How to Disable X-pack security 6.1.1 in Elasticsearch 6.1.1?

(Rym Guerbi Michaut) #1

Hi there,

I've just installed the new version 6.1.1 of Elsticsearch, Kibana and Logstash.
At the same time, I installed x-pack for the three of them (thinking it might be interesting to have it in Kibana for the graphs and even later for monitoring.)
I have set the new passwords for ELK in the .yml corresponding files.
The connection Logstash - Elasticsearch-Kibana goes well.

However, the new versions haven't saved my indices. So I have to reload them but it doesn't work anymore.

I have 2 types of input:

1- from a relational DB using JDBC.
using a config file.

The problem:

LoadError: no such file to load -- mysql-connector-java-5.1.44-bin

And the file is actually there! I have even downloaded the last version of it (and modified its name in the config file)

2- from an url
I get the error :

java.lang.IllegalArgumentException: Limit of total fields [1000] in index [json_10meilleurs_logs] has been exceeded

And when I try to set the number of fields using this on Kibana:

DELETE json_10meilleurs_logs
PUT  json_10meilleurs_logs
  "settings": {
    "index.mapping.total_fields.limit": 100000

I get this error:

  "error": {
    "root_cause": [
        "type": "security_exception",
        "reason": "action [indices:admin/delete] is unauthorized for user [kibana]"
    "type": "security_exception",
    "reason": "action [indices:admin/delete] is unauthorized for user [kibana]"
  "status": 403

And as I said, I've set the paswords to get the connection between the three tools... :thinking:

Do I have to disable the security option of x-pack to solve the problem? And if so, how do I do it?

(Tim Vernum) #2

It looks like you have logged into Kibana as the kibana user.
That's a common mistake that new users make.

The kibana user is the user that the Kibana application uses for its own purposes when it connects to Elasticsearch. For example, it is how Kibana can tell whether your ES server is available, and whether it has security turned on. You should not log in to Kibana as that user, because it doesn't have permission to do very much (which is intentional - it has just enough access to run Kibana but no more)

You should initially login to Kibana using the elastic user. This is a superuser that can do everything.
You can use that user for everything you want to do, and always login to Kibana as elastic, but we don't recommend it. Because that user can do everything, it can make a horrible mess of your cluster if you're not careful, and one of the benefits of X-Pack security is that it can protect you from mistakes like that.

Rather, we recommend that you use the elastic user to login the first time, and then use the Kibana admin screens to create new, lower privileged users and roles that have just the permissions that you need, but nothing more. You can then safely use those users to do your work in Kibana, and you can always login as elastic if you need to make major changes.

(Rym Guerbi Michaut) #3

That's right.

Thank you so much for your help.
Spent the whole day yesterday trying to fix it.

Have a nice day and a nice week-end :slight_smile:

(system) #4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.