Hello together,
I am quite new to the ELK-Stack.
Trying to configure the X-Pack Security plugin to work with our Active Directory, I am facing following problem:
The Discover-Tab in Kibana doesn't show any data. Same in the other Tabs, except for the console.
Doing a search in the console gives me the expected result. (The data matching the field and query configuration in the role)
The elastic (admin) user still sees everything.
Here a few facts:
-
ActiveDirectory-realm configured to map group X to role X (works)
-
role X configured in the kibana-management tab as below (works, when not setting query-attribute)
"X": {
"cluster": [
"all"
],
"indices": [
{
"names": [
"logstash-*"
],
"privileges": [
"all"
],
"query": "{"term":{"TargetUserName":"ern"}}"
}
],
"run_as":
}
-
When I don't set the query-attribute, everything works and the user in role X can see everything (including the mentioned Tabs)
-
As I said before, when using the kibana-console with a user in the role X to search I get the expected result matching the query (all events with TargetUserName=ern)
GET logstash-*/_search?pretty -
Version: All on 5.0 alpha 4
Anyone an idea what I did wrong?
Thanks in advance.