Using Search Guard with X-Pack Alerting
Content
Search Guard provides free Alerting for Elasticsearch, perfectly integrated with all security features.
Search Guard is compatible with the X-Pack Alerting component.
This documentation assumes that you already installed and configured Kibana and the Search Guard Kibana plugin.
Elasticsearch: Enable Alerting
In elasticsearch.yml
, disable X-Pack Security and enable X-Pack Alerting:
xpack.security.enabled: false
xpack.watcher.enabled: true
...
Elasticsearch: Add the alerting user
For using X-Pack Alerting, the respective user must have the built-in SGS_XP_ALERTING
and SGS_KIBANA_USER
role assigned.
Kibana: Enable X-Pack Alerting
In kibana.yml
, disable X-Pack Security and enable X-Pack Alerting:
xpack.security.enabled: false
xpack.watcher.enabled: true
...
Note: If you are using Elasticsearch 8, properties like xpack.security.enabled, xpack.watcher.enabled
are now configured only in elasticsearch.yml
and should not be present in kibana.yml
config file. Please, refer to ES8 migration guide.