Using Search Guard with X-Pack Monitoring
Content
Search Guard is compatible with the free X-Pack monitoring component. This documentation assumes that you already installed and configured Kibana and the Search Guard Kibana plugin.
Elasticsearch: Enable Monitoring
In elasticsearch.yml, disable X-Pack Security and enable X-Pack Monitoring:
xpack.security.enabled: false
xpack.monitoring.enabled: true
...
Elasticsearch: Add the monitoring user
For using X-Pack Monitoring, the respective user must have the built-in SGS_XP_MONITORING and SGS_KIBANA_USER role assigned.
Elasticsearch: Configure a monitoring exporter
Configure your http exporter, and configure the user you have mapped to the SGS_XP_MONITORING and the SGS_KIBANA_USER role in the last step:
xpack.monitoring.exporters:
id1:
type: http
host: ["https://127.0.0.1:9200"]
auth.username: monitor
auth.password: monitor
ssl:
truststore.path: truststore.jks
truststore.password: changeit
| Name | Description |
|---|---|
| host | The hostname of the cluster to monitor |
| auth.username | The username of the user mapped to the monitor role |
| auth.password | The password of the user mapped to the monitor role |
| truststore.path | the truststore that contains the Root CA and intermediate certificates used to sign the certificates of the cluster to monitor |
| truststore.password | the password for the truststore |
Kibana: Enable X-Pack Monitoring
In kibana.yml, disable X-Pack Security and enable X-Pack Monitoring:
xpack.security.enabled: false
xpack.monitoring.enabled: true
...
Note: If you are using Elasticsearch 8, properties like xpack.security.enabled, xpack.monitoring.enabled are now configured only in elasticsearch.yml and should not be present in kibana.yml config file. Please, refer to ES8 migration guide.
Additional resources