Elasticsearch security config

Hey there,

i have installed the alerting plugin to elasticsearch and kibana as stated here:

i can now configure monitors and trigger via kibana but they never fire. a little bit of debugging showed that there is a security exception in elasticsearch:

{“type”: “server”, “timestamp”: “2020-03-24T16:10:52,615Z”, “level”: “ERROR”, “component”: “c.a.o.a.MonitorRunner”, “cluster.name”: “es-cluster”, “node.name”: “es-node-1”, “message”: “Error loading alerts for monitor: PYIuDXEBAGaEE73To77I”, “cluster.uuid”: “pRQK8DpFTreUfIUHc4Cg0A”, “node.id”: “FsFKB9o-T9Gd6I58vkfqOQ” ,
“stacktrace”: [“org.elasticsearch.ElasticsearchSecurityException: action [indices:data/read/search] is unauthorized for user [_system]”,

can anyone point me to the right direction what i can do to eigher grant the _system user these permissions (not sure if that’s possible if i am reading the code of elasticsearch correctly [1]) or have this query running as another dedicated alarm user?

thanks in advance


[1] elasticsearch/SystemPrivilege.java at 284c978475e4e2683d10ed5019c35082ee5c8441 · elastic/elasticsearch · GitHub

Hi @lerentis,

We do not have explicit integration support with x-pack security. It’s possible some other users have found a way around it, but not something that we can help with. We instead offer our own open source Apache 2.0 licensed security plugin.


1 Like

hi @dbbaughe

uh okay thanks for answering my question. already tried my luck to replace xpack with the opendistro security plugin, but the certificate hassle is a bit too much for my setup (dedicated elastic network where i don’t want or need TLS and kibana exposed via traefik). guess i’ll have to go back to nagios and graylog :confused:



Hey Lerentis,

Sorry to hear that you ran into some issues with the certificates. Perhaps, you can post your concerns and challenges on GitHub? Our team member can help you out.


hi @bpavani ,

there are already two issues for that i think ([1] [2]). maybe to put it as a userstory:

i as a user want to deploy the security plugin without TLS, but with authentication configurable via environment variables inside a docker container

also the mentioned securityadmin.sh script does not work inside the elastic container as the binary ‘which’ is missing. ah yeah and the autodetection of the JAVA_HOME env is failing as well. Had to set it manually. should i create a PR in the documentation repo for that?



[1] https://github.com/opendistro-for-elasticsearch/security/issues/36
[2] https://github.com/opendistro-for-elasticsearch/security/issues/37