WARNING: Version 5.2 of the Elastic Stack has passed its EOL date.
This documentation is no longer being maintained and may be removed. If you are running this version, we strongly advise you to upgrade. For the latest information, see the current release documentation.
Securing the Reporting Endpoints
editSecuring the Reporting Endpoints
editIn a production environment, you should restrict access to the X-Pack reporting endpoints to authorized users. This requires that you:
- Enable X-Pack security on your Elasticsearch cluster.
- Configure an SSL certificate for Kibana.
-
Configure Watcher to trust the Kibana server’s certificate by adding it to the Watcher truststore on each node:
-
Import the Kibana server certificate into the Watcher truststore using Java Keytool:
keytool -importcert -keystore watcher-truststore.jks -file server.crt
If the truststore doesn’t already exist, it is created.
-
Make sure the
xpack.http.ssl.truststore.path
setting inelasticsearch.yml
specifies the location of the Watcher truststore.
-
- Add one or more users who have the permissions necessary to use Kibana and X-Pack reporting.
Once you’ve enabled SSL for Kibana, all requests to the X-Pack reporting endpoints
must include valid credentials. For example, the following watch submits
requests as the built-in elastic
user:
For example, the following watch generates a report that contains the Error Monitoring dashboard and emails the report every hour:
PUT _xpack/watcher/watch/error_report { "trigger" : { "schedule": { "interval": "1h" } }, "actions" : { "email_admin" : { "email": { "to": "'Recipient Name <recipient@example.com>'", "subject": "Error Monitoring Report", "attachments" : { "error_report.pdf" : { "reporting" : { "url": "http://0.0.0.0:5601/api/reporting/generate/dashboard/Error-Monitoring?_g=(time:(from:now-1d%2Fd,mode:quick,to:now))", "retries":6, "interval":"1s", "auth":{ "basic":{ "username":"elastic", "password":"changeme" } } } } } } } } }
You must configure at least one email account to enable Watcher to send email. |
|
This is an example Generation URL. You can copy and paste the URL for any report from the Kibana UI. |
|
Optional, default is 40 |
|
Optional, default is 15s |
|
Provide user credentials for a user with permission to access Kibana and X-Pack reporting. |
For more information about configuring watches, see How Watcher Work.