I have an instance of elastic search running and I can see the list of indices by hitting the URL http://165.30.5.62:9300/_cat/indices?v
Now for a particular index I can see the data as http://165.30.5.62:9300/{index}/_search?size=100&pretty=true and it shows me different metrices
My question is that I want an access control on this data inside a specific index so not everyone can see what are the metrices present. How do i enable that in elastic search container
Elasticsearch has built in access control mechanisms but only in Platinum license and its available as a part of XPack features.
If you are not using platinum license, you may need to implement the access control yourself by creating an Elastic Search plugin.
Related
I have elastic search cluster.
Currently designing a python service for client for read and write query to my elastic search. The python service will not be maintained by me. Only internally python service will call our elastic search for fetching and writing
Is there any way to configure the elastic search so that we get to know that the requests are coming from python service, Or any way we can pass some extra fields while querying based on that fields we will get the logs
There is no online feature in elasticsearch to resolve your request. (you want to check the source and add fields to query).
but there is a solution for audit logs.
https://www.elastic.co/guide/en/elasticsearch/reference/current/enable-audit-logging.html
What you can do is placing a proxy in front of it and do the logging there, we have an Apache in front of our Elastic clusters to enable SSL-offloading there and add logging and ACL possibilities.
I'm using Elasticsearch to drive a "search website" feature. I'd like to collect statistics about what people search for (and which search queries are popular).
Elasticsearch is currently running behind Nginx, so I could extract this information from the Nginx access logs - but maybe Elasticsearch can be made to track this iinformation itself?
I found the Index stats API but that seems to be more abstract. It can be used to determne the average time needed to answer a query and such things, but it does not keep track of individual queries.
I am using a similar configuration (ES behind nginx), and I up to now I always just checked nginx' logfiles directly. However, thinking about your question, it makes much sense to route the nginx log files through the Elastic stack to Elastic Search using logstash, this seems to be the cleanest way.
Apparently in deprecated version there were some security auditing options using a plugin termed Shield or Security, but as I said, configuring logstash to ingest nginx logfiles directly seems most endurable way for your purposes.
Further reading and detailed instructions
discuss.elastic.co: How to get elaticsearch access logs
https://sysadmins.co.za/how-to-ingest-nginx-access-logs-to-elasticsearch-using-filebeat-and-logstash/
Elasticsearch Access Log
how to enable ElasticSearch http access log
I am new to kibana the requirement is to build an analytical dashboard, so we are thinking of uploading the data into elastic search and give access to only visualization of kibana to build reports and use the different dashboards. I have googled and found some links for building custom dashboards using kibana plugin but We don't need any customization so we wanted to use the same kibana UI. Please share your thoughts.
Elasticsearch and Kibana are both open-source.
If you want to prevent your users from read/writing to cluster but allow them to create visualisations and dashboards then you can do so by using a basic license and setting up Role-based access control. You'll need to give them full access to .kibana index. Have a look at Elastic subscriptions to understand the different types of licenses (subscriptions).
If they only want to view and not create visualisations/dashboards, then create a RO (read-only) user with limited privileges i.e read-all but no-write permissions.
Can i use Kibana UI for client's ? Is it open source?
Yes, Kibana is open source. You need a server to host Kibana for free, or you can buy some special option like 10 nodes ES server and Kibana with SAML (Platinium plan).
Check: https://www.elastic.co/subscriptions
The name you are looking for is Elastic stack not solo Kibana.
For example Kibana needs Elasticsearch always.
Some features are in paid versions only, or in some free additional plugins.
Does Kibana have any kind of wrapper so that it could be exposed to a user for creating visualization dashboards without giving the user any actual access to kibana?
You can set up this using the X-pack extension. With the standard version, you won't be able to forbid access on particular parts of your Kibana.
I'm trying to add a role based access control over Kibana to have different privileges and dashboards for different types of users and I found those projects:
Elastic Shield Plugin
Search Guard Kibana Multitenancy Module
Elasticsearch Read Only Rest Plugin
Kibana plugin Own Home
What I found is that:
Elastic Shield (now called X-Pack) is the best, but unfortunately it's only 30 days free trial.
search guard module is a little complicated and it does the job, but it's not for free for commercial use which isn't suitable for my case.
ReadonlyREST plugin allows you to define which user reads which data, and their Enterprise Kibana plugin (non-free) also allows you to assign kibana indices to groups or users.
Kibana Plugin Own Home is a workaround solution as it defines different kibana index for different user which isn't practical.
If you know any other projects or any workaround for the mentioned projects above that satisfies my requirements, I'd be so grateful.
Disclaimer: I work for floragunn, makers of Search Guard.
The only real way to separate dashboards and visualizations based on users/tenants is to place them in separate Kibana indices. This is what both Search Guard and Own Home does.
The reason for this is how Kibana works internally: Out of the box, Kibana will place all of these objects in one global Kibana index, shared by all users. Since Kibana itself has no notion of users, roles or tenants, the only way to do it is to intercept the calls to the Kibana index, and rewrite the index name based on the provided user/role information.
Search Guard does this directly on Elasticsearch level, so the tenant
dashboards are separated even if you access Elasticsearch directly.
Own Home does that on Kibana level, but the effect/outcome is
basically the same.
X-Pack does not have multi-tenancy for Kibana, so
there's no separation of dashboards, only access control on Elasticsearch. Same is true for ReadOnly Rest.
One other option you have is to use the Red Hat OpenShift platform. They have an Elasticsearch plugin that is integrated with the Community Edition of Search Guard, and their own Kibana multi-tenancy module. As far as I know, this plugin is completely free.
This use case is now completely supported by ReadonlyREST via the Enterprise Kibana plugin.
And it comes with a lot more multitenancy/multiuser related features:
Remove certain Kibana apps to certain users
RBAC for indices, tenancies
Read only users won't see "save", "delete", "add" buttons in the Kibana UI
I made a video months ago that shows how this looks like.
Disclaimer: I work at ReadonlyREST, happy to take questions! :-)
Open Distro for Elasticsearch is a very good opensource project for multitenancy configuration in kibana. But the problem is proper documentation is not available easily for the older versions.
Set up Multi-Tenant Kibana Access in Open Distro for Elasticsearch
Kibana multi-tenancy