40 lines
1.7 KiB
Plaintext
40 lines
1.7 KiB
Plaintext
[[cross-cluster-kibana]]
|
|
==== Cross Cluster Search and Kibana
|
|
|
|
When Kibana is used to search across multiple clusters, a two-step authorization
|
|
process determines whether or not the user can access indices on a remote
|
|
cluster:
|
|
|
|
* First, the local cluster determines if the user is authorized to access remote
|
|
clusters. (The local cluster is the cluster Kibana is connected to.)
|
|
* If they are, the remote cluster then determines if the user has access
|
|
to the specified indices.
|
|
|
|
To grant Kibana users access to remote clusters, assign them a local role
|
|
with read privileges to indices on the remote clusters. You specify remote
|
|
cluster indices as `<remote_cluster_name>:<index_name>`.
|
|
|
|
To enable users to actually read the remote indices, you must create a matching
|
|
role on the remote clusters that grants the `read_cross_cluster` privilege
|
|
and access to the appropriate indices.
|
|
|
|
For example, if Kibana is connected to the cluster where you're actively
|
|
indexing Logstash data (your _local cluster_) and you're periodically
|
|
offloading older time-based indices to an archive cluster
|
|
(your _remote cluster_) and you want to enable Kibana users to search both
|
|
clusters:
|
|
|
|
. On the local cluster, create a `logstash_reader` role that grants
|
|
`read` and `view_index_metadata` privileges on the local `logstash-*` indices.
|
|
+
|
|
NOTE: If you configure the local cluster as another remote in {es}, the
|
|
`logstash_reader` role on your local cluster also needs to grant the
|
|
`read_cross_cluster` privilege.
|
|
|
|
. Assign your Kibana users the `kibana_user` role and your `logstash_reader`
|
|
role.
|
|
|
|
. On the remote cluster, create a `logstash_reader` role that grants the
|
|
`read_cross_cluster` privilege and `read` and `view_index_metadata` privileges
|
|
for the `logstash-*` indices.
|