• Xpack Security for Elasticsearch 5 or 6 in kibana 5 or 6

    If XPACK is used alert role requires the following privileges, refer the screenshot given below

       Cluster Privileges - monitor

       Indices Privileges - read and write


  • Shield configuration for Elasticsearch version below 5

Create a role for Skedler-Alerts and provide full access to “.alert” index and “.alert_history*” index. Include the below content for the Skedler-Alerts role in roles.yml. For e.g., for the role the configuration added in roles.yml should be as given below (.alert index, .alert_history* index and the dataindex):

'.alert’ , ‘.alert_history*’:

  • Use the command elasticsearch/bin/shield/esusers roles skedler-alerts username -a alert to create a user for the role Skedler-Alerts.

  • Set the alert_elasticsearch_username and alert_elasticsearch_password properties in alertconfig .yml with the Shield username and password created for the skedler-alerts role as shown: