Version: 6.x-23
This is an older version of Search Guard. Switch to Latest version
This is an older version of Search Guard. Switch to Latest version
Community
Using Search Guard with X-Pack Alerting
Content
Search Guard is compatible with the X-Pack Alerting component.
This documentation assumes that you already installed and configured Kibana and the Search Guard Kibana plugin.
Elasticsearch: Install X-Pack and enable Alerting
Install X-Pack on every node in your Elasticsearch Cluster. Please refer to the official X-Pack documentation regarding installation instructions.
In elasticsearch.yml
, disable X-Pack Security and enable X-Pack Alerting:
xpack.security.enabled: false
xpack.watcher.enabled: true
...
Elasticsearch: Add the alerting user
For using X-Pack Alerting, the respective user must have the sg_xp_alerting
and sg_kibana_user
role assigned.
sg_xp_alerting:
cluster:
- indices:data/read/scroll
- cluster:admin/xpack/watcher*
- cluster:monitor/xpack/watcher*
indices:
'?watches*':
'*':
- INDICES_ALL
'?watcher-history-*':
'*':
- INDICES_ALL
'?triggered_watches':
'*':
- INDICES_ALL
'*':
'*':
- READ
- indices:admin/aliases/get
Kibana: Install X-Pack
As with Elasticsearch, install X-Pack on Kibana. Please refer to the official X-Pack documentation regarding installation instructions.
Kibana: Enable X-Pack Alerting
In kibana.yml
, disable X-Pack Security and enable X-Pack Alerting:
xpack.security.enabled: false
xpack.watcher.enabled: true
...