Kibana inline script

As per docu, it says "If you use Kibana, set script.allowed_types to both or inline . Some Kibana features rely on inline scripts and do not function as expected if Elasticsearch does not allow inline scripts."

what all features of Kibana depend on "inline script" to function well????

Thanking you

Hi

For example if you want to use scripted fields in Kibana, inline scripts need to be enabled.

https://www.elastic.co/guide/en/kibana/current/scripted-fields.html

Best,
Matthias

I found few issues reported when inline scripts are disabled such as Timelion not working, Elasticsearch watcher condition and Taskmanager failing.

Does that mean that apart from scripted fields all other feature of Kibana will work? And also, please correct me if I am wrong, I understood that it is safe to use sandboxed language and the risk is with another script language like Groovy or python. Or do we still have to follow scripting security for sandboxed language script as well.

There is also usage in our saved_object service, our task manager, and many more. I've checked, couldn't even install an index pattern when setting script.allowed_types to none.

About security, our scripting language painless, was designed for security and speed, and it replaced other scripting languages as default in Elasticsearch.

Or do we still have to follow scripting security for sandboxed language script as well.

Could you elaborate what scripting security you mean?

Many thx & Best,
Matthias

Hy Thank you so much for your help. I was wondering if there is a way I can enable only painless lang and disable all other lang on Elasticsearch for inline and stored.

BTW, is Lucene expression, Mustashe are different from painless script or both Lucene and Mustashe is an addition feature for painless lang.

Is there a way I can disable my client from using java lang with scripting engine??

The only scripting language that is built-in is Painless. Painless uses a shared API based on Java classes.

Are you asking if there is the ability to disable the shared API Java classes but keep Painless scripting?

Yes... just enable painless scripting and disable all.