This is a tale of a sysadmin who created a nice proof of concept ELK stack and as a next step wanted to test the alerting feature of X-Pack.
The innocent sysadmin downloaded and installed X-Pack as instructed and at first all seemed to be oh so nice, new fancy buttons had been added to Kibana, response seemed to be faster and a login dialog meaning that basic feature security was now available.
But then he noticed something nasty now that security was suddenly added to the system all the different systems trying to interact with Elasticsearch were locked out and he needed to start figuring out how to allow them access.
Grafana kept failing to authenticate even-though the user/pass created were correct.
Slurm did not have an option to set a user/pass.
Logstash also failed for reasons that still required further research.
And worst of worst elasticsearch lacked an option to disable this extra (and for now unwanted) feature!
Now his ELK stack hasn't been in working order for a while and instead of showing a nice POC he is writing this sad cautionary tale.
The more serious part of this post:
I am all for security and believe that it should be part of the opensource part of ELK, that said the fact that installing a paid package (or in this case trial) that is supposed to make my life easier caused my whole setup to blow up is in my eyes very negative.
Even-though I believe security is an important feature that should always be on the fact that Elastic has created an ecosystem that assumes no security means that I the sysadmin should have control over whether or not to enable the security features.
If it were part of the OSS part of ELK I would imagine that at least for the first release that it was it would have to be toggle-able and only later become mandatory.