Kibana sharing security question

Hi All,

I have successfully embedded the iframe from the Kibana sharing option into a 3rd party application.

However, when I open Chrome develloper tools, I can see the elasticsearch query with data post and request that was made.

Request URL:https://url.kibana.com/elasticsearch/_msearch?timeout=0&ignore_unavailable=true&preference=1463648533777
Request Method:POST

Request Payload :

{"index":"test","search_type":"count","ignore_unavailable":true}
{"query":{"filtered":{"query":{"query_string":{"analyze_wildcard":true,"query":"place_id:MS000843"}},"filter":{"bool":{"must":[{"range":{"date_ymd":{"gte":1461057992178,"lte":1463649992178,"format":"epoch_millis"}}}],"must_not":}}}},"size":0,"aggs":{}}

My question: Is there a way to avoid the client to update the query to prevent it see no other information in the same index?

Thanks for your help

J.

You don't want the query to be shown in the developer tools?

I would like to know, if there a way to hide the Request payload between kibana and elastic search to avoid that clients changes the queries sent to ES.

There is not.