Version: 6.x-21
This is an older version of Search Guard. Switch to Latest version
Community

Using Search Guard with X-Pack Machine Learning

Search Guard is compatible with the X-Pack Machine Learning component.

This documentation assumes that you already installed and configured Kibana and the Search Guard Kibana plugin.

Elasticsearch: Install X-Pack and enable Machine Learning

Install X-Pack on every node in your Elasticsearch Cluster. Please refer to the official X-Pack documentation regarding installation instructions.

In elasticsearch.yml, disable X-Pack Security and enable X-Pack Machine Learning:

xpack.security.enabled: false
xpack.ml.enabled: true
...

Elasticsearch: Add the machine learning user

For using X-Pack Machine learning, the respective user must have the sg_xp_machine_learning and sg_kibana_user role assigned.

sg_xp_machine_learning:
  readonly: true
  cluster:
    - cluster:admin/persistent*
    - cluster:internal/xpack/ml*
    - indices:data/read/scroll*
    - cluster:admin/xpack/ml*
    - cluster:monitor/xpack/ml*
  indices:
    '*':
      '*':
        - READ
        - indices:admin/get*
    '?ml-*':
      '*':
        - "*"

Kibana: Install X-Pack

As with Elasticsearch, install X-Pack on Kibana. Please refer to the official X-Pack documentation regarding installation instructions.

Kibana: Enable X-Pack Machine Learning

In kibana.yml, disable X-Pack Security and enable X-Pack Machine Learning:

xpack.security.enabled: false
xpack.ml.enabled: true
...