In a production environment, you should restrict access to the X-Pack reporting endpoints to authorized users. This requires that you:
- Enable X-Pack security on your Elasticsearch cluster. For more information, see Getting Started with Security.
- Configure an SSL certificate for Kibana. For more information, see Kibana and Security.
Configure Watcher to trust the Kibana server’s certificate by adding it to the Watcher truststore on each node:
Import the Kibana server certificate into the Watcher truststore using Java Keytool:
keytool -importcert -keystore watcher-truststore.jks -file server.crt
If the truststore doesn’t already exist, it is created.
Make sure the
elasticsearch.ymlspecifies the location of the Watcher truststore.
- Add one or more users who have the permissions necessary to use Kibana and X-Pack reporting. For more information, see Reporting and Security.
Once you’ve enabled SSL for Kibana, all requests to the X-Pack reporting endpoints
must include valid credentials. For example, see the following page which
includes a watch that submits requests as the built-in
Automating Report Generation.
For more information about configuring watches, see How Watcher Works.