Version: 6.x-25
This is an older version of Search Guard. Switch to Latest version
This is an older version of Search Guard. Switch to Latest version
Community
User cache settings
Search Guard uses a cache to store the roles of authenticated users. The default time to live (TTL) is one hour. This will for example speed up LDAP based authorisation, since the roles are fetched only once per hour.
The TTL of the cache can be adjusted by setting searchguard.cache.ttl_minutes
in elasticsearch.yml
:
searchguard.cache.ttl_minutes: <integer, ttl in minutes>`
Setting the value to 0
will completely disable the cache.
It is recommended to leave the cache settings untouched for LDAP and Internal User Database. Disabling the cache can severely reduce the performance of these authentication domains.
The cache can be flushed manually by sgadmin
in conjunction with the -rl/--reload
switch, or by using the Kibana Config Gui.
Example:
./sgadmin.sh \
-ks /path/to/keystore.jks \
-kspass <keystore password> \
-ts /path/to/truststore.jks \
-tspass <truststore password>
-rl