after the initial sync. Secondary members copy the oplog (page 656)
from their sync from source and apply these operations in an asynchronous process.
In most cases, secondaries sync from the primary. Secondaries may automatically change their sync from source if
needed based on changes in the ping time and state of other members’ replication.

658

Chapter 12. Replication

MongoDB Documentation, Release 3.2.5

Changed in version 3.2: MongoDB 3.2 replica set members with 1 vote (page 721) cannot sync from members with
0 votes (page 721).
Secondaries avoid syncing from delayed members (page 634) and hidden members (page 633).
If a secondary member has members[n].buildIndexes (page 719) set to true, it can only sync from other
members where buildIndexes (page 719) is true. Members where buildIndexes (page 719) is false can
sync from any other member, barring other sync restrictions. buildIndexes (page 719) is true by default.
Multithreaded Replication MongoDB applies write operations in batches using multiple threads to improve concurrency. MongoDB groups batches by namespace (MMAPv1 (page 603)) or by document id (WiredTiger (page 595))
and simultaneously applies each group of operations using a different thread. MongoDB always applies write operations to a given document in their original write order.
While applying a batch, MongoDB blocks all read operations. As a result, secondary read queries can never return
data that reflect a state that never existed on the primary.
Pre-Fetching Indexes to Improve Replication Throughput
Note: Applies to MMAPv1 only.
With the MMAPv1 (page 603) storage engine, MongoDB fetches memory pages that hold affected data and indexes to
help improve the performance of applying oplog entries. This pre-fetch stage minimizes the amount of time MongoDB
holds write locks while applying oplog entries. By default, secondaries will pre-fetch all Indexes (page 515).
Optionally, you can disable all pre-fetching or only pre-fetch the index on the _id field.
secondaryIndexPrefetch setting for more information.

See the

12.2.6 Master Slave Replication
On this page
•
•
•
•

Fundamental Operations (page 660)
Run time Master-Slave Configuration (page 661)
Security (page 661)
Ongoing Administration and Operation of Master-Slave Deployments (page 662)

Important: Replica sets (page 627) replace master-slave replication for most use cases. If possible, use replica
sets rather than master-slave replication for all new production deployments. This documentation remains to support
legacy deployments and for archival purposes only.
In addition to providing all the functionality of master-slave deployments, replica sets are also more robust for production use. Master-slave replication preceded replica sets and made it possible to have a large number of non-master
(i.e. slave) nodes, as well as to restrict replicated operations to only a single database; however, master-slave replication provides less redundancy and does not automate failover. See Deploy Master-Slave Equivalent using Replica
Sets (page 662) for a replica set configuration that is equivalent to master-slave replication. If you wish to convert an
existing master-slave deployment to a replica set, see Convert a Master-Slave Deployment to a Replica Set (page 662).

12.2. Replication Concepts

659

MongoDB Documentation, Release 3.2.5

Fundamental Operations
Initial Deployment

To configure a master-slave deployment, start two mongod instances: one in master mode, and the other in slave
mode.
To start a mongod instance in master mode, invoke mongod as follows:
mongod --master --dbpath /data/masterdb/

With the --master option, the mongod will create a local.oplog.$main (page 725) collection, which the “operation log” that queues operations that the slaves will apply to replicate operations from the master. The --dbpath
is optional.
To start a mongod instance in slave mode, invoke mongod as follows:
mongod --slave --source <:> --dbpath /data/slavedb/

Specify the hostname and port of the master instance to the --source argument. The --dbpath is optional.
For slave instances, MongoDB stores data about the source server in the local.sources (page 725) collection.
Configuration Options for Master-Slave Deployments

As an alternative to specifying the --source run-time option, can add a document to local.sources (page 725)
specifying the master instance, as in the following operation in the mongo shell:
use local
db.sources.find()
db.sources.insert( { host: <,only: > } );

In line 1, you switch context to the local database. In line 2, the find() operation should return no documents, to
ensure that there are no documents in the sources collection. Finally, line 3 uses db.collection.insert()
to insert the source document into the local.sources (page 725) collection. The model of the local.sources
(page 725) document is as follows:
host
The host field specifies the master mongod instance, and holds a resolvable hostname, i.e. IP address, or a name
from a host file, or preferably a fully qualified domain name.
You can append <:port> to the host name if the mongod is not running on the default 27017 port.
only
Optional. Specify a name of a database. When specified, MongoDB will only replicate the indicated database.
Operational Considerations for Replication with Master Slave Deployments

Master instances store operations in an oplog which is a capped collection (page 6). As a result, if a slave falls too far
behind the state of the master, it cannot “catchup” and must re-sync from scratch. Slave may become out of sync with
a master if:
• The slave falls far behind the data updates available from that master.
• The slave stops (i.e. shuts down) and restarts later after the master has overwritten the relevant operations from
the master.

660

Chapter 12. Replication

MongoDB Documentation, Release 3.2.5

When slaves are out of sync, replication stops. Administrators must intervene manually to restart replication. Use the
resync command. Alternatively, the --autoresync allows a slave to restart replication automatically, after ten
second pause, when the slave falls out of sync with the master. With --autoresync specified, the slave will only
attempt to re-sync once in a ten minute period.
To prevent these situations you should specify a larger oplog when you start the master instance, by adding the
--oplogSize option when starting mongod. If you do not specify --oplogSize, mongod will allocate 5%
of available disk space on start up to the oplog, with a minimum of 1 GB for 64-bit machines and 50 MB for 32-bit
machines.
Run time Master-Slave Configuration
MongoDB provides a number of command line options for mongod instances in master-slave deployments. See the
Master-Slave Replication Command Line Options for options.
Diagnostics

On a master instance, issue the following operation in the mongo shell to return replication status from the perspective
of the master:
rs.printReplicationInfo()

New in version 2.6:
rs.printReplicationInfo().
db.printReplicationInfo().

For

versions,

use

On a slave instance, use the following operation in the mongo shell to return the replication status from the perspective
of the slave:
rs.printSlaveReplicationInfo()

New in version 2.6:
rs.printSlaveReplicationInfo().
db.printSlaveReplicationInfo().

For

versions,

use

Use the serverStatus as in the following operation, to return status of the replication:
db.serverStatus( { repl: 1 } )

See server status repl fields for documentation of the relevant section of output.
Security
When running with authorization enabled, in master-slave deployments configure a keyFile so that slave
mongod instances can authenticate and communicate with the master mongod instance.
To enable authentication and configure the keyFile add the following option to your configuration file:
keyFile = /srv/mongodb/keyfile

Note: You may chose to set these run-time configuration options using the --keyFile option on the command line.
Setting keyFile enables authentication and specifies a key file for the mongod instances to use when authenticating
to each other. The content of the key file is arbitrary but must be the same on all members of the deployment can
connect to each other.

12.2. Replication Concepts

661

MongoDB Documentation, Release 3.2.5

The key file must be less one kilobyte in size and may only contain characters in the base64 set. The key file must not
have group or “world” permissions on UNIX systems. Use the following command to use the OpenSSL package to
generate “random” content for use in a key file:
openssl rand -base64 741

See also:
Security (page 391) for more information about security in MongoDB
Ongoing Administration and Operation of Master-Slave Deployments
Deploy Master-Slave Equivalent using Replica Sets

If you want a replication configuration that resembles master-slave replication, using replica sets replica sets, consider the following replica configuration document. In this deployment hosts and 16 provide
replication that is roughly equivalent to a two-instance master-slave deployment:
{
_id : 'setName',
members : [
{ _id : 0, host : "", priority : 1 },
{ _id : 1, host : "", priority : 0, votes : 0 }
]
}

See Replica Set Configuration (page 717) for more information about replica set configurations.
Convert a Master-Slave Deployment to a Replica Set

To convert a master-slave deployment to a replica set, restart the current master as a one-member replica set. Then
remove the data directories from previous secondaries and add them as new secondaries to the new replica set.
1. To confirm that the current instance is master, run:
db.isMaster()

This should return a document that resembles the following:
{
"ismaster" : true,
"maxBsonObjectSize" : 16777216,
"maxMessageSizeBytes" : 48000000,
"localTime" : ISODate("2013-07-08T20:15:13.664Z"),
"ok" : 1
}

2. Shut down the mongod processes on the master and all slave(s), using the following command while connected
to each instance:
db.adminCommand({shutdown : 1, force : true})

3. Back up your /data/db directories, in case you need to revert to the master-slave deployment.
4. Start the former master with the --replSet option, as in the following:
16

In replica set configurations, the members[n].host (page 719) field must hold a resolvable hostname.

662

Chapter 12. Replication

MongoDB Documentation, Release 3.2.5

mongod --replSet

5. Connect to the mongod with the mongo shell, and initiate the replica set with the following command:
rs.initiate()

When the command returns, you will have successfully deployed a one-member replica set. You can check the
status of your replica set at any time by running the following command:
rs.status()

You can now follow the convert a standalone to a replica set (page 678) tutorial to deploy your replica set, picking up
from the Expand the Replica Set (page 679) section.
Failing over to a Slave (Promotion)

To permanently failover from a unavailable or damaged master (A in the following example) to a slave (B):
1. Shut down A.
2. Stop mongod on B.
3. Back up and move all data files that begin with local on B from the dbPath.
Warning:
caution.

Removing local.* is irrevocable and cannot be undone. Perform this step with extreme

4. Restart mongod on B with the --master option.
Note: This is a one time operation, and is not reversible. A cannot become a slave of B until it completes a full resync.

Inverting Master and Slave

If you have a master (A) and a slave (B) and you would like to reverse their roles, follow this procedure. The procedure
assumes A is healthy, up-to-date and available.
If A is not healthy but the hardware is okay (power outage, server crash, etc.), skip steps 1 and 2 and in step 8 replace
all of A‘s files with B‘s files in step 8.
If A is not healthy and the hardware is not okay, replace A with a new machine. Also follow the instructions in the
previous paragraph.
To invert the master and slave in a deployment:
1. Halt writes on A using the fsync command.
2. Make sure B is up to date with the state of A.
3. Shut down B.
4. Back up and move all data files that begin with local on B from the dbPath to remove the existing
local.sources data.
Warning:
caution.

Removing local.* is irrevocable and cannot be undone. Perform this step with extreme

5. Start B with the --master option.

12.2. Replication Concepts

663

MongoDB Documentation, Release 3.2.5

6. Do a write on B, which primes the oplog to provide a new sync start point.
7. Shut down B. B will now have a new set of data files that start with local.
8. Shut down A and replace all files in the dbPath of A that start with local with a copy of the files in the
dbPath of B that begin with local.
Considering compressing the local files from B while you copy them, as they may be quite large.
9. Start B with the --master option.
10. Start A with all the usual slave options, but include fastsync.
Creating a Slave from an Existing Master’s Disk Image

If you can stop write operations to the master for an indefinite period, you can copy the data files from the master to
the new slave and then start the slave with --fastsync.
Warning: Be careful with --fastsync. If the data on both instances is not identical, a discrepancy will exist
forever.
fastsync is a way to start a slave by starting with an existing master disk image/backup. This option declares that
the administrator guarantees the image is correct and completely up-to-date with that of the master. If you have a full
and complete copy of data from a master you can use this option to avoid a full synchronization upon starting the
slave.
Creating a Slave from an Existing Slave’s Disk Image

You can just copy the other slave’s data file snapshot without any special options. Only take data snapshots when:
• a mongod process is down, or
• when the mongod is locked using db.fsyncLock() for MMAPv1 or WiredTiger storage engine.
Changed in version 3.2: Starting in MongoDB 3.2, db.fsyncLock() can ensure that the data files do not change
for MongoDB instances using either the MMAPv1 or the WiredTiger storage engine, thus providing consistency for
the purposes of creating backups.
In previous MongoDB version, db.fsyncLock() cannot guarantee a consistent set of files for low-level backups
(e.g. via file copy cp, scp, tar) for WiredTiger.
Resyncing a Slave that is too Stale to Recover

Slaves asynchronously apply write operations from the master that the slaves poll from the master’s oplog. The oplog
is finite in length, and if a slave is too far behind, a full resync will be necessary. To resync the slave, connect to a
slave using the mongo and issue the resync command:
use admin
db.runCommand( { resync: 1 } )

This forces a full resync of all data (which will be very slow on a large database). You can achieve the same effect by
stopping mongod on the slave, deleting the entire content of the dbPath on the slave, and restarting the mongod.

664

Chapter 12. Replication

MongoDB Documentation, Release 3.2.5

Slave Chaining

Slaves cannot be “chained.” They must all connect to the master directly.
If a slave attempts “slave from” another slave you will see the following line in the mongod long of the shell:
assertion 13051 tailable cursor requested on non capped collection ns:local.oplog.$main

Correcting a Slave’s Source

To change a slave’s source, manually modify the slave’s local.sources (page 725) collection.
Example
Consider the following: If you accidentally set an incorrect hostname for the slave’s source, as in the following
example:
mongod --slave --source prod.mississippi

You can correct this, by restarting the slave without the --slave and --source arguments:
mongod

Connect to this mongod instance using the mongo shell and update the local.sources (page 725) collection,
with the following operation sequence:
use local
db.sources.update( { host : "prod.mississippi" },
{ $set : { host : "prod.mississippi.example.net" } } )

Restart the slave with the correct command line arguments or with no --source option. After configuring
local.sources (page 725) the first time, the --source will have no subsequent effect. Therefore, both of
the following invocations are correct:
mongod --slave --source prod.mississippi.example.net

or
mongod --slave

The slave now polls data from the correct master.

12.3 Replica Set Tutorials
The administration of replica sets includes the initial deployment of the set, adding and removing members to a set,
and configuring the operational parameters and properties of the set. Administrators generally need not intervene in
failover or replication processes as MongoDB automates these functions. In the exceptional situations that require
manual interventions, the tutorials in these sections describe processes such as resyncing a member. The tutorials in
this section form the basis for all replica set administration.
Replica Set Deployment Tutorials (page 666) Instructions for deploying replica sets, as well as adding and removing
members from an existing replica set.
Deploy a Replica Set (page 667) Configure a three-member replica set for production systems.

12.3. Replica Set Tutorials

665

MongoDB Documentation, Release 3.2.5

Convert a Standalone to a Replica Set (page 678) Convert an existing standalone mongod instance into a
three-member replica set.
Add Members to a Replica Set (page 679) Add a new member to an existing replica set.
Remove Members from Replica Set (page 682) Remove a member from a replica set.
Continue reading from Replica Set Deployment Tutorials (page 666) for additional tutorials of related to setting
up replica set deployments.
Member Configuration Tutorials (page 684) Tutorials that describe the process for configuring replica set members.
Adjust Priority for Replica Set Member (page 685) Change the precedence given to a replica set members in
an election for primary.
Prevent Secondary from Becoming Primary (page 686) Make a secondary member ineligible for election as
primary.
Configure a Hidden Replica Set Member (page 687) Configure a secondary member to be invisible to applications in order to support significantly different usage, such as a dedicated backups.
Continue reading from Member Configuration Tutorials (page 684) for more tutorials that describe replica set
configuration.
Replica Set Maintenance Tutorials (page 693) Procedures and tasks for common operations on active replica set
deployments.
Change the Size of the Oplog (page 693) Increase the size of the oplog which logs operations. In most cases,
the default oplog size is sufficient.
Resync a Member of a Replica Set (page 699) Sync the data on a member. Either perform initial sync on a
new member or resync the data on an existing member that has fallen too far behind to catch up by way of
normal replication.
Force a Member to Become Primary (page 697) Force a replica set member to become primary.
Change Hostnames in a Replica Set (page 706) Update the replica set configuration to reflect changes in
members’ hostnames.
Continue reading from Replica Set Maintenance Tutorials (page 693) for descriptions of additional replica set
maintenance procedures.
Troubleshoot Replica Sets (page 711) Describes common issues and operational challenges for replica sets. For additional diagnostic information, see FAQ: MongoDB Diagnostics (page 856).

12.3.1 Replica Set Deployment Tutorials
The following tutorials provide information in deploying replica sets.
Deploy a Replica Set (page 667) Configure a three-member replica set for production systems.
Deploy a Replica Set for Testing and Development (page 669) Configure a three-member replica set for either development or testing systems.
Deploy a Geographically Redundant Replica Set (page 672) Create a geographically redundant replica set to protect
against location-centered availability limitations (e.g. network and power interruptions).
Add an Arbiter to Replica Set (page 677) Add an arbiter give a replica set an odd number of voting members to
prevent election ties.
Convert a Standalone to a Replica Set (page 678) Convert an existing standalone mongod instance into a threemember replica set.
Add Members to a Replica Set (page 679) Add a new member to an existing replica set.
666

Chapter 12. Replication

MongoDB Documentation, Release 3.2.5

Remove Members from Replica Set (page 682) Remove a member from a replica set.
Replace a Replica Set Member (page 684) Update the replica set configuration when the hostname of a member’s
corresponding mongod instance has changed.
Deploy a Replica Set

On this page
•
•
•
•

Overview (page 667)
Requirements (page 667)
Considerations When Deploying a Replica Set (page 667)
Procedure (page 668)

This tutorial describes how to create a three-member replica set from three existing mongod instances running with
access control (page 433) disabled.
To deploy a replica set with enabled access control (page 433), see Deploy New Replica Set with Access Control
(page 427). If you wish to deploy a replica set from a single MongoDB instance, see Convert a Standalone to a
Replica Set (page 678). For more information on replica set deployments, see the Replication (page 623) and Replica
Set Deployment Architectures (page 636) documentation.
Overview

Three member replica sets provide enough redundancy to survive most network partitions and other system failures.
These sets also have sufficient capacity for many distributed read operations. Replica sets should always have an odd
number of members. This ensures that elections (page 644) will proceed smoothly. For more about designing replica
sets, see the Replication overview (page 623).
The basic procedure is to start the mongod instances that will become members of the replica set, configure the replica
set itself, and then add the mongod instances to it.
Requirements

For production deployments, you should maintain as much separation between members as possible by hosting the
mongod instances on separate machines. When using virtual machines for production deployments, you should place
each mongod instance on a separate host server serviced by redundant power circuits and redundant network paths.
Before you can deploy a replica set, you must install MongoDB on each system that will be part of your replica set. If
you have not already installed MongoDB, see the installation tutorials (page 21).
Before creating your replica set, you should verify that your network configuration allows communication among all
members; i.e. each member must be able to connect to every other member. For instructions on how to check your
connection, see Test Connections Between all Members (page 713).
Considerations When Deploying a Replica Set

12.3. Replica Set Tutorials

667

MongoDB Documentation, Release 3.2.5

Connectivity Ensure that network traffic can pass between all members of the set and all clients in the network
securely and efficiently. Consider the following:
• Establish a virtual private network. Ensure that your network topology routes all traffic between members within
a single site over the local area network.
• Configure access control to prevent connections from unknown clients to the replica set.
• Configure networking and firewall rules so that incoming and outgoing packets are permitted only on the default
MongoDB port and only from within your deployment.
Finally ensure that each member of a replica set is accessible by way of resolvable DNS or hostnames. You should
either configure your DNS names appropriately or set up your systems’ /etc/hosts file to reflect this configuration.
Configuration Specify the run time configuration on each system in a configuration file stored in
/etc/mongod.conf or a related location. Create the directory where MongoDB stores data files before deploying
MongoDB.
For more information about the run time options used above and other configuration options, see
https://docs.mongodb.org/manual/reference/configuration-options.
Procedure

The following procedure outlines the steps to deploy a replica set when access control is disabled.
Step 1: Start each member of the replica set with the appropriate options. For each member, start a mongod and
specify the replica set name through the replSet option. Specify any other parameters specific to your deployment.
For replication-specific parameters, see cli-mongod-replica-set.
If your application connects to more than one replica set, each set should have a distinct name. Some drivers group
replica set connections by replica set name.
The following example specifies the replica set name through the --replSet command-line option:
mongod --replSet "rs0"

You can also specify the replica set name in the configuration file. To start mongod with a configuration file, specify the file with the --config option:
mongod --config $HOME/.mongodb/config

In production deployments, you can configure a init script to manage this process. Init scripts are beyond the scope of
this document.
Step 2: Connect a mongo shell to a replica set member.
localhost on the default port of 27017, simply issue:

For example, to connect to a mongod running on

mongo

Step 3: Initiate the replica set. Use rs.initiate() on one and only one member of the replica set:
rs.initiate()

MongoDB initiates a set that consists of the current member and that uses the default replica set configuration.

668

Chapter 12. Replication

MongoDB Documentation, Release 3.2.5

Step 4: Verify the initial replica set configuration. Use rs.conf() to display the replica set configuration object
(page 717):
rs.conf()

The replica set configuration object resembles the following:
{
"_id" : "rs0",
"version" : 1,
"members" : [
{
"_id" : 1,
"host" : "mongodb0.example.net:27017"
}
]
}

Step 5: Add the remaining members to the replica set. Add the remaining members with the rs.add() method.
You must be connected to the primary to add members to a replica set.
rs.add() can, in some cases, trigger an election. If the mongod you are connected to becomes a secondary, you
need to connect the mongo shell to the new primary to continue adding new replica set members. Use rs.status()
to identify the primary in the replica set.
The following example adds two members:
rs.add("mongodb1.example.net")
rs.add("mongodb2.example.net")

When complete, you have a fully functional replica set. The new replica set will elect a primary.
Step 6: Check the status of the replica set. Use the rs.status() operation:
rs.status()

See also:
Deploy New Replica Set with Access Control (page 427)
Deploy a Replica Set for Testing and Development

On this page
•
•
•
•

Overview (page 670)
Requirements (page 670)
Considerations (page 670)
Procedure (page 670)

This procedure describes deploying a replica set in a development or test environment. For a production deployment,
refer to the Deploy a Replica Set (page 667) tutorial.
This tutorial describes how to create a three-member replica set from three existing mongod instances running with
access control (page 433) disabled.

12.3. Replica Set Tutorials

669

MongoDB Documentation, Release 3.2.5

To deploy a replica set with enabled access control (page 433), see Deploy New Replica Set with Access Control
(page 427). If you wish to deploy a replica set from a single MongoDB instance, see Convert a Standalone to a
Replica Set (page 678). For more information on replica set deployments, see the Replication (page 623) and Replica
Set Deployment Architectures (page 636) documentation.
Overview

For test and development systems, you can run your mongod instances on a local system, or within a virtual instance.
Before you can deploy a replica set, you must install MongoDB on each system that will be part of your replica set. If
you have not already installed MongoDB, see the installation tutorials (page 21).
Before creating your replica set, you should verify that your network configuration allows all possible connections
between each member. For a successful replica set deployment, every member must be able to connect to every other
member. For instructions on how to check your connection, see Test Connections Between all Members (page 713).
Considerations

Replica Set Naming
Important: These instructions should only be used for test or development deployments.
The examples in this procedure create a new replica set named rs0.
If your application connects to more than one replica set, each set should have a distinct name. Some drivers group
replica set connections by replica set name.
You will begin by starting three mongod instances as members of a replica set named rs0.
Procedure

1. Create the necessary data directories for each member by issuing a command similar to the following:
mkdir -p /srv/mongodb/rs0-0 /srv/mongodb/rs0-1 /srv/mongodb/rs0-2

This will create directories called “rs0-0”, “rs0-1”, and “rs0-2”, which will contain the instances’ database files.
2. Start your mongod instances in their own shell windows by issuing the following commands:
First member:
mongod --port 27017 --dbpath /srv/mongodb/rs0-0 --replSet rs0 --smallfiles --oplogSize 128

Second member:
mongod --port 27018 --dbpath /srv/mongodb/rs0-1 --replSet rs0 --smallfiles --oplogSize 128

670

Chapter 12. Replication

MongoDB Documentation, Release 3.2.5

Third member:
mongod --port 27019 --dbpath /srv/mongodb/rs0-2 --replSet rs0 --smallfiles --oplogSize 128

This starts each instance as a member of a replica set named rs0, each running on a distinct port, and specifies
the path to your data directory with the --dbpath setting. If you are already using the suggested ports, select
different ports.
The --smallfiles and --oplogSize settings reduce the disk space that each mongod
instance uses.
This is ideal for testing and development deployments as it prevents overloading your machine.
For more information on these and other configuration options, see
https://docs.mongodb.org/manual/reference/configuration-options.
3. Connect to one of your mongod instances through the mongo shell. You will need to indicate which instance
by specifying its port number. For the sake of simplicity and clarity, you may want to choose the first one, as in
the following command;
mongo --port 27017

4. In the mongo shell, use rs.initiate() to initiate the replica set. You can create a replica set configuration
object in the mongo shell environment, as in the following example:
rsconf = {
_id: "rs0",
members: [
{
_id: 0,
host: ":27017"
}
]
}

replacing with your system’s hostname, and then pass the rsconf file to rs.initiate() as
follows:
rs.initiate( rsconf )

5. Display the current replica configuration (page 717) by issuing the following command:
rs.conf()

The replica set configuration object resembles the following
{
"_id" : "rs0",
"version" : 4,
"members" : [
{
"_id" : 1,
"host" : "localhost:27017"
}
]
}

6. In the mongo shell connected to the primary, add the second and third mongod instances to the replica set
using the rs.add() method. Replace with your system’s hostname in the following examples:
rs.add(":27018")
rs.add(":27019")

When complete, you should have a fully functional replica set. The new replica set will elect a primary.
12.3. Replica Set Tutorials

671

MongoDB Documentation, Release 3.2.5

Check the status of your replica set at any time with the rs.status() operation.
See also:
The documentation of the following shell functions for more information:
• rs.initiate()
• rs.conf()
• rs.reconfig()
• rs.add()
You may also consider the simple setup script17 as an example of a basic automatically-configured replica set.
Refer to Replica Set Read and Write Semantics (page 648) for a detailed explanation of read and write semantics in
MongoDB.
Deploy a Geographically Redundant Replica Set

On this page
•
•
•
•

Overview (page 672)
Considerations (page 672)
Prerequisites (page 673)
Procedures (page 673)

Overview

This tutorial outlines the process for deploying a replica set with members in multiple locations (page 642). The
tutorial addresses three-member replica sets and five-member replica sets. If you have an even number of replica set
members, add an arbiter to deploy an odd number replica set.
For more information on distributed replica sets, see Replica Sets Distributed Across Two or More Data Centers
(page 642). See also Replica Set Deployment Architectures (page 636) and see Replication (page 623).
Considerations

Architecture In a production, deploy each member of the replica set to its own machine and if possible bind to the
standard MongoDB port of 27017. Use the bind_ip option to ensure that MongoDB listens for connections from
applications on configured addresses.
See Replica Set Deployment Architectures (page 636) for more information.
Connectivity Ensure that network traffic can pass between all members of the set and all clients in the network
securely and efficiently. Consider the following:
• Establish a virtual private network. Ensure that your network topology routes all traffic between members within
a single site over the local area network.
• Configure access control to prevent connections from unknown clients to the replica set.
17 https://github.com/mongodb/mongo-snippets/blob/master/replication/simple-setup.py

672

Chapter 12. Replication

MongoDB Documentation, Release 3.2.5

• Configure networking and firewall rules so that incoming and outgoing packets are permitted only on the default
MongoDB port and only from within your deployment.
Finally ensure that each member of a replica set is accessible by way of resolvable DNS or hostnames. You should
either configure your DNS names appropriately or set up your systems’ /etc/hosts file to reflect this configuration.
Configuration Specify the run time configuration on each system in a configuration file stored in
/etc/mongod.conf or a related location. Create the directory where MongoDB stores data files before deploying
MongoDB.
For more information about the run time options used above and other configuration options, see
https://docs.mongodb.org/manual/reference/configuration-options.
Distribution of the Members If possible, use an odd number of data centers, and choose a distribution of members
that maximizes the likelihood that even with a loss of a data center, the remaining replica set members can form a
majority or at minimum, provide a copy of your data.
Voting Members Never deploy more than seven voting members.
Prerequisites

For all configurations in this tutorial, deploy each replica set member on a separate system. Although you may deploy
more than one replica set member on a single system, doing so reduces the redundancy and capacity of the replica set.
Such deployments are typically for testing purposes.
This tutorial assumes you have installed MongoDB on each system that will be part of your replica set. If you have
not already installed MongoDB, see the installation tutorials (page 21).
Procedures

Deploy a Geographically Redundant Three-Member Replica Set For a geographically redundant three-member
replica set deployment, you must decide how to distribute your system. Some possible distributions for the three
members are:
• Across Three Data Centers: One members to each site.
• Across Two Data Centers: Two members to Site A and one member to Site B. If one of the members of the
replica set is an arbiter, distribute the arbiter to Site A with a data-bearing member.
Step 1: Start each member of the replica set with the appropriate options. For each member, start a mongod and
specify the replica set name through the replSet option. Specify any other parameters specific to your deployment.
For replication-specific parameters, see cli-mongod-replica-set.
If your application connects to more than one replica set, each set should have a distinct name. Some drivers group
replica set connections by replica set name.
The following example specifies the replica set name through the --replSet command-line option:
mongod --replSet "rs0"

You can also specify the replica set name in the configuration file. To start mongod with a configuration file, specify the file with the --config option:

12.3. Replica Set Tutorials

673

MongoDB Documentation, Release 3.2.5

mongod --config $HOME/.mongodb/config

For example, to connect to a mongod running on

mongo

Step 3: Initiate the replica set. Use rs.initiate() on one and only one member of the replica set:
rs.initiate()

MongoDB initiates a set that consists of the current member and that uses the default replica set configuration.
Step 4: Verify the initial replica set configuration. Use rs.conf() to display the replica set configuration object
(page 717):
rs.conf()

The replica set configuration object resembles the following:
{
"_id" : "rs0",
"version" : 1,
"members" : [
{
"_id" : 1,
"host" : "mongodb0.example.net:27017"
}
]
}

When complete, you have a fully functional replica set. The new replica set will elect a primary.
Step 6: Optional. Configure the member eligibility for becoming primary. In some cases, you may prefer that
the members in one data center be elected primary before the members in the other data centers. You can modify the
priority (page 720) of the members such that the members in the one data center has higher priority (page 720)
than the members in the other data centers.

674

Chapter 12. Replication

MongoDB Documentation, Release 3.2.5

Some members of the replica set, such as members that have networking restraint or limited resources, should not
be able to become primary in a failover. Configure members that should not become primary to have priority 0
(page 631).
For example, to lower the relative eligibility of the the member located in one of the sites (in this example,
mongodb2.example.net), set the member’s priority to 0.5.
1. View the replica set configuration to determine the members (page 719) array position for the member. Keep
in mind the array position is not the same as the _id:
rs.conf()

2. Copy the replica set configuration object to a variable (to cfg in the example below). Then, in the variable,
set the correct priority for the member. Then pass the variable to rs.reconfig() to update the replica set
configuration.
For example, to set priority for the third member in the array (i.e., the member at position 2), issue the following
sequence of commands:
cfg = rs.conf()
cfg.members[2].priority = 0.5
rs.reconfig(cfg)

Note: The rs.reconfig() shell method can force the current primary to step down, causing an election.
When the primary steps down, all clients will disconnect. This is the intended behavior. While most elections complete within a minute, always make sure any replica configuration changes occur during scheduled
maintenance periods.
After these commands return, you have a geographically redundant three-member replica set.
Step 7: Check the status of the replica set. Use the rs.status() operation:
rs.status()

Deploy a Geographically Redundant Five-Member Replica Set For a geographically redundant five-member
replica set deployment, you must decide how to distribute your system. Some possible distributions for the five
members are:
• Across Three Data Centers: Two members in Site A, two members in Site B, one member in Site C.
• Across Four Data Centers: Two members in one site, and one member in the other three sites.
• Across Five Data Centers: One members in each site.
• Across Two Data Centers: Three members in Site A and two members in Site B.
The following five-member replica set includes an arbiter.
Step 1: Start each member of the replica set with the appropriate options. For each member, start a mongod and
specify the replica set name through the replSet option. Specify any other parameters specific to your deployment.
For replication-specific parameters, see cli-mongod-replica-set.
If your application connects to more than one replica set, each set should have a distinct name. Some drivers group
replica set connections by replica set name.
The following example specifies the replica set name through the --replSet command-line option:

12.3. Replica Set Tutorials

675

MongoDB Documentation, Release 3.2.5

mongod --replSet "rs0"

You can also specify the replica set name in the configuration file. To start mongod with a configuration file, specify the file with the --config option:
mongod --config $HOME/.mongodb/config

For example, to connect to a mongod running on

mongo

Step 3: Initiate the replica set. Use rs.initiate() on one and only one member of the replica set:
rs.initiate()

The replica set configuration object resembles the following:
{
"_id" : "rs0",
"version" : 1,
"members" : [
{
"_id" : 1,
"host" : "mongodb0.example.net:27017"
}
]
}

Step 5: Add the remaining secondary members to the replica set. Use rs.add() in a mongo shell connected
to the current primary. The commands should resemble the following:
rs.add("mongodb1.example.net")
rs.add("mongodb2.example.net")
rs.add("mongodb3.example.net")

When complete, you should have a fully functional replica set. The new replica set will elect a primary.
Step 6: Add the arbiter. In the same shell session, issue the following command to add the arbiter (e.g.
mongodb4.example.net):
rs.addArb("mongodb4.example.net")

676

Chapter 12. Replication

MongoDB Documentation, Release 3.2.5

Step 7: Optional. Configure the member eligibility for becoming primary. In some cases, you may prefer that
the members in one data center be elected primary before the members in the other data centers. You can modify the
priority (page 720) of the members such that the members in the one data center has higher priority (page 720)
than the members in the other data centers.
Some members of the replica set, such as members that have networking restraint or limited resources, should not
be able to become primary in a failover. Configure members that should not become primary to have priority 0
(page 631).
For example, to lower the relative eligibility of the the member located in one of the sites (in this example,
mongodb2.example.net), set the member’s priority to 0.5.
1. View the replica set configuration to determine the members (page 719) array position for the member. Keep
in mind the array position is not the same as the _id:
rs.conf()

Note: The rs.reconfig() shell method can force the current primary to step down, causing an election.
When the primary steps down, all clients will disconnect. This is the intended behavior. While most elections complete within a minute, always make sure any replica configuration changes occur during scheduled
maintenance periods.
After these commands return, you have a geographically redundant five-member replica set.
Step 8: Check the status of the replica set. Use the rs.status() operation:
rs.status()

Add an Arbiter to Replica Set

On this page
• Considerations (page 678)
• Add an Arbiter (page 678)
Arbiters are mongod instances that are part of a replica set but do not hold data. Arbiters participate in elections
(page 644) in order to break ties. If a replica set has an even number of members, add an arbiter.
Arbiters have minimal resource requirements and do not require dedicated hardware. You can deploy an arbiter on an
application server or a monitoring host.
Important: Do not run an arbiter on the same system as a member of the replica set.

12.3. Replica Set Tutorials

677

MongoDB Documentation, Release 3.2.5

Considerations

An arbiter does not store data, but until the arbiter’s mongod process is added to the replica set, the arbiter will act
like any other mongod process and start up with a set of data files and with a full-sized journal.
To minimize the default creation of data, set the following in the arbiter’s configuration file:
• storage.journal.enabled to false
Warning: Never set storage.journal.enabled to false on a data-bearing node.
• For MMAPv1 storage engine, storage.mmapv1.smallFiles to true
These settings are specific to arbiters. Do not set storage.journal.enabled to false on a data-bearing node.
Similarly, do not set storage.mmapv1.smallFiles unless specifically indicated.
Add an Arbiter

1. Create a data directory (e.g. storage.dbPath) for the arbiter. The mongod instance uses the directory for
configuration data. The directory will not hold the data set. For example, create the /data/arb directory:
mkdir /data/arb

2. Start the arbiter, specifying the data directory and the replica set name. The following starts an arbiter using the
/data/arb as the dbPath and rs for the replica set name:
mongod --port 30000 --dbpath /data/arb --replSet rs

3. Connect to the primary and add the arbiter to the replica set. Use the rs.addArb() method, as in the following
example:
rs.addArb("m1.example.net:30000")

This operation adds the arbiter running on port 30000 on the m1.example.net host.
Convert a Standalone to a Replica Set

On this page
• Procedure (page 678)
This tutorial describes the process for converting a standalone mongod instance into a three-member replica set. Use
standalone instances for testing and development, but always use replica sets in production. To install a standalone
instance, see the installation tutorials (page 21).
To deploy a replica set without using a pre-existing mongod instance, see Deploy a Replica Set (page 667).
Procedure

1. Shut down the standalone mongod instance.
2. Restart the instance. Use the --replSet option to specify the name of the new replica set.
For example, the following command starts a standalone instance as a member of a new replica set named rs0.
The command uses the standalone’s existing database path of /srv/mongodb/db0:
678

Chapter 12. Replication

MongoDB Documentation, Release 3.2.5

mongod --port 27017 --dbpath /srv/mongodb/db0 --replSet rs0

If your application connects to more than one replica set, each set should have a distinct name. Some drivers
group replica set connections by replica set name.

For more information on configuration options, see https://docs.mongodb.org/manual/reference/configurati
and the mongod manual page.
3. Connect to the mongod instance.
4. Use rs.initiate() to initiate the new replica set:
rs.initiate()

The replica set is now operational.
To view the replica set configuration, use rs.conf().
rs.status().

To check the status of the replica set, use

Expand the Replica Set Add additional replica set members by doing the following:
1. On two distinct systems, start two new standalone mongod instances. For information on starting a standalone
instance, see the installation tutorial (page 21) specific to your environment.
2. On your connection to the original mongod instance (the former standalone instance), issue a command in the
following form for each new instance to add to the replica set:
rs.add("<:port>")

Replace and with the resolvable hostname and port of the mongod instance to add to
the set. For more information on adding a host to a replica set, see Add Members to a Replica Set (page 679).
Sharding Considerations If the new replica set is part of a sharded cluster, change the shard host information in
the config database by doing the following:
1. Connect to one of the sharded cluster’s mongos instances and issue a command in the following form:

db.getSiblingDB("config").shards.save( {_id: "", host: "/<.

Replace with the name of the shard. Replace with the name of the replica set.
Replace <> with the list of the members of the replica set.
2. Restart all mongos instances. If possible, restart all components of the replica sets (i.e., all mongos and all
shard mongod instances).
Add Members to a Replica Set

On this page
• Overview (page 680)
• Requirements (page 680)
• Procedures (page 680)

12.3. Replica Set Tutorials

679

MongoDB Documentation, Release 3.2.5

Overview

This tutorial explains how to add an additional member to an existing replica set. For background on replication
deployment patterns, see the Replica Set Deployment Architectures (page 636) document.
Maximum Voting Members A replica set can have a maximum of seven voting members (page 644). To add a
member to a replica set that already has seven voting members, you must either add the member as a non-voting
member (page 646) or remove a vote from an existing member.
Init Scripts In production deployments you can configure a init script to manage member processes.
Existing Members You can use these procedures to add new members to an existing set. You can also use the same
procedure to “re-add” a removed member. If the removed member’s data is still relatively recent, it can recover and
catch up easily.
Data Files If you have a backup or snapshot of an existing member, you can move the data files (e.g. the dbPath
directory) to a new system and use them to quickly initiate a new member. The files must be:
• A valid copy of the data files from a member of the same replica set. See Backup and Restore with Filesystem
Snapshots (page 343) document for more information.
Important: Always use filesystem snapshots to create a copy of a member of the existing replica set. Do not
use mongodump and mongorestore to seed a new replica set member.
• More recent than the oldest operation in the primary’s oplog. The new member must be able to become current
by applying operations from the primary’s oplog.
Requirements

1. An active replica set.
2. A new MongoDB system capable of supporting your data set, accessible by the active replica set through the
network.
Otherwise, use the MongoDB installation tutorial (page 21) and the Deploy a Replica Set (page 667) tutorials.
Procedures

Prepare the Data Directory Before adding a new member to an existing replica set, prepare the new member’s data
directory using one of the following strategies:
• Make sure the new member’s data directory does not contain data. The new member will copy the data from an
existing member.
If the new member is in a recovering state, it must exit and become a secondary before MongoDB can copy all
data as part of the replication process. This process takes time but does not require administrator intervention.
• Manually copy the data directory from an existing member. The new member becomes a secondary member
and will catch up to the current state of the replica set. Copying the data over may shorten the amount of time
for the new member to become current.

680

Chapter 12. Replication

MongoDB Documentation, Release 3.2.5

Ensure that you can copy the data directory to the new member and begin replication within the window allowed
by the oplog (page 657). Otherwise, the new instance will have to perform an initial sync, which completely
resynchronizes the data, as described in Resync a Member of a Replica Set (page 699).
Use rs.printReplicationInfo() to check the current state of replica set members with regards to the
oplog.
For background on replication deployment patterns, see the Replica Set Deployment Architectures (page 636) document.
Add a Member to an Existing Replica Set
1. Start the new mongod instance. Specify the data directory and the replica set name. The following example
specifies the /srv/mongodb/db0 data directory and the rs0 replica set:
mongod --dbpath /srv/mongodb/db0 --replSet rs0

Take note of the host name and port information for the new mongod instance.
For more information on configuration options, see the mongod manual page.
Optional
You can specify the data directory and replica set in the mongod.conf configuration file, and start
the mongod with the following command:
mongod --config /etc/mongod.conf

2. Connect to the replica set’s primary.
You can only add members while connected to the primary. If you do not know which member is the primary,
log into any member of the replica set and issue the db.isMaster() command.
3. Use rs.add() to add the new member to the replica set.
mongodb3.example.net, issue the following command:

For example, to add a member at host

rs.add("mongodb3.example.net")

You can include the port number, depending on your setup:
rs.add("mongodb3.example.net:27017")

4. Verify that the member is now part of the replica set. Call the rs.conf() method, which displays the replica
set configuration (page 717):
rs.conf()

To view replica set status, issue the rs.status() method. For a description of the status fields, see
https://docs.mongodb.org/manual/reference/command/replSetGetStatus.
Configure and Add a Member You can add a member to a replica set by passing to the rs.add() method a
members (page 719) document. The document must be in the form of a members (page 719) document. These
documents define a replica set member in the same form as the replica set configuration document (page 717).
Important: Specify a value for the _id field of the members (page 719) document. MongoDB does not automatically populate the _id field in this case. Finally, the members (page 719) document must declare the host value.
All other fields are optional.

12.3. Replica Set Tutorials

681

MongoDB Documentation, Release 3.2.5

Example
To add a member with the following configuration:
• an _id of 1.
• a hostname and port number of mongodb3.example.net:27017.
• a priority value within the replica set of 0.
• a configuration as hidden,
Issue the following:
rs.add({_id: 1, host: "mongodb3.example.net:27017", priority: 0, hidden: true})

Remove Members from Replica Set

On this page
• Remove a Member Using rs.remove() (page 682)
• Remove a Member Using rs.reconfig() (page 682)
To remove a member of a replica set use either of the following procedures.
Remove a Member Using rs.remove()

1. Shut down the mongod instance for the member you wish to remove. To shut down the instance, connect using
the mongo shell and the db.shutdownServer() method.
2. Connect to the replica set’s current primary. To determine the current primary, use db.isMaster() while
connected to any member of the replica set.
3. Use rs.remove() in either of the following forms to remove the member:
rs.remove("mongod3.example.net:27017")
rs.remove("mongod3.example.net")

MongoDB disconnects the shell briefly as the replica set elects a new primary. The shell then automatically
reconnects. The shell displays a DBClientCursor::init call() failed error even though the command succeeds.
Remove a Member Using rs.reconfig()

To remove a member you can manually edit the replica set configuration document (page 717), as described here.
1. Shut down the mongod instance for the member you wish to remove. To shut down the instance, connect using
the mongo shell and the db.shutdownServer() method.
2. Connect to the replica set’s current primary. To determine the current primary, use db.isMaster() while
connected to any member of the replica set.
3. Issue the rs.conf() method to view the current configuration document and determine the position in the
members array of the member to remove:
Example

682

Chapter 12. Replication

MongoDB Documentation, Release 3.2.5

mongod_C.example.net is in position 2 of the following configuration file:
{
"_id" : "rs",
"version" : 7,
"members" : [
{
"_id" : 0,
"host" : "mongod_A.example.net:27017"
},
{
"_id" : 1,
"host" : "mongod_B.example.net:27017"
},
{
"_id" : 2,
"host" : "mongod_C.example.net:27017"
}
]
}

4. Assign the current configuration document to the variable cfg:
cfg = rs.conf()

5. Modify the cfg object to remove the member.
Example
To remove mongod_C.example.net:27017 use the following JavaScript operation:
cfg.members.splice(2,1)

6. Overwrite the replica set configuration document with the new configuration by issuing the following:
rs.reconfig(cfg)

As a result of rs.reconfig() the shell will disconnect while the replica set renegotiates which member is
primary. The shell displays a DBClientCursor::init call() failed error even though the command succeeds, and will automatically reconnected.
7. To confirm the new configuration, issue rs.conf().
For the example above the output would be:
{
"_id" : "rs",
"version" : 8,
"members" : [
{
"_id" : 0,
"host" : "mongod_A.example.net:27017"
},
{
"_id" : 1,
"host" : "mongod_B.example.net:27017"
}
]
}

12.3. Replica Set Tutorials

683

MongoDB Documentation, Release 3.2.5

Replace a Replica Set Member

On this page
• Operation (page 684)
• Example (page 684)
If you need to change the hostname of a replica set member without changing the configuration of that member or the
set, you can use the operation outlined in this tutorial. For example if you must re-provision systems or rename hosts,
you can use this pattern to minimize the scope of that change.
Operation

To change the hostname for a replica set member modify the members[n].host (page 719) field. The value of
members[n]._id (page 719) field will not change when you reconfigure the set.
See Replica Set Configuration (page 717) and rs.reconfig() for more information.
Note: Any replica set configuration change can trigger the current primary to step down, which forces an election
(page 644). During the election, the current shell session and clients connected to this replica set disconnect, which
produces an error even when the operation succeeds.

Example

To change the hostname to mongo2.example.net for the replica set member configured at members[0], issue
the following sequence of commands:
cfg = rs.conf()
cfg.members[0].host = "mongo2.example.net"
rs.reconfig(cfg)

12.3.2 Member Configuration Tutorials
The following tutorials provide information in configuring replica set members to support specific operations, such as
to provide dedicated backups, to support reporting, or to act as a cold standby.
Adjust Priority for Replica Set Member (page 685) Change the precedence given to a replica set members in an election for primary.
Prevent Secondary from Becoming Primary (page 686) Make a secondary member ineligible for election as primary.
Configure a Hidden Replica Set Member (page 687) Configure a secondary member to be invisible to applications
in order to support significantly different usage, such as a dedicated backups.
Configure a Delayed Replica Set Member (page 689) Configure a secondary member to keep a delayed copy of the
data set in order to provide a rolling backup.
Configure Non-Voting Replica Set Member (page 690) Create a secondary member that keeps a copy of the data set
but does not vote in an election.
Convert a Secondary to an Arbiter (page 691) Convert a secondary to an arbiter.

684

Chapter 12. Replication

MongoDB Documentation, Release 3.2.5

Adjust Priority for Replica Set Member

On this page
• Overview (page 685)
• Considerations (page 685)
• Procedure (page 685)

Overview

The priority settings of replica set members affect the outcomes of elections (page 644) for primary. Use this setting
to ensure that some members are more likely to become primary and that others can never become primary.
The value of the member’s members[n].priority (page 720) setting determines the member’s priority in elections. The higher the number, the higher the priority.
Considerations

To modify priorities, you update the members (page 719) array in the replica configuration object. The array index
begins with 0. Do not confuse this index value with the value of the replica set member’s members[n]._id
(page 719) field in the array.
The value of members[n].priority (page 720) can be any floating point (i.e. decimal) number between 0 and
1000. The default value for the members[n].priority (page 720) field is 1.
To block a member from seeking election as primary, assign it a priority of 0. Hidden members (page 633) and delayed
members (page 634) have members[n].priority (page 720) set to 0.
For arbiters (page 635), the default members[n].priority (page 720) value is 1; however, arbiters cannot become primary regardless of the configured value.
Adjust priority during a scheduled maintenance window. Reconfiguring priority can force the current primary to step
down, leading to an election. Before an election the primary closes all open client connections.
Procedure

Step 1: Copy the replica set configuration to a variable. In the mongo shell, use rs.conf() to retrieve the
replica set configuration and assign it to a variable. For example:
cfg = rs.conf()

Step 2: Change each member’s priority value. Change each member’s members[n].priority (page 720)
value, as configured in the members (page 719) array.
cfg.members[0].priority = 0.5
cfg.members[1].priority = 2
cfg.members[2].priority = 2

This sequence of operations modifies the value of cfg to set the priority for the first three members defined in the
members (page 719) array.

12.3. Replica Set Tutorials

685

MongoDB Documentation, Release 3.2.5

Step 3: Assign the replica set the new configuration. Use rs.reconfig() to apply the new configuration.
rs.reconfig(cfg)

This operation updates the configuration of the replica set using the configuration defined by the value of cfg.
Prevent Secondary from Becoming Primary

On this page
•
•
•
•

Overview (page 686)
Considerations (page 686)
Procedure (page 686)
Related Documents (page 687)

Overview

In a replica set, by default all secondary members are eligible to become primary through the election process. You
can use the priority to affect the outcome of these elections by making some members more likely to become
primary and other members less likely or unable to become primary.
Secondaries that cannot become primary are also unable to trigger elections. In all other respects these secondaries
are identical to other secondaries.
To prevent a secondary member from ever becoming a primary in a failover, assign the secondary a priority of 0, as
described here. For a detailed description of secondary-only members and their purposes, see Priority 0 Replica Set
Members (page 631).
Considerations

When updating the replica configuration object, access the replica set members in the members (page 719) array with the array index. The array index begins with 0. Do not confuse this index value with the value of the
members[n]._id (page 719) field in each document in the members (page 719) array.
Note: MongoDB does not permit the current primary to have a priority of 0. To prevent the current primary from
again becoming a primary, you must first step down the current primary using rs.stepDown().

Procedure

This tutorial uses a sample replica set with 5 members.
Warning:
• The rs.reconfig() shell method can force the current primary to step down, which causes an election
(page 644). When the primary steps down, the mongod closes all client connections. While this typically
takes 10-20 seconds, try to make these changes during scheduled maintenance periods.
• To successfully reconfigure a replica set, a majority of the members must be accessible. If your replica set
has an even number of members, add an arbiter (page 677) to ensure that members can quickly obtain a
majority of votes in an election for primary.

686

Chapter 12. Replication

MongoDB Documentation, Release 3.2.5

Step 1: Retrieve the current replica set configuration. The rs.conf() method returns a replica set configuration document (page 717) that contains the current configuration for a replica set.
In a mongo shell connected to a primary, run the rs.conf() method and assign the result to a variable:
cfg = rs.conf()

The returned document contains a members (page 719) field which contains an array of member configuration documents, one document for each member of the replica set.
Step 2: Assign priority value of 0. To prevent a secondary member from becoming a primary, update the secondary
member’s members[n].priority (page 720) to 0.
To assign a priority value to a member of the replica set, access the member configuration document using the array
index. In this tutorial, the secondary member to change corresponds to the configuration document found at position
2 of the members (page 719) array.
cfg.members[2].priority = 0

The configuration change does not take effect until you reconfigure the replica set.
Step 3: Reconfigure the replica set. Use rs.reconfig() method to reconfigure the replica set with the updated
replica set configuration document.
Pass the cfg variable to the rs.reconfig() method:
rs.reconfig(cfg)

Related Documents

• members[n].priority (page 720)
• Adjust Priority for Replica Set Member (page 685)
• Replica Set Reconfiguration
• Replica Set Elections (page 644)
Configure a Hidden Replica Set Member

On this page
• Considerations (page 688)
• Examples (page 688)
• Related Documents (page 689)
Hidden members are part of a replica set but cannot become primary and are invisible to client applications. Hidden
members may vote in elections (page 644). For a more information on hidden members and their uses, see Hidden
Replica Set Members (page 633).

12.3. Replica Set Tutorials

687

MongoDB Documentation, Release 3.2.5

Considerations

The most common use of hidden nodes is to support delayed members (page 634). If you only need to prevent a
member from becoming primary, configure a priority 0 member (page 631).
If the settings.chainingAllowed (page 721) setting allows secondary members to sync from other secondaries, MongoDB by default prefers non-hidden members over hidden members when selecting a sync target. MongoDB will only choose hidden members as a last resort. If you want a secondary to sync from a hidden member,
use the replSetSyncFrom database command to override the default sync target. See the documentation for
replSetSyncFrom before using the command.
See also:
Manage Chained Replication (page 705)
Examples

Member Configuration Document To configure a secondary member as hidden,
set its
members[n].priority (page 720) value to 0 and set its members[n].hidden (page 720) value to
true in its member configuration:
{
"_id" :
"host" : ,
"priority" : 0,
"hidden" : true
}

Configuration Procedure The following example hides the secondary member currently at the index 0 in the
members (page 719) array. To configure a hidden member, use the following sequence of operations in a mongo
shell connected to the primary, specifying the member to configure by its array index in the members (page 719)
array:
cfg = rs.conf()
cfg.members[0].priority = 0
cfg.members[0].hidden = true
rs.reconfig(cfg)

After re-configuring the set, this secondary member has a priority of 0 so that it cannot become primary and is hidden.
The other members in the set will not advertise the hidden member in the isMaster or db.isMaster() output.
When updating the replica configuration object, access the replica set members in the members (page 719) array with the array index. The array index begins with 0. Do not confuse this index value with the value of the
members[n]._id (page 719) field in each document in the members (page 719) array.
Warning:
• The rs.reconfig() shell method can force the current primary to step down, which causes an election
(page 644). When the primary steps down, the mongod closes all client connections. While this typically
takes 10-20 seconds, try to make these changes during scheduled maintenance periods.
• To successfully reconfigure a replica set, a majority of the members must be accessible. If your replica set
has an even number of members, add an arbiter (page 677) to ensure that members can quickly obtain a
majority of votes in an election for primary.

688

Chapter 12. Replication

MongoDB Documentation, Release 3.2.5

Related Documents

• Replica Set Reconfiguration
• Replica Set Elections (page 644)
• Read Preference (page 651)
Configure a Delayed Replica Set Member

On this page
• Example (page 689)
• Related Documents (page 690)
To configure a delayed secondary member, set its members[n].priority (page 720) value to 0, its
members[n].hidden (page 720) value to true, and its members[n].slaveDelay (page 721) value to the
number of seconds to delay.
Important: The length of the secondary members[n].slaveDelay (page 721) must fit within the window of
the oplog. If the oplog is shorter than the members[n].slaveDelay (page 721) window, the delayed member
cannot successfully replicate operations.
When you configure a delayed member, the delay applies both to replication and to the member’s oplog. For details
on delayed members and their uses, see Delayed Replica Set Members (page 634).
Example

The following example sets a 1-hour delay on a secondary member currently at the index 0 in the members (page 719)
array. To set the delay, issue the following sequence of operations in a mongo shell connected to the primary:
cfg = rs.conf()
cfg.members[0].priority = 0
cfg.members[0].hidden = true
cfg.members[0].slaveDelay = 3600
rs.reconfig(cfg)

After the replica set reconfigures, the delayed secondary member cannot become primary and is hidden from applications. The members[n].slaveDelay (page 721) value delays both replication and the member’s oplog by 3600
seconds (1 hour).
When updating the replica configuration object, access the replica set members in the members (page 719) array with the array index. The array index begins with 0. Do not confuse this index value with the value of the
members[n]._id (page 719) field in each document in the members (page 719) array.
Warning:
• The rs.reconfig() shell method can force the current primary to step down, which causes an election
(page 644). When the primary steps down, the mongod closes all client connections. While this typically
takes 10-20 seconds, try to make these changes during scheduled maintenance periods.
• To successfully reconfigure a replica set, a majority of the members must be accessible. If your replica set
has an even number of members, add an arbiter (page 677) to ensure that members can quickly obtain a
majority of votes in an election for primary.

12.3. Replica Set Tutorials

689

MongoDB Documentation, Release 3.2.5

Related Documents

• members[n].slaveDelay (page 721)
• Replica Set Reconfiguration
• Oplog Size (page 657)
• Change the Size of the Oplog (page 693) tutorial
• Replica Set Elections (page 644)
Configure Non-Voting Replica Set Member

On this page
• Example (page 690)
• Related Documents (page 691)
Non-voting members allow you to add additional members for read distribution beyond the maximum seven voting
members. To configure a member as non-voting, set its members[n].votes (page 721) value to 0.
Example

To disable the ability to vote in elections for the fourth, fifth, and sixth replica set members, use the following command
sequence in the mongo shell connected to the primary. You identify each replica set member by its array index in the
members (page 719) array:
cfg = rs.conf()
cfg.members[3].votes = 0
cfg.members[4].votes = 0
cfg.members[5].votes = 0
rs.reconfig(cfg)

This sequence gives 0 votes to the fourth, fifth, and sixth members of the set according to the order of the members
(page 719) array in the output of rs.conf(). This setting allows the set to elect these members as primary but does
not allow them to vote in elections. Place voting members so that your designated primary or primaries can reach a
majority of votes in the event of a network partition.
When updating the replica configuration object, access the replica set members in the members (page 719) array with the array index. The array index begins with 0. Do not confuse this index value with the value of the
members[n]._id (page 719) field in each document in the members (page 719) array.
Warning:
• The rs.reconfig() shell method can force the current primary to step down, which causes an election
(page 644). When the primary steps down, the mongod closes all client connections. While this typically
takes 10-20 seconds, try to make these changes during scheduled maintenance periods.
• To successfully reconfigure a replica set, a majority of the members must be accessible. If your replica set
has an even number of members, add an arbiter (page 677) to ensure that members can quickly obtain a
majority of votes in an election for primary.
In general and when possible, all members should have only 1 vote. This prevents intermittent ties, deadlocks, or the
wrong members from becoming primary. Use members[n].priority (page 720) to control which members are
more likely to become primary.

690

Chapter 12. Replication

MongoDB Documentation, Release 3.2.5

Related Documents

• members[n].votes (page 721)
• Replica Set Reconfiguration
• Replica Set Elections (page 644)
Convert a Secondary to an Arbiter

On this page
• Convert Secondary to Arbiter and Reuse the Port Number (page 691)
• Convert Secondary to Arbiter Running on a New Port Number (page 692)
If you have a secondary in a replica set that no longer needs to hold data but that needs to remain in the set to ensure that
the set can elect a primary (page 644), you may convert the secondary to an arbiter (page ??) using either procedure
in this tutorial. Both procedures are operationally equivalent:
• You may operate the arbiter on the same port as the former secondary. In this procedure, you must shut down
the secondary and remove its data before restarting and reconfiguring it as an arbiter.
For this procedure, see Convert Secondary to Arbiter and Reuse the Port Number (page 691).
• Run the arbiter on a new port. In this procedure, you can reconfigure the server as an arbiter before shutting
down the instance running as a secondary.
For this procedure, see Convert Secondary to Arbiter Running on a New Port Number (page 692).
Convert Secondary to Arbiter and Reuse the Port Number

1. If your application is connecting directly to the secondary, modify the application so that MongoDB queries
don’t reach the secondary.
2. Shut down the secondary.
3. Remove the secondary from the replica set by calling the rs.remove() method. Perform this operation while
connected to the current primary in the mongo shell:
rs.remove("<:port>")

4. Verify that the replica set no longer includes the secondary by calling the rs.conf() method in the mongo
shell:
rs.conf()

5. Move the secondary’s data directory to an archive folder. For example:
mv /data/db /data/db-old

Optional
You may remove the data instead.
6. Create a new, empty data directory to point to when restarting the mongod instance. You can reuse the previous
name. For example:

12.3. Replica Set Tutorials

691

MongoDB Documentation, Release 3.2.5

mkdir /data/db

7. Restart the mongod instance for the secondary, specifying the port number, the empty data directory, and the
replica set. You can use the same port number you used before. Issue a command similar to the following:
mongod --port 27021 --dbpath /data/db --replSet rs

8. In the mongo shell convert the secondary to an arbiter using the rs.addArb() method:
rs.addArb("<:port>")

9. Verify the arbiter belongs to the replica set by calling the rs.conf() method in the mongo shell.
rs.conf()

The arbiter member should include the following:
"arbiterOnly" : true

Convert Secondary to Arbiter Running on a New Port Number

1. If your application is connecting directly to the secondary or has a connection string referencing the secondary,
modify the application so that MongoDB queries don’t reach the secondary.
2. Create a new, empty data directory to be used with the new port number. For example:
mkdir /data/db-temp

3. Start a new mongod instance on the new port number, specifying the new data directory and the existing replica
set. Issue a command similar to the following:
mongod --port 27021 --dbpath /data/db-temp --replSet rs

4. In the mongo shell connected to the current primary, convert the new mongod instance to an arbiter using the
rs.addArb() method:
rs.addArb("<:port>")

5. Verify the arbiter has been added to the replica set by calling the rs.conf() method in the mongo shell.
rs.conf()

The arbiter member should include the following:
"arbiterOnly" : true

6. Shut down the secondary.
7. Remove the secondary from the replica set by calling the rs.remove() method in the mongo shell:
rs.remove("<:port>")

8. Verify that the replica set no longer includes the old secondary by calling the rs.conf() method in the mongo
shell:
rs.conf()

9. Move the secondary’s data directory to an archive folder. For example:

692

Chapter 12. Replication

MongoDB Documentation, Release 3.2.5

mv /data/db /data/db-old

Optional
You may remove the data instead.

12.3.3 Replica Set Maintenance Tutorials
The following tutorials provide information in maintaining existing replica sets.
Change the Size of the Oplog (page 693) Increase the size of the oplog which logs operations. In most cases, the
default oplog size is sufficient.
Perform Maintenance on Replica Set Members (page 695) Perform maintenance on a member of a replica set while
minimizing downtime.
Force a Member to Become Primary (page 697) Force a replica set member to become primary.
Resync a Member of a Replica Set (page 699) Sync the data on a member. Either perform initial sync on a new
member or resync the data on an existing member that has fallen too far behind to catch up by way of normal
replication.
Configure Replica Set Tag Sets (page 700) Assign tags to replica set members for use in targeting read and write
operations to specific members.
Reconfigure a Replica Set with Unavailable Members (page 704) Reconfigure a replica set when a majority of
replica set members are down or unreachable.
Manage Chained Replication (page 705) Disable or enable chained replication. Chained replication occurs when a
secondary replicates from another secondary instead of the primary.
Change Hostnames in a Replica Set (page 706) Update the replica set configuration to reflect changes in members’
hostnames.
Configure a Secondary’s Sync Target (page 710) Specify the member that a secondary member synchronizes from.
Change the Size of the Oplog

On this page
• Overview (page 694)
• Procedure (page 694)
The oplog exists internally as a capped collection, so you cannot modify its size in the course of normal operations. In
most cases the default oplog size (page 657) is an acceptable size; however, in some situations you may need a larger
or smaller oplog. For example, you might need to change the oplog size if your applications perform large numbers of
multi-updates or deletes in short periods of time.
This tutorial describes how to resize the oplog. For a detailed explanation of oplog sizing, see Oplog Size (page 657).
For details how oplog size affects delayed members and affects replication lag, see Delayed Replica Set Members
(page 634).

12.3. Replica Set Tutorials

693

MongoDB Documentation, Release 3.2.5

Overview

To change the size of the oplog, you must perform maintenance on each member of the replica set in turn. The
procedure requires: stopping the mongod instance and starting as a standalone instance, modifying the oplog size,
and restarting the member.
Important: Always start rolling replica set maintenance with the secondaries, and finish with the maintenance on
primary member.

Procedure

• Restart the member in standalone mode.
Tip
Always use rs.stepDown() to force the primary to become a secondary, before stopping the server. This
facilitates a more efficient election process.
• Recreate the oplog with the new size and with an old oplog entry as a seed.
• Restart the mongod instance as a member of the replica set.
Restart a Secondary in Standalone Mode on a Different Port Shut down the mongod instance for one of the
non-primary members of your replica set. For example, to shut down, use the db.shutdownServer() method:
db.shutdownServer()

Restart this mongod as a standalone instance running on a different port and without the --replSet parameter. Use
a command similar to the following:
mongod --port 37017 --dbpath /srv/mongodb

Create a Backup of the Oplog (Optional) Optionally, backup the existing oplog on the standalone instance, as in
the following example:
mongodump --db local --collection 'oplog.rs' --port 37017

Recreate the Oplog with a New Size and a Seed Entry Save the last entry from the oplog. For example, connect
to the instance using the mongo shell, and enter the following command to switch to the local database:
use local

In mongo shell scripts you can use the following operation to set the db object:
db = db.getSiblingDB('local')

Ensure that the temp temporary collection is empty by dropping the collection:
db.temp.drop()

Use the db.collection.save() method and a sort on reverse natural order to find the last entry and save it to a
temporary collection:

694

Chapter 12. Replication

MongoDB Documentation, Release 3.2.5

db.temp.save( db.oplog.rs.find( { }, { ts: 1, h: 1 } ).sort( {$natural : -1} ).limit(1).next() )

To see this oplog entry, use the following operation:
db.temp.find()

Remove the Existing Oplog Collection Drop the old oplog.rs collection in the local database. Use the following command:
db = db.getSiblingDB('local')
db.oplog.rs.drop()

This returns true in the shell.
Create a New Oplog Use the create command to create a new oplog of a different size. Specify the size
argument in bytes. A value of 2 * 1024 * 1024 * 1024 will create a new oplog that’s 2 gigabytes:
db.runCommand( { create: "oplog.rs", capped: true, size: (2 * 1024 * 1024 * 1024) } )

Upon success, this command returns the following status:
{ "ok" : 1 }

Insert the Last Entry of the Old Oplog into the New Oplog Insert the previously saved last entry from the old
oplog into the new oplog. For example:
db.oplog.rs.save( db.temp.findOne() )

To confirm the entry is in the new oplog, use the following operation:
db.oplog.rs.find()

Restart the Member Restart the mongod as a member of the replica set on its usual port. For example:
db.shutdownServer()
mongod --replSet rs0 --dbpath /srv/mongodb

The replica set member will recover and “catch up” before it is eligible for election to primary.
Repeat Process for all Members that may become Primary Repeat this procedure for all members you want to
change the size of the oplog. Repeat the procedure for the primary as part of the following step.
Change the Size of the Oplog on the Primary To finish the rolling maintenance operation, step down the primary
with the rs.stepDown() method and repeat the oplog resizing procedure above.
Perform Maintenance on Replica Set Members

On this page
• Overview (page 696)
• Procedure (page 696)

12.3. Replica Set Tutorials

695

MongoDB Documentation, Release 3.2.5

Overview

Replica sets allow a MongoDB deployment to remain available during the majority of a maintenance window.
This document outlines the basic procedure for performing maintenance on each of the members of a replica set.
Furthermore, this particular sequence strives to minimize the amount of time that the primary is unavailable and
controlling the impact on the entire deployment.
Use these steps as the basis for common replica set operations, particularly for procedures such as upgrading to the
latest version of MongoDB (page 335) and changing the size of the oplog (page 693).
Procedure

For each member of a replica set, starting with a secondary member, perform the following sequence of events, ending
with the primary:
• Restart the mongod instance as a standalone.
• Perform the task on the standalone instance.
• Restart the mongod instance as a member of the replica set.
Step 1: Stop a secondary. In the mongo shell, shut down the mongod instance:
db.shutdownServer()

Step 2: Restart the secondary as a standalone on a different port. At the operating system shell prompt, restart
mongod as a standalone instance running on a different port and without the --replSet parameter:
mongod --port 37017 --dbpath /srv/mongodb

Always start mongod with the same user, even when restarting a replica set member as a standalone instance.
Step 3: Perform maintenance operations on the secondary. While the member is a standalone, use the mongo
shell to perform maintenance:
mongo --port 37017

Step 4: Restart mongod as a member of the replica set. After performing all maintenance tasks, use the following
procedure to restart the mongod as a member of the replica set on its usual port.
From the mongo shell, shut down the standalone server after completing the maintenance:
db.shutdownServer()

Restart the mongod instance as a member of the replica set using its normal command-line arguments or configuration
file.
The secondary takes time to catch up to the primary (page 658). From the mongo shell, use the following command
to verify that the member has caught up from the RECOVERING (page 726) state to the SECONDARY (page 726) state.
rs.status()

696

Chapter 12. Replication

MongoDB Documentation, Release 3.2.5

Step 5: Perform maintenance on the primary last. To perform maintenance on the primary after completing
maintenance tasks on all secondaries, use rs.stepDown() in the mongo shell to step down the primary and allow
one of the secondaries to be elected the new primary. Specify a 300 second waiting period to prevent the member from
being elected primary again for five minutes:
rs.stepDown(300)

After the primary steps down, the replica set will elect a new primary. See Replica Set Elections (page 644) for more
information about replica set elections.
Force a Member to Become Primary

On this page
• Overview (page 697)
• Consideration (page 697)
• Procedures (page 697)

Overview

You can force a replica set member to become primary by giving it a higher members[n].priority (page 720)
value than any other member in the set.
Optionally, you also can force a member never to become primary by setting its members[n].priority
(page 720) value to 0, which means the member can never seek election (page 644) as primary. For more information,
see Priority 0 Replica Set Members (page 631).
For more information on priorities, see members[n].priority (page 720).
Consideration

A majority of the configured members of a replica set must be available for a set to reconfigure a set or elect a primary.
See Replica Set Elections (page 644) for more information.
Procedures

Force a Member to be Primary by Setting its Priority High This procedure assumes your current primary is
m1.example.net and that you’d like to instead make m3.example.net primary. The procedure also assumes
you have a three-member replica set with the configuration below. For more information on configurations, see Replica
Set Configuration Use.
This procedure assumes this configuration:
{
"_id" : "rs",
"version" : 7,
"members" : [
{
"_id" : 0,
"host" : "m1.example.net:27017"
},
{

12.3. Replica Set Tutorials

697

MongoDB Documentation, Release 3.2.5

"_id" : 1,
"host" : "m2.example.net:27017"
},
{
"_id" : 2,
"host" : "m3.example.net:27017"
}
]
}

1. In a mongo shell connected to the primary, use the following sequence of operations to make
m3.example.net the primary:
cfg = rs.conf()
cfg.members[0].priority = 0.5
cfg.members[1].priority = 0.5
cfg.members[2].priority = 1
rs.reconfig(cfg)

The last statement calls rs.reconfig() with the modified configuration document to configure
m3.example.net to have a higher members[n].priority (page 720) value than the other mongod
instances.
The following sequence of events occur:
• m3.example.net and m2.example.net sync with m1.example.net (typically within 10 seconds).
• m1.example.net sees that it no longer has highest priority and, in most cases, steps down.
m1.example.net does not step down if m3.example.net‘s sync is far behind. In that case,
m1.example.net waits until m3.example.net is within 10 seconds of its optime and then steps
down. This minimizes the amount of time with no primary following failover.
• The step down forces on election in which m3.example.net becomes primary based on its priority
setting.
2. Optionally, if m3.example.net is more than 10 seconds behind m1.example.net‘s optime, and if you
don’t need to have a primary designated within 10 seconds, you can force m1.example.net to step down by
running:
db.adminCommand({replSetStepDown: 86400, force: 1})

This prevents m1.example.net from being primary for 86,400 seconds (24 hours), even if there is no other
member that can become primary. When m3.example.net catches up with m1.example.net it will
become primary.
If you later want to make m1.example.net primary again while it waits for m3.example.net to catch
up, issue the following command to make m1.example.net seek election again:
rs.freeze()

The rs.freeze() provides a wrapper around the replSetFreeze database command.
Force a Member to be Primary Using Database Commands Changed in version 1.8.
Consider a replica set with the following members:
• mdb0.example.net - the current primary.
• mdb1.example.net - a secondary.

698

Chapter 12. Replication

MongoDB Documentation, Release 3.2.5

• mdb2.example.net - a secondary .
To force a member to become primary use the following procedure:
1. In a mongo shell, run rs.status() to ensure your replica set is running as expected.
2. In a mongo shell connected to the mongod instance running on mdb2.example.net, freeze
mdb2.example.net so that it does not attempt to become primary for 120 seconds.
rs.freeze(120)

3. In a mongo shell connected the mongod running on mdb0.example.net, step down this instance that the
mongod is not eligible to become primary for 120 seconds:
rs.stepDown(120)

mdb1.example.net becomes primary.
Note: During the transition, there is a short window where the set does not have a primary.
For more information, consider the rs.freeze() and rs.stepDown() methods that wrap the
replSetFreeze and replSetStepDown commands.
Resync a Member of a Replica Set

On this page
• Procedures (page 699)
A replica set member becomes “stale” when its replication process falls so far behind that the primary overwrites
oplog entries the member has not yet replicated. The member cannot catch up and becomes “stale.” When this occurs,
you must completely resynchronize the member by removing its data and performing an initial sync (page 658).
This tutorial addresses both resyncing a stale member and to creating a new member using seed data from another
member. When syncing a member, choose a time when the system has the bandwidth to move a large amount of data.
Schedule the synchronization during a time of low usage or during a maintenance window.
MongoDB provides two options for performing an initial sync:
• Restart the mongod with an empty data directory and let MongoDB’s normal initial syncing feature restore the
data. This is the more simple option but may take longer to replace the data.
See Procedures (page 699).
• Restart the machine with a copy of a recent data directory from another member in the replica set. This procedure
can replace the data more quickly but requires more manual steps.
See Sync by Copying Data Files from Another Member (page 700).
Procedures

Automatically Sync a Member

Warning: During initial sync, mongod will remove the content of the dbPath.

This procedure relies on MongoDB’s regular process for initial sync (page 658). This will store the current data on the
member. For an overview of MongoDB initial sync process, see the Replication Processes (page 656) section.

12.3. Replica Set Tutorials

699

MongoDB Documentation, Release 3.2.5

If the instance has no data, you can simply follow the Add Members to a Replica Set (page 679) or Replace a Replica
Set Member (page 684) procedure to add a new member to a replica set.
You can also force a mongod that is already a member of the set to to perform an initial sync by restarting the instance
without the content of the dbPath as follows:
1. Stop the member’s mongod instance. To ensure a clean shutdown, use the db.shutdownServer() method
from the mongo shell or on Linux systems, the mongod --shutdown option.
2. Delete all data and sub-directories from the member’s data directory. By removing the data dbPath, MongoDB
will perform a complete resync. Consider making a backup first.
At this point, the mongod will perform an initial sync. The length of the initial sync process depends on the size of
the database and network connection between members of the replica set.
Initial sync operations can impact the other members of the set and create additional traffic to the primary and can only
occur if another member of the set is accessible and up to date.
Sync by Copying Data Files from Another Member This approach “seeds” a new or stale member using the data
files from an existing member of the replica set. The data files must be sufficiently recent to allow the new member to
catch up with the oplog. Otherwise the member would need to perform an initial sync.
Copy the Data Files You can capture the data files as either a snapshot or a direct copy. However, in most cases you
cannot copy data files from a running mongod instance to another because the data files will change during the file
copy operation.
Important: If copying data files, you must copy the content of the local database.
You cannot use a mongodump backup for the data files, only a snapshot backup. For approaches to capturing a
consistent snapshot of a running mongod instance, see the MongoDB Backup Methods (page 282) documentation.
Sync the Member After you have copied the data files from the “seed” source, start the mongod instance and allow
it to apply all operations from the oplog until it reflects the current state of the replica set.
Configure Replica Set Tag Sets

On this page
•
•
•
•

Differences Between Read Preferences and Write Concerns (page 701)
Add Tag Sets to a Replica Set (page 701)
Custom Multi-Datacenter Write Concerns (page 702)
Configure Tag Sets for Functional Segregation of Read and Write Operations (page 703)

Tag sets let you customize write concern and read preferences for a replica set. MongoDB stores tag sets in the replica
set configuration object, which is the document returned by rs.conf(), in the members[n].tags (page 720)
embedded document.
This section introduces the configuration of tag sets. For an overview on tag sets and their use, see w:
and Tag Sets (page 653).

700

Chapter 12. Replication

MongoDB Documentation, Release 3.2.5

Differences Between Read Preferences and Write Concerns

Custom read preferences and write concerns evaluate tags sets in different ways:
• Read preferences consider the value of a tag when selecting a member to read from.
• Write concerns do not use the value of a tag to select a member except to consider whether or not the value is
unique.
For example, a tag set for a read operation may resemble the following document:
{ "disk": "ssd", "use": "reporting" }

To fulfill such a read operation, a member would need to have both of these tags. Any of the following tag sets would
satisfy this requirement:
{
{
{
{

"disk":
"disk":
"disk":
"disk":

"ssd",
"ssd",
"ssd",
"ssd",

"use":
"use":
"use":
"use":

"reporting" }
"reporting", "rack": "a" }
"reporting", "rack": "d" }
"reporting", "mem": "r"}

The following tag sets would not be able to fulfill this query:
{
{
{
{
{

"disk": "ssd" }
"use": "reporting" }
"disk": "ssd", "use": "production" }
"disk": "ssd", "use": "production", "rack": "k" }
"disk": "spinning", "use": "reporting", "mem": "32" }

Add Tag Sets to a Replica Set

Given the following replica set configuration:
{
"_id" : "rs0",
"version" : 1,
"members" : [
{
"_id" : 0,
"host" : "mongodb0.example.net:27017"
},
{
"_id" : 1,
"host" : "mongodb1.example.net:27017"
},
{
"_id" : 2,
"host" : "mongodb2.example.net:27017"
}
]
}

You could add tag sets to the members of this replica set with the following command sequence in the mongo shell:
conf = rs.conf()
conf.members[0].tags = { "dc": "east", "use": "production" }
conf.members[1].tags = { "dc": "east", "use": "reporting" }
conf.members[2].tags = { "use": "production" }
rs.reconfig(conf)

12.3. Replica Set Tutorials

701

MongoDB Documentation, Release 3.2.5

After this operation the output of rs.conf() would resemble the following:
{
"_id" : "rs0",
"version" : 2,
"members" : [
{
"_id" : 0,
"host" : "mongodb0.example.net:27017",
"tags" : {
"dc": "east",
"use": "production"
}
},
{
"_id" : 1,
"host" : "mongodb1.example.net:27017",
"tags" : {
"dc": "east",
"use": "reporting"
}
},
{
"_id" : 2,
"host" : "mongodb2.example.net:27017",
"tags" : {
"use": "production"
}
}
]
}

Important: In tag sets, all tag values must be strings.

Custom Multi-Datacenter Write Concerns

Given a five member replica set with members in two data centers:
1. a facility VA tagged dc_va
2. a facility GTO tagged dc_gto
Create a custom write concern to require confirmation from two data centers using replica set tags, using the following
sequence of operations in the mongo shell:
1. Create a replica set configuration JavaScript object conf:
conf = rs.conf()

2. Add tags to the replica set members reflecting their locations:
conf.members[0].tags
conf.members[1].tags
conf.members[2].tags
conf.members[3].tags
conf.members[4].tags
rs.reconfig(conf)

702

=
=
=
=
=

{
{
{
{
{

"dc_va": "rack1"}
"dc_va": "rack2"}
"dc_gto": "rack1"}
"dc_gto": "rack2"}
"dc_va": "rack1"}

Chapter 12. Replication

MongoDB Documentation, Release 3.2.5

3. Create a custom settings.getLastErrorModes (page 722) setting to ensure that the write operation will
propagate to at least one member of each facility:
conf.settings = { getLastErrorModes: { MultipleDC : { "dc_va": 1, "dc_gto": 1 } } }

4. Reconfigure the replica set using the modified conf configuration object:
rs.reconfig(conf)

To ensure that a write operation propagates to at least one member of the set in both data centers, use the MultipleDC
write concern mode as follows:
db.users.insert( { id: "xyz", status: "A" }, { writeConcern: { w: "MultipleDC" } } )

Alternatively, if you want to ensure that each write operation propagates to at least 2 racks in each facility, reconfigure
the replica set as follows in the mongo shell:
1. Create a replica set configuration object conf:
conf = rs.conf()

2. Redefine the settings.getLastErrorModes (page 722) value to require two different values of both
dc_va and dc_gto:
conf.settings = { getLastErrorModes: { MultipleDC : { "dc_va": 2, "dc_gto": 2}}

3. Reconfigure the replica set using the modified conf configuration object:
rs.reconfig(conf)

Now, the following write operation will only return after the write operation propagates to at least two different racks
in the each facility:
Changed in version 2.6: A new protocol for write operations (page 995) integrates write concerns with the write
operations. Previous versions used the getLastError command to specify the write concerns.
db.users.insert( { id: "xyz", status: "A" }, { writeConcern: { w: "MultipleDC" } } )

Configure Tag Sets for Functional Segregation of Read and Write Operations

Given a replica set with tag sets that reflect:
• data center facility,
• physical rack location of instance, and
• storage system (i.e. disk) type.
Where each member of the set has a tag set that resembles one of the following:

{"dc_va": "rack1", disk:"ssd", ssd: "installed" }
{"dc_va": "rack2", disk:"raid"}
{"dc_gto": "rack1", disk:"ssd", ssd: "installed" }
{"dc_gto": "rack2", disk:"raid"}
{"dc_va": "rack1", disk:"ssd", ssd: "installed" }

To target a read operation to a member of the replica set with a disk type of ssd, you could use the following tag set:
18

Since read preferences and write concerns use the value of fields in tag sets differently, larger deployments may have some redundancy.

12.3. Replica Set Tutorials

703

MongoDB Documentation, Release 3.2.5

{ disk: "ssd" }

However, to create comparable write concern modes, you would specify a different set of
settings.getLastErrorModes (page 722) configuration. Consider the following sequence of operations in
the mongo shell:
1. Create a replica set configuration object conf:
conf = rs.conf()

2. Redefine the settings.getLastErrorModes (page 722) value to configure two write concern modes:
conf.settings = {
"getLastErrorModes" : {
"ssd" : {
"ssd" : 1
},
"MultipleDC" : {
"dc_va" : 1,
"dc_gto" : 1
}
}
}

3. Reconfigure the replica set using the modified conf configuration object:
rs.reconfig(conf)

Now you can specify the MultipleDC write concern mode, as in the following, to ensure that a write operation
propagates to each data center.
Changed in version 2.6: A new protocol for write operations (page 995) integrates write concerns with the write
operations. Previous versions used the getLastError command to specify the write concerns.
db.users.insert( { id: "xyz", status: "A" }, { writeConcern: { w: "MultipleDC" } } )

Additionally, you can specify the ssd write concern mode to ensure that a write operation propagates to at least one
instance with an SSD.
Reconfigure a Replica Set with Unavailable Members

On this page
• Reconfigure by Forcing the Reconfiguration (page 704)
To reconfigure a replica set when a majority of members are available, use the rs.reconfig() operation on the
current primary, following the example in the Replica Set Reconfiguration Procedure.
This document provides steps for re-configuring a replica set when only a minority of members are accessible.
You may need to use the procedure, for example, in a geographically distributed replica set, where no local group of
members can reach a majority. See Replica Set Elections (page 644) for more information on this situation.
Reconfigure by Forcing the Reconfiguration

This procedure lets you recover while a majority of replica set members are down or unreachable. You connect to any
surviving member and use the force option to the rs.reconfig() method.
704

Chapter 12. Replication

MongoDB Documentation, Release 3.2.5

The force option forces a new configuration onto the member. Use this procedure only to recover from catastrophic
interruptions. Do not use force every time you reconfigure. Also, do not use the force option in any automatic
scripts and do not use force when there is still a primary.
To force reconfiguration:
1. Back up a surviving member.
2. Connect to a surviving member and save the current configuration. Consider the following example commands
for saving the configuration:
cfg = rs.conf()
printjson(cfg)

3. On the same member, remove the down and unreachable members of the replica set from the members
(page 719) array by setting the array equal to the surviving members alone. Consider the following example,
which uses the cfg variable created in the previous step:
cfg.members = [cfg.members[0] , cfg.members[4] , cfg.members[7]]

4. On the same member, reconfigure the set by using the rs.reconfig() command with the force option set
to true:
rs.reconfig(cfg, {force : true})

This operation forces the secondary to use the new configuration. The configuration is then propagated to all the
surviving members listed in the members array. The replica set then elects a new primary.
Note: When you use force : true, the version number in the replica set configuration increases significantly, by tens or hundreds of thousands. This is normal and designed to prevent set version collisions if you
accidentally force re-configurations on both sides of a network partition and then the network partitioning ends.
5. If the failure or partition was only temporary, shut down or decommission the removed members as soon as
possible.
See also:
Resync a Member of a Replica Set (page 699)
Manage Chained Replication

On this page
• Disable Chained Replication (page 706)
• Re-enable Chained Replication (page 706)
Starting in version 2.0, MongoDB supports chained replication. A chained replication occurs when a secondary
member replicates from another secondary member instead of from the primary. This might be the case, for example,
if a secondary selects its replication target based on ping time and if the closest member is another secondary.
Chained replication can reduce load on the primary. But chained replication can also result in increased replication
lag, depending on the topology of the network.
You can use the settings.chainingAllowed (page 721) setting in Replica Set Configuration (page 717) to
disable chained replication for situations where chained replication is causing lag.
MongoDB enables chained replication by default. This procedure describes how to disable it and how to re-enable it.

12.3. Replica Set Tutorials

705

MongoDB Documentation, Release 3.2.5

Note: If chained replication is disabled, you still can use replSetSyncFrom to specify that a secondary replicates
from another secondary. But that configuration will last only until the secondary recalculates which member to sync
from.

Disable Chained Replication

To disable chained replication, set the settings.chainingAllowed (page 721) field in Replica Set Configuration (page 717) to false.
You can use the following sequence of commands to set settings.chainingAllowed (page 721) to false:
1. Copy the configuration settings into the cfg object:
cfg = rs.config()

2. Take note of whether the current configuration settings contain the settings embedded document. If they do,
skip this step.
Warning: To avoid data loss, skip this step if the configuration settings contain the settings embedded
document.
If the current configuration settings do not contain the settings embedded document, create the embedded
document by issuing the following command:
cfg.settings = { }

3. Issue the following sequence of commands to set settings.chainingAllowed (page 721) to false:
cfg.settings.chainingAllowed = false
rs.reconfig(cfg)

Re-enable Chained Replication

To re-enable chained replication, set settings.chainingAllowed (page 721) to true. You can use the following sequence of commands:
cfg = rs.config()
cfg.settings.chainingAllowed = true
rs.reconfig(cfg)

Change Hostnames in a Replica Set

On this page
•
•
•
•

Overview (page 707)
Assumptions (page 707)
Change Hostnames while Maintaining Replica Set Availability (page 708)
Change All Hostnames at the Same Time (page 709)

For most replica sets, the hostnames in the members[n].host (page 719) field never change. However, if organizational needs change, you might need to migrate some or all host names.

706

Chapter 12. Replication

MongoDB Documentation, Release 3.2.5

Note: Always use resolvable hostnames for the value of the members[n].host (page 719) field in the replica set
configuration to avoid confusion and complexity.

Overview

This document provides two separate procedures for changing the hostnames in the members[n].host (page 719)
field. Use either of the following approaches:
• Change hostnames without disrupting availability (page 708). This approach ensures your applications will
always be able to read and write data to the replica set, but the approach can take a long time and may incur
downtime at the application layer.
If you use the first procedure, you must configure your applications to connect to the replica set at both the old
and new locations, which often requires a restart and reconfiguration at the application layer and which may
affect the availability of your applications. Re-configuring applications is beyond the scope of this document.
• Stop all members running on the old hostnames at once (page 709). This approach has a shorter maintenance
window, but the replica set will be unavailable during the operation.
See also:
Replica Set Reconfiguration Process, Deploy a Replica Set (page 667), and Add Members to a Replica Set (page 679).
Assumptions

Given a replica set with three members:
• database0.example.com:27017 (the primary)
• database1.example.com:27017
• database2.example.com:27017
And with the following rs.conf() output:
{
"_id" : "rs",
"version" : 3,
"members" : [
{
"_id" : 0,
"host" : "database0.example.com:27017"
},
{
"_id" : 1,
"host" : "database1.example.com:27017"
},
{
"_id" : 2,
"host" : "database2.example.com:27017"
}
]
}

The following procedures change the members’ hostnames as follows:
• mongodb0.example.net:27017 (the primary)

12.3. Replica Set Tutorials

707

MongoDB Documentation, Release 3.2.5

• mongodb1.example.net:27017
• mongodb2.example.net:27017
Use the most appropriate procedure for your deployment.
Change Hostnames while Maintaining Replica Set Availability

This procedure uses the above assumptions (page 707).
1. For each secondary in the replica set, perform the following sequence of operations:
(a) Stop the secondary.
(b) Restart the secondary at the new location.
(c) Open a mongo shell connected to the replica set’s primary. In our example, the primary runs on port
27017 so you would issue the following command:
mongo --port 27017

(d) Use rs.reconfig() to update the replica set configuration document (page 717) with the new hostname.
For example, the following sequence of commands updates the hostname for the secondary at the array
index 1 of the members array (i.e. members[1]) in the replica set configuration document:
cfg = rs.conf()
cfg.members[1].host = "mongodb1.example.net:27017"
rs.reconfig(cfg)

For more information on updating the configuration document, see replica-set-reconfiguration-usage.
(e) Make sure your client applications are able to access the set at the new location and that the secondary has
a chance to catch up with the other members of the set.
Repeat the above steps for each non-primary member of the set.
2. Open a mongo shell connected to the primary and step down the primary using the rs.stepDown() method:
rs.stepDown()

The replica set elects another member to the become primary.
3. When the step down succeeds, shut down the old primary.
4. Start the mongod instance that will become the new primary in the new location.
5. Connect to the current primary, which was just elected, and update the replica set configuration document
(page 717) with the hostname of the node that is to become the new primary.
For example, if the old primary was at position 0 and the new primary’s hostname is
mongodb0.example.net:27017, you would run:
cfg = rs.conf()
cfg.members[0].host = "mongodb0.example.net:27017"
rs.reconfig(cfg)

6. Open a mongo shell connected to the new primary.
7. To confirm the new configuration, call rs.conf() in the mongo shell.
Your output should resemble:

708

Chapter 12. Replication

MongoDB Documentation, Release 3.2.5

{
"_id" : "rs",
"version" : 4,
"members" : [
{
"_id" : 0,
"host" : "mongodb0.example.net:27017"
},
{
"_id" : 1,
"host" : "mongodb1.example.net:27017"
},
{
"_id" : 2,
"host" : "mongodb2.example.net:27017"
}
]
}

Change All Hostnames at the Same Time

This procedure uses the above assumptions (page 707).
1. Stop all members in the replica set.
2. Restart each member on a different port and without using the --replSet run-time option. Changing the port
number during maintenance prevents clients from connecting to this host while you perform maintenance. Use
the member’s usual --dbpath, which in this example is /data/db1. Use a command that resembles the
following:
mongod --dbpath /data/db1/ --port 37017

3. For each member of the replica set, perform the following sequence of operations:
(a) Open a mongo shell connected to the mongod running on the new, temporary port. For example, for a
member running on a temporary port of 37017, you would issue this command:
mongo --port 37017

(b) Edit the replica set configuration manually. The replica set configuration is the only document in the
system.replset collection in the local database. Edit the replica set configuration with the new
hostnames and correct ports for all the members of the replica set. Consider the following sequence of
commands to change the hostnames in a three-member set:
use local
cfg = db.system.replset.findOne( { "_id": "rs" } )
cfg.members[0].host = "mongodb0.example.net:27017"
cfg.members[1].host = "mongodb1.example.net:27017"
cfg.members[2].host = "mongodb2.example.net:27017"
db.system.replset.update( { "_id": "rs" } , cfg )

12.3. Replica Set Tutorials

709

MongoDB Documentation, Release 3.2.5

4. After re-configuring all members of the set, start each mongod instance in the normal way: use the usual port
number and use the --replSet option. For example:
mongod --dbpath /data/db1/ --port 27017 --replSet rs

5. Connect to one of the mongod instances using the mongo shell. For example:
mongo --port 27017

6. To confirm the new configuration, call rs.conf() in the mongo shell.
Your output should resemble:
{
"_id" : "rs",
"version" : 4,
"members" : [
{
"_id" : 0,
"host" : "mongodb0.example.net:27017"
},
{
"_id" : 1,
"host" : "mongodb1.example.net:27017"
},
{
"_id" : 2,
"host" : "mongodb2.example.net:27017"
}
]
}

Configure a Secondary’s Sync Target

On this page
• Overview (page 710)
• Considerations (page 711)
• Procedure (page 711)

Overview

Secondaries capture data from the primary member to maintain an up to date copy of the sets’ data. However, by
default secondaries may automatically change their sync targets to secondary members based on changes in the ping
time between members and the state of other members’ replication. See Replica Set Data Synchronization (page 658)
and Manage Chained Replication (page 705) for more information.
For some deployments, implementing a custom replication sync topology may be more effective than the default sync
target selection logic. MongoDB provides the ability to specify a host to use as a sync target.
To temporarily override the default sync target selection logic, you may manually configure a secondary member’s
sync target to temporarily pull oplog entries. The following provide access to this functionality:
• replSetSyncFrom command, or
• rs.syncFrom() helper in the mongo shell

710

Chapter 12. Replication

MongoDB Documentation, Release 3.2.5

Considerations

Sync Logic Only modify the default sync logic as needed, and always exercise caution. replSetSyncFrom, or
rs.syncFrom(), will not affect an in-progress initial sync operation. To affect the sync target for the initial sync,
run replSetSyncFrom, or rs.syncFrom(), operation before initial sync.
If you run replSetSyncFrom, or rs.syncFrom(), during initial sync, MongoDB produces no error messages,
but the sync target will not change until after the initial sync operation.
Target The member to sync from must be a valid source for data in the set. To sync from a member, the member
must:
• Have data. It cannot be an arbiter, in startup or recovering mode, and must be able to answer data queries.
• Be accessible.
• Be a member of the same set in the replica set configuration.
• Build indexes with the members[n].buildIndexes (page 719) setting.
• A different member of the set, to prevent syncing from itself.
If you attempt to replicate from a member that is more than 10 seconds behind the current member, mongod will log
a warning but will still replicate from the lagging member.
If you run replSetSyncFrom, or rs.syncFrom(), during initial sync, MongoDB produces no error messages,
but the sync target will not change until after the initial sync operation.
Persistence replSetSyncFrom, or rs.syncFrom(), provide a temporary override of default behavior.
mongod will revert to the default sync behavior in the following situations:
• The mongod instance restarts.
• The connection between the mongod and the sync target closes.
• If the sync target falls more than 30 seconds behind another member of the replica set.
Procedure

To use the replSetSyncFrom command in the mongo shell:
db.adminCommand( { replSetSyncFrom: "hostname<:port>" } );

To use the rs.syncFrom() helper in the mongo shell:
rs.syncFrom("hostname<:port>");

12.3.4 Troubleshoot Replica Sets

12.3. Replica Set Tutorials

711

MongoDB Documentation, Release 3.2.5

On this page
•
•
•
•
•
•
•

Check Replica Set Status (page 712)
Check the Replication Lag (page 712)
Test Connections Between all Members (page 713)
Socket Exceptions when Rebooting More than One Secondary (page 714)
Check the Size of the Oplog (page 714)
Oplog Entry Timestamp Error (page 715)
Duplicate Key Error on local.slaves (page 716)

This section describes common strategies for troubleshooting replica set deployments.
Check Replica Set Status
To display the current state of the replica set and current state of each member, run the rs.status() method in a
mongo shell connected to the replica set’s primary. For descriptions of the information displayed by rs.status(),
see https://docs.mongodb.org/manual/reference/command/replSetGetStatus.
Note: The rs.status() method is a wrapper that runs the replSetGetStatus database command.

Check the Replication Lag
Replication lag is a delay between an operation on the primary and the application of that operation from the oplog to
the secondary. Replication lag can be a significant issue and can seriously affect MongoDB replica set deployments.
Excessive replication lag makes “lagged” members ineligible to quickly become primary and increases the possibility
that distributed read operations will be inconsistent.
To check the current length of replication lag:
• In a mongo shell connected to the primary, call the rs.printSlaveReplicationInfo() method.
Returns the syncedTo value for each member, which shows the time when the last oplog entry was written to
the secondary, as shown in the following example:
source: m1.example.net:27017
syncedTo: Thu Apr 10 2014
0 secs (0 hrs) behind the
source: m2.example.net:27017
syncedTo: Thu Apr 10 2014
0 secs (0 hrs) behind the

10:27:47 GMT-0400 (EDT)
primary
10:27:47 GMT-0400 (EDT)
primary

A delayed member (page 634) may show as 0 seconds behind the primary when the inactivity period on the
primary is greater than the members[n].slaveDelay (page 721) value.
Note: The rs.status() method is a wrapper around the replSetGetStatus database command.
• Monitor the rate of replication by watching the oplog time in the “replica” graph in the MongoDB Cloud Manager19 and in Ops Manager, an on-premise solution available in MongoDB Enterprise Advanced20 . For more
information see the MongoDB Cloud Manager documentation21 and Ops Manager documentation22 .
19 https://cloud.mongodb.com/?jmp=docs
20 https://www.mongodb.com/products/mongodb-enterprise-advanced?jmp=docs
21 https://docs.cloud.mongodb.com/
22 https://docs.opsmanager.mongodb.com/current/

712

Chapter 12. Replication

MongoDB Documentation, Release 3.2.5

Possible causes of replication lag include:
• Network Latency
Check the network routes between the members of your set to ensure that there is no packet loss or network
routing issue.
Use tools including ping to test latency between set members and traceroute to expose the routing of
packets network endpoints.
• Disk Throughput
If the file system and disk device on the secondary is unable to flush data to disk as quickly as the primary, then
the secondary will have difficulty keeping state. Disk-related issues are incredibly prevalent on multi-tenant
systems, including virtualized instances, and can be transient if the system accesses disk devices over an IP
network (as is the case with Amazon’s EBS system.)
Use system-level tools to assess disk status, including iostat or vmstat.
• Concurrency
In some cases, long-running operations on the primary can block replication on secondaries. For best results,
configure write concern (page 180) to require confirmation of replication to secondaries. This prevents write
operations from returning if replication cannot keep up with the write load.
Use the database profiler to see if there are slow queries or long-running operations that correspond to the
incidences of lag.
• Appropriate Write Concern
If you are performing a large data ingestion or bulk load operation that requires a large number of writes to the
primary, particularly with unacknowledged write concern, the secondaries will not be able to read the
oplog fast enough to keep up with changes.
To prevent this, request write acknowledgment write concern (page 179) after every 100, 1,000, or an another
interval to provide an opportunity for secondaries to catch up with the primary.
For more information see:
– Write Concern (page 180)
– Replica Set Write Concern (page 126)
– Oplog Size (page 657)
Test Connections Between all Members
All members of a replica set must be able to connect to every other member of the set to support replication. Always
verify connections in both “directions.” Networking topologies and firewall configurations can prevent normal and
required connectivity, which can block replication.
Consider the following example of a bidirectional test of networking:
Example
Given a replica set with three members running on three separate hosts:
• m1.example.net
• m2.example.net
• m3.example.net

12.3. Replica Set Tutorials

713

MongoDB Documentation, Release 3.2.5

1. Test the connection from m1.example.net to the other hosts with the following operation set
m1.example.net:
mongo --host m2.example.net --port 27017
mongo --host m3.example.net --port 27017

2. Test the connection from m2.example.net to the other two hosts with the following operation set from
m2.example.net, as in:
mongo --host m1.example.net --port 27017
mongo --host m3.example.net --port 27017

You have now tested the connection between m2.example.net and m1.example.net in both directions.
3. Test the connection from m3.example.net to the other two hosts with the following operation set from the
m3.example.net host, as in:
mongo --host m1.example.net --port 27017
mongo --host m2.example.net --port 27017

If any connection, in any direction fails, check your networking and firewall configuration and reconfigure your environment to allow these connections.

Socket Exceptions when Rebooting More than One Secondary
When you reboot members of a replica set, ensure that the set is able to elect a primary during the maintenance. This
means ensuring that a majority of the set’s members[n].votes (page 721) are available.
When a set’s active members can no longer form a majority, the set’s primary steps down and becomes a secondary.
The former primary closes all open connections to client applications. Clients attempting to write to the former primary
receive socket exceptions and Connection reset errors until the set can elect a primary.
Example
Given a three-member replica set where every member has one vote, the set can elect a primary if at least two members
can connect to each other. If you reboot the two secondaries at once, the primary steps down and becomes a secondary.
Until at least another secondary becomes available, i.e. at least one of the rebooted secondaries also becomes available,
the set has no primary and cannot elect a new primary.
For more information on votes, see Replica Set Elections (page 644). For related information on connection errors,
see Does TCP keepalive time affect MongoDB Deployments? (page 857).
Check the Size of the Oplog
A larger oplog can give a replica set a greater tolerance for lag, and make the set more resilient.
To check the size of the oplog for a given replica set member, connect to the member in a mongo shell and run the
rs.printReplicationInfo() method.
The output displays the size of the oplog and the date ranges of the operations contained in the oplog. In the following
example, the oplog is about 10 MB and is able to fit about 26 hours (94400 seconds) of operations:

714

Chapter 12. Replication

MongoDB Documentation, Release 3.2.5

configured oplog size:
log length start to end:
oplog first event time:
oplog last event time:
now:

10.10546875MB
94400 (26.22hrs)
Mon Mar 19 2012 13:50:38 GMT-0400 (EDT)
Wed Oct 03 2012 14:59:10 GMT-0400 (EDT)
Wed Oct 03 2012 15:00:21 GMT-0400 (EDT)

The oplog should be long enough to hold all transactions for the longest downtime you expect on a secondary. At a
minimum, an oplog should be able to hold minimum 24 hours of operations; however, many users prefer to have 72
hours or even a week’s work of operations.
For more information on how oplog size affects operations, see:
• Oplog Size (page 657),
• Delayed Replica Set Members (page 634), and
• Check the Replication Lag (page 712).
Note: You normally want the oplog to be the same size on all members. If you resize the oplog, resize it on all
members.
To change oplog size, see the Change the Size of the Oplog (page 693) tutorial.
Oplog Entry Timestamp Error
Consider the following error in mongod output and logs:
replSet error fatal couldn't query the local local.oplog.rs collection.
[rsStart] bad replSet oplog entry?

Terminating mongod after 30

Often, an incorrectly typed value in the ts field in the last oplog entry causes this error. The correct data type is
Timestamp.
Check the type of the ts value using the following two queries against the oplog collection:
db = db.getSiblingDB("local")
db.oplog.rs.find().sort({$natural:-1}).limit(1)
db.oplog.rs.find({ts:{$type:17}}).sort({$natural:-1}).limit(1)

The first query returns the last document in the oplog, while the second returns the last document in the oplog where
the ts value is a Timestamp. The $type operator allows you to select BSON type 17, is the Timestamp data type.
If the queries don’t return the same document, then the last document in the oplog has the wrong data type in the ts
field.
Example
If the first query returns this as the last oplog entry:
{ "ts" : {t: 1347982456000, i: 1},
"h" : NumberLong("8191276672478122996"),
"op" : "n",
"ns" : "",
"o" : { "msg" : "Reconfig set", "version" : 4 } }

And the second query returns this as the last entry where ts has the Timestamp type:
{ "ts" : Timestamp(1347982454000, 1),
"h" : NumberLong("6188469075153256465"),
"op" : "n",

12.3. Replica Set Tutorials

715

MongoDB Documentation, Release 3.2.5

"ns" : "",
"o" : { "msg" : "Reconfig set", "version" : 3 } }

Then the value for the ts field in the last oplog entry is of the wrong data type.
To set the proper type for this value and resolve this issue, use an update operation that resembles the following:
db.oplog.rs.update( { ts: { t:1347982456000, i:1 } },
{ $set: { ts: new Timestamp(1347982456000, 1)}})

Modify the timestamp values as needed based on your oplog entry. This operation may take some period to complete
because the update must scan and pull the entire oplog into memory.
Duplicate Key Error on local.slaves
Changed in version 3.0.0.
MongoDB 3.0.0 removes the local.slaves (page 724) collection. For local.slaves error in earlier versions
of MongoDB, refer to the appropriate version of the MongoDB Manual.

12.4 Replication Reference
On this page
• Replication Methods in the mongo Shell (page 716)
• Replication Database Commands (page 717)
• Replica Set Reference Documentation (page 717)

12.4.1 Replication Methods in the mongo Shell
Name
Description
rs.add()
Adds a member to a replica set.
rs.addArb()
Adds an arbiter to a replica set.
rs.conf()
Returns the replica set configuration document.
rs.freeze()
Prevents the current member from seeking election as primary for a period of time.
rs.help()
Returns basic help text for replica set functions.
rs.initiate()
Initializes a new replica set.
rs.printReplicationInfo()
Prints a report of the status of the replica set from the perspective of the primary.
rs.printSlaveReplicationInfo()
Prints a report of the status of the replica set from the perspective of the secondaries.
rs.reconfig()
Re-configures a replica set by applying a new replica set configuration object.
rs.remove()
Remove a member from a replica set.
rs.slaveOk()
Sets the slaveOk property for the current connection. Deprecated. Use
readPref() and Mongo.setReadPref() to set read preference.
rs.status()
Returns a document with information about the state of the replica set.
rs.stepDown()
Causes the current primary to become a secondary which forces an election.
rs.syncFrom()
Sets the member that this replica set member will sync from, overriding the default
sync target selection logic.

716

Chapter 12. Replication

MongoDB Documentation, Release 3.2.5

12.4.2 Replication Database Commands
Name
Description
replSetFreeze
Prevents the current member from seeking election as primary for a period of time.
replSetGetStatus Returns a document that reports on the status of the replica set.
replSetInitiate
Initializes a new replica set.
replSetMaintenanceEnables or disables a maintenance mode, which puts a secondary node in a
RECOVERING state.
replSetReconfig
Applies a new configuration to an existing replica set.
replSetStepDown
Forces the current primary to step down and become a secondary, forcing an election.
replSetSyncFrom
Explicitly override the default logic for selecting a member to replicate from.
resync
Forces a mongod to re-synchronize from the master. For master-slave replication only.
applyOps
Internal command that applies oplog entries to the current data set.
isMaster
Displays information about this member’s role in the replica set, including whether it is
the master.
replSetGetConfig Returns the replica set’s configuration object.

12.4.3 Replica Set Reference Documentation
Replica Set Configuration (page 717) Complete documentation of the replica set configuration object returned by
rs.conf().
The local Database (page 723) Complete documentation of the content of the local database that mongod instances use to support replication.
Replica Set Member States (page 725) Reference for the replica set member states.
Read Preference Reference (page 727) Complete documentation of the five read preference modes that the MongoDB drivers support.
Replica Set Configuration

On this page
• Example Output (page 717)
• Replica Set Configuration Fields (page 718)
You can access the configuration of a replica set using the rs.conf() method or the replSetGetConfig command.
To modify the configuration for a replica set, use the rs.reconfig() method, passing a configuration document to
the method. See rs.reconfig() for more information.
Example Output

The following document provides a representation of a replica set configuration document. The configuration of your
replica set may include only a subset of these settings:
{
_id: ,
version: ,
protocolVersion: ,
members: [

12.4. Replication Reference

717

MongoDB Documentation, Release 3.2.5

{
_id: ,
host: ,
arbiterOnly: ,
buildIndexes: ,
hidden: ,
priority: ,
tags: ,
slaveDelay: ,
votes:
},
...
],
settings: {
chainingAllowed : ,
heartbeatIntervalMillis : ,
heartbeatTimeoutSecs: ,
electionTimeoutMillis : ,
getLastErrorModes : ,
getLastErrorDefaults :
}
}

Replica Set Configuration Fields

_id
Type: string
The name of the replica set. Once set, you cannot change the name of a replica set.
_id (page 718) must be identical to the replication.replSetName or the value of –replSet specified to
mongod on the command line.
See
replSetName or --replSet for information on setting the replica set name.
version
Type: int
An incrementing number used to distinguish revisions of the replica set configuration object from previous
iterations of the configuration.
configsvr
New in version 3.2.
Type: boolean
Default: false
Indicates whether the replica set is used for a sharded cluster’s config servers. Set to true if the replica set is
for a sharded cluster’s config servers.
See also:
Sharded Cluster Enhancements (page 889)
protocolVersion
New in version 3.2.

718

Chapter 12. Replication

MongoDB Documentation, Release 3.2.5

Type: number
Default: 1 for new replica sets
Version of the replica set election protocol (page 888).
Set to 1 to enable the replication election enhancements (page 888) introduced in MongoDB 3.2.
By default, new replica sets in MongoDB 3.2 use protocolVersion: 1. Previous versions of MongoDB use version 0 of the protocol and cannot run as members of a replica set configuration that specifies
protocolVersion 1.
members
members
Type: array
An array of member configuration documents, one for each member of the replica set. The members (page 719)
array is a zero-indexed array.
Each member-specific configuration document can contain the following fields:
members[n]._id
Type: integer
An integer identifier of every member in the replica set. Values must be between 0 and 255 inclusive. Each
replica set member must have a unique _id. Once set, you cannot change the _id
(page 719) of a member.
Note: When updating the replica configuration object, access the replica set members in the members
(page 719) array with the array index. The array index begins with 0. Do not confuse this index value
with the value of the members[n]._id (page 719) field in each document in the members (page 719)
array.
members[n].host
Type: string
The hostname and, if specified, the port number, of the set member.
The hostname name must be resolvable for every host in the replica set.
Warning: members[n].host (page 719) cannot hold a value that resolves to localhost or the
local interface unless all members of the set are on hosts that resolve to localhost.
members[n].arbiterOnly
Optional.
Type: boolean
Default: false
A boolean that identifies an arbiter. A value of true indicates that the member is an arbiter.
When using the rs.addArb() method to add an arbiter, the method automatically sets
members[n].arbiterOnly (page 719) to true for the added member.
members[n].buildIndexes
Optional.
Type: boolean
Default: true

12.4. Replication Reference

719

MongoDB Documentation, Release 3.2.5

A boolean that indicates whether the mongod builds indexes on this member. You can only set this
value when adding a member to a replica set. You cannot change members[n].buildIndexes
(page 719) field after the member has been added to the set. To add a member, see rs.add() and
rs.reconfig().
Do not set to false for mongod instances that receive queries from clients.
Setting buildIndexes to false may be useful if all the following conditions are true:
•you are only using this instance to perform backups using mongodump, and
•this member will receive no queries, and
•index creation and maintenance overburdens the host system.
Even if set to false, secondaries will build indexes on the _id field in order to facilitate operations
required for replication.
Warning: If you set members[n].buildIndexes (page 719) to false, you must also set
members[n].priority (page 720) to 0. If members[n].priority (page 720) is not 0, MongoDB will return an error when attempting to add a member with members[n].buildIndexes
(page 719) equal to false.
To ensure the member receives no queries, you should make all instances that do not build indexes
hidden.
Other secondaries cannot replicate from a member where members[n].buildIndexes
(page 719) is false.
members[n].hidden
Optional.
Type: boolean
Default: false
When this value is true, the replica set hides this instance and does not include the member in the output
of db.isMaster() or isMaster. This prevents read operations (i.e. queries) from ever reaching this
host by way of secondary read preference.
See also:
Hidden Replica Set Members (page 633)
members[n].priority
Optional.
Type: Number, between 0 and 1000.
Default: 1.0
A number that indicates the relative eligibility of a member to become a primary.
Specify higher values to make a member more eligible to become primary, and lower values to make
the member less eligible. A member with a members[n].priority (page 720) of 0 is ineligible to
become primary.
Changing the balance of priority in a replica set will trigger one or more elections. If a lower priority
secondary is elected over a higher priority secondary, replica set members will continue to call elections
until the highest priority available member becomes primary.
See also:
Replica Set Elections (page 644).

720

Chapter 12. Replication

MongoDB Documentation, Release 3.2.5

members[n].tags
Optional.
Type: document
Default: none
A tag set document containing mappings of arbitrary keys and values. These documents describe replica
set members in order to customize write concern (page 179) and read preference (page 727) and thereby
allow configurable data center awareness.
This field is only present if there are tags assigned to the member. See Configure Replica Set Tag Sets
(page 700) for more information.
Use replicaset.members[n].tags to configure write concerns in conjunction with
settings.getLastErrorModes (page 722) and settings.getLastErrorDefaults
(page 722).
Important: In tag sets, all tag values must be strings.
For more information on configuring tag sets for read preference and write concern, see Configure Replica
Set Tag Sets (page 700).
members[n].slaveDelay
Optional.
Type: integer
Default: 0
The number of seconds “behind” the primary that this replica set member should “lag”.
Use this option to create delayed members (page 634). Delayed members maintain a copy of the data that
reflects the state of the data at some time in the past.
See also:
Delayed Replica Set Members (page 634)
members[n].votes
Optional.
Type: integer
Default: 1
The number of votes a server will cast in a replica set election (page 644). The number of votes each
member has is either 1 or 0, and arbiters (page ??) always have exactly 1 vote.
A replica set can have up to 50 members but only 7 voting members. If you need more than 7 members
in one replica set, set members[n].votes (page 721) to 0 for the additional non-voting members.
Changed in version 3.0.0: Members cannot have members[n].votes (page 721) greater than 1. For
details, see Replica Set Configuration Validation (page 947).
settings
settings
Optional.
Type: document
A document that contains configuration options that apply to the whole replica set.
The settings (page 721) document contain the following fields:
12.4. Replication Reference

721

MongoDB Documentation, Release 3.2.5

settings.chainingAllowed
Optional.
Type: boolean
Default: true
When settings.chainingAllowed (page 721) is true, the replica set allows secondary members to replicate from other secondary members. When settings.chainingAllowed (page 721) is
false, secondaries can replicate only from the primary.
See also:
Manage Chained Replication (page 705)
settings.getLastErrorDefaults
Optional.
Type: document
A document that specifies the write concern (page 649) for the replica set. The replica set will use this
write concern only when write operations (page 1002) or getLastError specify no other write concern.
If settings.getLastErrorDefaults (page 722) is not set, the default write concern for the replica
set only requires confirmation from the primary.
settings.getLastErrorModes
Optional.
Type: document
A document used to define an extended write concern through the use of members[n].tags (page 720).
The extended write concern can provide data-center awareness.
For example, the following document defines an extended write concern named eastCoast and associates with a write to a member that has the east tag.
{ getLastErrorModes: { eastCoast: { "east": 1 } } }

Write operations to the replica set can use the extended write concern, e.g. { w:

"eastCoast" }.

See Configure Replica Set Tag Sets (page 700) for more information and example.
settings.heartbeatTimeoutSecs
Optional.
Type: int
Default: 10
Number of seconds that the replica set members wait for a successful heartbeat from each other. If a
member does not respond in time, other members mark the delinquent member as inaccessible.
settings.electionTimeoutMillis
New in version 3.2.
Optional.
Type: int
Default: 10000 (10 seconds)
The time limit in milliseconds for detecting when a replica set’s primary is unreachable:
•Higher values result in slower failovers but decreased sensitivity to primary node or network slowness
or spottiness.

722

Chapter 12. Replication

MongoDB Documentation, Release 3.2.5

•Lower values result in faster failover, but increased sensitivity to primary node or network slowness
or spottiness.
The setting only applies when using protocolVersion:

settings.heartbeatIntervalMillis
New in version 3.2.
Internal use only.
The frequency in milliseconds of the heartbeats.
The local Database

On this page
•
•
•
•

Overview (page 723)
Collection on all mongod Instances (page 723)
Collections on Replica Set Members (page 724)
Collections used in Master/Slave Replication (page 725)

Overview

Every mongod instance has its own local database, which stores data used in the replication process, and other
instance-specific data. The local database is invisible to replication: collections in the local database are not
replicated.
In replication, the local database store stores internal replication data for each member of a replica set. The local
stores the following collections:
Changed in version 2.4: When running with authentication (i.e. authorization), authenticating to the local
database is not equivalent to authenticating to the admin database. In previous versions, authenticating to the local
database provided access to all databases.
Collection on all mongod Instances

local.startup_log
On startup, each mongod instance inserts a document into startup_log (page 723) with diagnostic information about the mongod instance itself and host information. startup_log (page 723) is a capped collection.
This information is primarily useful for diagnostic purposes.
Example
Consider the following prototype of a document from the startup_log (page 723) collection:
{
"_id" : "",
"hostname" : "",
"startTime" : ISODate(""),
"startTimeLocal" : "",
"cmdLine" : {
"dbpath" : "",
"

Source Exif Data:
File Type : PDF File Type Extension : pdf MIME Type : application/pdf PDF Version : 1.5 Linearized : No Page Count : 1095 Page Mode : UseOutlines Warning : Duplicate 'Author' entry in dictionary (ignored) Author : MongoDB, Inc. Title : MongoDB Documentation Subject : Creator : LaTeX with hyperref package Producer : pdfTeX-1.40.16 Create Date : 2016:04:25 10:44:51-04:00 Modify Date : 2016:04:25 10:44:51-04:00 Trapped : False PTEX Fullbanner : This is pdfTeX, Version 3.14159265-2.6-1.40.16 (TeX Live 2015) kpathsea version 6.2.1
EXIF Metadata provided by EXIF.tools

MongoDB Ation Mongo DB Manual V3.2

Navigation menu

Versions of this User Manual:

Views

Navigation