Is it right that these JSON input parameters cannot do any real searches in elasticsearch then?
We are trying to secure a user's Kibana instance so they can only present data from the indexes we decide. We already used rewrite rules to block the Settings section but we want to make sure the JSON Input parameters cannot be used maliciously.