Security and Alerting for Elasticsearch and OpenSearch
Search Guard FLX Documentation
Welcome to Search Guard FLX, the next generation of Search Guard!
Please note that Search Guard FLX is a beta version, which might be not yet ready for use in production systems. It might have bugs.
Search Guard FLX brings a number of fundamental improvements and updates to Search Guard. These require breaking changes in the configuration format.
Major changes include:
- The first version of Search Guard which brings support for OpenSearch and OpenSearch Dashboards.
- Completely new approach for configuring authentication. The new configuration format is more coherent, more predictable and much more powerful. Simple setups require very little configuration; very complex setups are possible by straight-forward configuration. If something goes wrong, Search Guard provides extensive error messages and diagnostic information.
- Completely new approach for logging into Dashboards/Kibana. Logged in users now get an actual server-side session. This fixes a number of issues, such as:
- Issues with cookies exceeding the browser size limit.
- The “logout” menu item is able to invalidate the session. Thus, session cookies cannot be re-used any more.
- Configuration of SSO using OIDC or SAML for Dashboards/Kibana no longer interfers with backend authentication configuration. Thus, you can now have challenging basic authentication on the backend while using OIDC or SAML for Dashboards/Kibana.
- The configuration format is now more streamlined and consistent.
- Dashboards/Kibana authentication configuration can be changed without having to restart the node.
- New administration tool
sgctlwhich shall replace
sgctlis stateful; that means, you can define connection profiles once and use these later. Thus, you don’t have to specify all connection configuration on each invocation. The interface of
sgctlis more streamlined and offers you improved configuration validation functionality.
- Wildcard queries without hassle made possible by an improved method for handling unauthorized indices. You no longer have to worry that your wildcard query breaks because it might pick up an index you don’t have permissions for.
- More speed. Many components of Search Guard underwent major optimizations. Thus, Search Guard FLX can now handle more throughput with a lower CPU footprint.
- Easily reachable diagnostics and metrics; most modules of Search Guard FLX offer debug modes which deliver diagnostic information right at the place where you operate. You no longer have to grep through logfiles to find out why your OIDC authentication is not working.
You can get the current snapshot of the Search Guard Tech Preview at the following locations. If you chose to use the demo installer, you just need to download the script. The script will take care of downloading all further components.
|Target Platform||Backend Plugin||Frontend Plugin||Demo Installer|
|OpenSearch 1.3.2||Search Guard OpenSearch Plugin Beta 2||Search Guard OpenSearch Dashboards Plugin Beta 2||Demo Installer Beta 2|
|OpenSearch 2.0.0||Search Guard OpenSearch Plugin Beta 2||Search Guard OpenSearch Dashboards Plugin Beta 2||Demo Installer Beta 2|
|Elasticsearch 7.10.2||Search Guard Elasticsearch Beta 2||Search Guard Kibana Plugin Beta 2||Demo Installer Beta 2|
|Elasticsearch 7.16.3||Search Guard Elasticsearch Beta 2||Search Guard Kibana Plugin Beta 2||Demo Installer Beta 2|
|Elasticsearch 7.17.3||Search Guard Elasticsearch Beta 2||Search Guard Kibana Plugin Beta 2||Demo Installer Beta 2|
|Search Guard Control Tool sgctl 1.0.0 Beta 2|
You have several options to try the Search Guard FLX:
If you want to start with a quick test of a fresh installation on your local system, you can use the Search Guard Demo Installer.
If you have an existing Search Guard setup and what to test its configuration with the Search Guard Tech Preview, you can use the migrate-config command of
sgctl. Please also review the list of release notes.
You might want to read the following sections of the documentation to get a comprehensive overview over the new possibilities of Search Guard:
- Using sgctl (See also the repository README).
- Using configuration variables
- Configuring authentication
- Configuring Dashboards/Kibana authentication
- Search Guard FLX release notes
- Migrating from Search Guard 53 and before
- SG 53 to FLX feature map
Your feedback is welcome! You can use the Search Guard Forum for questions and general feedback. You can also report issues at the Search Guard Gitlab repository.