• Create a role for Skedler-Alerts and provide full access to “.alert” index and “.alert_history*” index. Include the below content for the Skedler-Alerts role in roles.yml. For e.g., for the role the configuration added in roles.yml should be as given below (.alert index, .alert_history* index and the dataindex):

Alert:
   Cluster:
       -cluster:monitor/nodes/info
       -cluster:monitor/health
       -cluster:monitor/state
   indices:
       '*':
         -indices:admin/mappings/fields/get
         -indices:admin/validate/query
         -indices:data/read/search
         -indices:data/read/msearch
         -indices:admin/get
      '.alert’ , ‘.alert_history*’:
          -indices:admin/exists
          -indices:admin/mapping/put
          -indices:admin/mappings/fields/get
          -indices:admin/refresh
          -indices:admin/validate/query
          -indices:data/read/get
          -indices:data/read/mget
          -indices:data/read/search
          -indices:data/write/delete
          -indices:data/write/index
          -indices:data/write/update
          -indices:admin/create

  • Use the command elasticsearch/bin/shield/esusers roles skedler-alerts username -a alert to create a user for the role Skedler-Alerts.

  • Set the alert_elasticsearch_username and alert_elasticsearch_password properties in reporting.yml with the Shield username and password created for skedler-alerts role as shown: