Xpack Security for Elasticsearch 5 or 6 in kibana 5 or 6
If XPACK is used alert role requires the following privileges, refer the screenshot given below
Cluster Privileges - monitor
Indices Privileges - read and write
- Shield configuration for Elasticsearch version below 5
Create a role for Skedler-Alerts and provide full access to “.alert” index and “.alert_history*” index. Include the below content for the Skedler-Alerts role in roles.yml. For e.g., for the role the configuration added in roles.yml should be as given below (.alert index, .alert_history* index and the dataindex):
Alert:
Cluster:
-cluster:monitor/nodes/info
-cluster:monitor/health
-cluster:monitor/state
indices:
'*':
-indices:admin/mappings/fields/get
-indices:admin/validate/query
-indices:data/read/search
-indices:data/read/msearch
-indices:admin/get
'.alert’ , ‘.alert_history*’:
-indices:admin/exists
-indices:admin/mapping/put
-indices:admin/mappings/fields/get
-indices:admin/refresh
-indices:admin/validate/query
-indices:data/read/get
-indices:data/read/mget
-indices:data/read/search
-indices:data/write/delete
-indices:data/write/index
-indices:data/write/update
-indices:admin/create
Use the command elasticsearch/bin/shield/esusers roles skedler-alerts username -a alert to create a user for the role Skedler-Alerts.
Set the alert_elasticsearch_username and alert_elasticsearch_password properties in alertconfig .yml with the Shield username and password created for the skedler-alerts role as shown:
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article