This is an older version of Search Guard. Switch to Latest version
Using Search Guard with X-Pack Monitoring
Content
Search Guard is compatible with the free X-Pack monitoring component. At the moment, you can only use exporters of type http
.
This documentation assumes that you already installed and configured Kibana and the Search Guard Kibana plugin.
Elasticsearch: Install X-Pack and enable Monitoring
Install X-Pack on every node in your Elasticsearch Cluster. Please refer to the official X-Pack documentation regarding installation instructions.
In elasticsearch.yml
, disable X-Pack Security and enable X-Pack Monitoring:
xpack.security.enabled: false
xpack.monitoring.enabled: true
...
Elasticsearch: Add the monitoring user
For the http
monitoring type, add a user with all permissions to carry out the monitoring calls to your cluster. If you are using the demo configuration files, assign the roles sg_xp_monitoring
and the sg_kibana_user
role to this user.
sg_xp_monitoring:
readonly: true
indices:
'?monitor*':
'*':
- INDICES_ALL
Elasticsearch: Configure a monitoring exporter
At the moment Search Guard supports exporters of type http
only. Configure your http
exporter, and configure the user you have mapped to the sg_xp_monitoring
and the sg_kibana_user
role in the last step:
xpack.monitoring.exporters:
id1:
type: http
host: ["https://127.0.0.1:9200"]
auth.username: monitor
auth.password: monitor
ssl:
truststore.path: truststore.jks
truststore.password: changeit
Name | Description |
---|---|
host | The hostname of the cluster to monitor |
auth.username | The username of the user mapped to the monitor role |
auth.password | The password of the user mapped to the monitor role |
truststore.path | the truststore that contains the Root CA and intermediate certificates used to sign the certificates of the cluster to monitor |
truststore.password | the password for the truststore |
Kibana: Install X-Pack
As with Elasticsearch, install X-Pack on Kibana. Please refer to the official X-Pack documentation regarding installation instructions.
Kibana: Enable X-Pack Monitoring
In kibana.yml
, disable X-Pack Security and enable X-Pack Monitoring:
xpack.security.enabled: false
xpack.monitoring.enabled: true
...
Known issues and limitations
Exporter types
At the moment, only http
is supported.