As per docu, it says "If you use Kibana, set script.allowed_types to both or inline . Some Kibana features rely on inline scripts and do not function as expected if Elasticsearch does not allow inline scripts."
what all features of Kibana depend on "inline script" to function well????
I found few issues reported when inline scripts are disabled such as Timelion not working, Elasticsearch watcher condition and Taskmanager failing.
Does that mean that apart from scripted fields all other feature of Kibana will work? And also, please correct me if I am wrong, I understood that it is safe to use sandboxed language and the risk is with another script language like Groovy or python. Or do we still have to follow scripting security for sandboxed language script as well.
There is also usage in our saved_object service, our task manager, and many more. I've checked, couldn't even install an index pattern when setting script.allowed_types to none.
About security, our scripting language painless, was designed for security and speed, and it replaced other scripting languages as default in Elasticsearch.
Or do we still have to follow scripting security for sandboxed language script as well.
Could you elaborate what scripting security you mean?
Hy Thank you so much for your help. I was wondering if there is a way I can enable only painless lang and disable all other lang on Elasticsearch for inline and stored.
BTW, is Lucene expression, Mustashe are different from painless script or both Lucene and Mustashe is an addition feature for painless lang.
Is there a way I can disable my client from using java lang with scripting engine??
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.