Version: SG FLX
Community

Using Search Guard with X-Pack Alerting

Search Guard provides free Alerting for Elasticsearch, perfectly integrated with all security features.

Search Guard is compatible with the X-Pack Alerting component.

This documentation assumes that you already installed and configured Kibana and the Search Guard Kibana plugin.

Elasticsearch: Enable Alerting

In elasticsearch.yml, disable X-Pack Security and enable X-Pack Alerting:

xpack.security.enabled: false
xpack.watcher.enabled: true
...

Elasticsearch: Add the alerting user

For using X-Pack Alerting, the respective user must have the built-in SGS_XP_ALERTING and SGS_KIBANA_USER role assigned.

Kibana: Enable X-Pack Alerting

In kibana.yml, disable X-Pack Security and enable X-Pack Alerting:

xpack.security.enabled: false
xpack.watcher.enabled: true
...

Note: If you are using Elasticsearch 8, properties like xpack.security.enabled, xpack.watcher.enabled are now configured only in elasticsearch.yml and should not be present in kibana.yml config file. Please, refer to ES8 migration guide.



Not what you were looking for? Try the search.