IMPORTANT: No additional bug fixes or documentation updates
will be released for this version. For the latest information, see the
current release documentation.
Internal users
editInternal users
editThe Elastic Stack security features use four internal users (_system
, _xpack
,
_xpack_security
, and _async_search
), which are responsible for the operations
that take place inside an Elasticsearch cluster.
These users are only used by requests that originate from within the cluster. For this reason, they cannot be used to authenticate against the API and there is no password to manage or reset.
From time-to-time you may find a reference to one of these users inside your logs, including audit logs.