I am quite new to the ELK-Stack.
Trying to configure the X-Pack Security plugin to work with our Active Directory, I am facing following problem:
The Discover-Tab in Kibana doesn't show any data. Same in the other Tabs, except for the console.
Doing a search in the console gives me the expected result. (The data matching the field and query configuration in the role)
The elastic (admin) user still sees everything.
Here a few facts:
ActiveDirectory-realm configured to map group X to role X (works)
role X configured in the kibana-management tab as below (works, when not setting query-attribute)
When I don't set the query-attribute, everything works and the user in role X can see everything (including the mentioned Tabs)
As I said before, when using the kibana-console with a user in the role X to search I get the expected result matching the query (all events with TargetUserName=ern)
Version: All on 5.0 alpha 4
Anyone an idea what I did wrong?
Thanks in advance.