This is an older version of Search Guard. Switch to Latest version
Upgrading to Search Guard 6.5.x and above
If you are upgrading from Elasticsearch / Search Guard <= 6.5.0 to an Elasticsearch / Search Guard version >= 6.5.0 please read the following instructions.
OpenSSL / tcnative
If you are using OpenSSL, you need to upgrade the tcnative library to 2.0.15:
Kibana roles changes
Due to changes in the Elastic stack, the permissions for the built-in
sg_kibana_user have changed.
Please update your role definitions accordingly by comparing your permissions for the
sg_kibana_user with either:
sg_roles.ymlfile in the
- the sg_roles.yml on GitHub
Make also sure that the actions groups are up to date by comparing your
sg_action_groups.yml with either:
sg_action_groups.ymlfile in the
- the sg_action_groups.yml on GitHub
At the moment Search Guard is not compatible with Kibana Spaces. In your
kibana.yml, disable Spaces by setting
Kibana saved objects migration
From 6.5.0 onwards, Kibana will check if all saved objects like visualization or dashboards need to be migrated to a newer version. Please read the official article about saved objects migration on the official Kibana docs:
Search Guard multi tenancy: index migration
On startup, Search Guard will migrate all tenant indices automatically by applying the saved objects migration to all tenand indices. Search Guard will perform the exact same steps as Kibana. All instructions in the Saved objects migration documentation apply for the Search Guard tenant indices as well.
Manual index migration
In case you need to migrate a tenant index manually, Search Guard provides an API for it. Example:
curl -k -u kibanaserver:kibanaserver \ -H "kbn-xsrf: true" \ -XPOST 'https://kibana.example.com:5601/api/v1/multitenancy/migrate/.kibana_1592542611_humanresources?force=false'
- The API endpoint must be called with the Kibana server user. Other users and roles do not have permission to use this endpoint
- You need to provide the original tenant index name, not the tenant name.
- Search Guard will check if the provided index name is indeed a tenant index. If this is not the case, the migration will not be executed
- You can disable these checks by adding
X-Pack: Kibana optimize bug
Kibana currently has a bug in the optimization step if you use X-Pack, but disable reporting:
Please check if your Kibana version is affected and correct your