When you use the basic and trial licenses, the Elasticsearch security features are disabled by default. To enable them:
Stop Kibana. The method for starting and stopping Kibana varies depending on
how you installed it. For example, if you installed Kibana from an archive
.zip), stop it by entering
Ctrl-Con the command line. See Starting and stopping Kibana.
Stop Elasticsearch. For example, if you installed Elasticsearch from an archive distribution,
Ctrl-Con the command line. See Stopping Elasticsearch.
xpack.security.enabledsetting to the
ES_PATH_CONFenvironment variable contains the path for the Elasticsearch configuration files. If you installed Elasticsearch using archive distributions (
tar.gz), it defaults to
ES_HOME/config. If you used package distributions (Debian or RPM), it defaults to
/etc/elasticsearch. For more information, see Configuring Elasticsearch.
For example, add the following setting:
If you have a basic or trial license, the default value for this setting is
false. If you have a gold or higher license, the default value is
true. Therefore, it is a good idea to explicitly add this setting to avoid confusion about whether security features are enabled.
Enable single-node discovery in the
This tutorial involves a single node cluster, but if you had multiple nodes, you would enable Elasticsearch security features on every node in the cluster and configure Transport Layer Security (TLS) for internode-communication, which is beyond the scope of this tutorial. By enabling single-node discovery, we are postponing the configuration of TLS. For example, add the following setting:
For more information, see Single-node discovery.
When you enable Elasticsearch security features, basic authentication is enabled by default. To communicate with the cluster, you must specify a username and password. Unless you enable anonymous access, all requests that don’t include a user name and password are rejected.
Intro to Kibana
ELK for Logs & Metrics