How to create a role in order to have access in Kibana 4 for some indexes

Elastic Stack Kibana
1

Hello,

I have a ELK server into a redhat OS, with kibana version 4.4.1.

In order to have access from kibana to indexes I have made this role:

config_user:
  cluster: monitor
  indices:
    '*':
      privileges: all

and this works, because it's similar with power_user.

But What I need is to have access in kibana only in read mode ( to be able to use some saved queries, views and dashboards) and for that I have change the script like that:

config_user:
  cluster: monitor
  indices:
    '*':
      privileges: indices:data/read/get, indices:data/read/mget, indices:data/read/search

but this one it shows me a blank kibana.

What indices i have missed in order to have access on kibana for idexes in read mode?

Thank you,
Ovidiu

2

the error is: Visualize: [index_not_found_exception] no such index, with: {"index":"[dev-*]"}

3

I'm not sure Kibana will run correctly if you don't give the user write access to the .kibana index, but I've never actually tried it, so it might be fine until you go to save something, which sounds like what you want anyway. Still there are some writes that Kibana does behind the scenes even without saving items directly, so you could still run in to problems.

The suggest Kibana user roles changed in 2.3, but you can look at the recommendation in 2.2 to get an idea of what you'll probably need access to in order for Kibana to work.

4

thanks Joe for the answer, I'll try to add write access to .kibana index. :slight_smile:

5

Hello,

I have tried these two roles and I still have the same error: Visualize: [index_not_found_exception] no such index, with: {"index":"[dev-*]"}

First configuration looks like:

config_user:
  cluster: monitor
  indices:
    '.kibana':
      privileges: all
    '*':
      privileges: indices:admin/validate/query, indices:admin/get, indices:data/read/get, indices:data/read/mget, indices:data/read/search, indices:data/read/msearch, indices:admin/mappings/fields/get, indices:admin/refresh, indices:admin/exists, indices:admin/mapping/put, indices:data/write/delete, indices:data/write/index, indices:data/write/update

And the second configuration looks like that:

config_user2:
  cluster:
      - cluster: monitor
  indices:
    '.kibana':
      - indices:admin/create
      - indices:admin/exists
      - indices:admin/mapping/put
      - indices:admin/mappings/fields/get
      - indices:admin/refresh
      - indices:admin/validate/query
      - indices:data/read/get
      - indices:data/read/mget
      - indices:data/read/search
      - indices:data/read/msearch
      - indices:data/write/delete
      - indices:data/write/index
      - indices:data/write/update
    '*':
      - indices:admin/mappings/fields/get
      - indices:admin/validate/query
      - indices:data/read/search
      - indices:data/read/msearch
      - indices:admin/get

But no one helps me, and at this moment I don't have any idea...