• Xpack Security for Elasticsearch 5 or 6 in kibana 5 or 6

    If XPACK is used alert role requires the following privileges, refer the screenshot given below

       Cluster Privileges - monitor

       Indices Privileges - read and write

       


  • Shield configuration for Elasticsearch version below 5

Create a role for Skedler-Alerts and provide full access to “.alert” index and “.alert_history*” index. Include the below content for the Skedler-Alerts role in roles.yml. For e.g., for the role the configuration added in roles.yml should be as given below (.alert index, .alert_history* index and the dataindex):

Alert:
Cluster:
-cluster:monitor/nodes/info
-cluster:monitor/health
-cluster:monitor/state
indices:
'*':
-indices:admin/mappings/fields/get
-indices:admin/validate/query
-indices:data/read/search
-indices:data/read/msearch
-indices:admin/get
'.alert’ , ‘.alert_history*’:
-indices:admin/exists
-indices:admin/mapping/put
-indices:admin/mappings/fields/get
-indices:admin/refresh
-indices:admin/validate/query
-indices:data/read/get
-indices:data/read/mget
-indices:data/read/search
-indices:data/write/delete
-indices:data/write/index
-indices:data/write/update
          -indices:admin/create

  • Use the command elasticsearch/bin/shield/esusers roles skedler-alerts username -a alert to create a user for the role Skedler-Alerts.

  • Set the alert_elasticsearch_username and alert_elasticsearch_password properties in alertconfig .yml with the Shield username and password created for the skedler-alerts role as shown: