Version: Search Guard 5 / This is an older version of Search Guard. Switch to Latest version
Using Search Guard with X-Pack Monitoring
Search Guard is compatible with the free X-Pack monitoring component. At the moment, you can only use exporters of type http
. Support for local
exporters will be added soon.
This documentation assumes that you already installed and configured Kibana and the Search Guard Kibana plugin.
Elasticsearch: Install X-Pack and enable Monitoring
Install X-Pack on every node in your Elasticsearch Cluster. Please refer to the official X-Pack documentation regarding installation instructions.
In elasticsearch.yml
, disable X-Pack Security and enable X-Pack Monitoring:
xpack.security.enabled: false
xpack.monitoring.enabled: true
...
Elasticsearch: Add the monitoring user
For the http
monitoring type, add a user with all permissions to carry out the monitoring calls to your cluster. If you’re using Elasticsearch 5.5.0 with Search Guard v14 and above, you can simply map a new or existing user to the sg_monitor
role. For Search Guard v12 and below, add the following role definition to sg_roles.yml, and map a user to it.
In addition to the sg_monitor
role, the user should also be assigned to the sg_kibana
role.
sg_monitor:
cluster:
- cluster:admin/xpack/monitoring/*
- cluster:admin/ingest/pipeline/put
- cluster:admin/ingest/pipeline/get
- indices:admin/template/get
- indices:admin/template/put
- CLUSTER_MONITOR
- CLUSTER_COMPOSITE_OPS
indices:
'?monitor*':
'*':
- INDICES_ALL
'?marvel*':
'*':
- INDICES_ALL
'?kibana*':
'*':
- READ
'*':
'*':
- indices:data/read/field_caps
Elasticsearch: Add additional permissions to the Kibana server user
Add the cluster:admin/xpack/monitoring/bulk*
permission to the Kibana server user:
sg_kibana_server:
cluster:
...
- cluster:admin/xpack/monitoring/bulk*
indices:
'?kibana':
'*':
...
Elasticsearch: Configure a monitoring exporter
At the moment Search Guard supports exporters of type http
only. Configure your http
exporter, and configure the user you have mapped to the sg_monitor
role you created in the last step:
xpack.monitoring.exporters:
id1:
type: http
host: ["https://127.0.0.1:9200"]
auth.username: monitor
auth.password: monitor
ssl:
truststore.path: truststore.jks
truststore.password: changeit
Name | Description |
---|---|
host | The hostname of the cluster to monitor |
auth.username | The username of the user mapped to the monitor role |
auth.password | The password of the user mapped to the monitor role |
truststore.path | the truststore that contains the Root CA and intermediate certificates used to sign the certificates of the cluster to monitor |
truststore.password | the password for the truststore |
Kibana: Install X-Pack
As with Elasticsearch, install X-Pack on Kibana. Please refer to the official X-Pack documentation regarding installation instructions.
Kibana: Enable X-Pack Monitoring
In kibana.yml
, disable X-Pack Security and enable X-Pack Monitoring:
xpack.security.enabled: false
xpack.monitoring.enabled: true
...
Known issues and limitations
Exporter types
At the moment, only http
is supported.