To create a connection you need the required permission ManageConnections. Learn more about permissions
ManageConnections
Navigate to Admin > Connections and click Add Connection. There you will find an option to connect among others a Elasticsearch.
Admin > Connections
Add Connection
Elasticsearch
The bellow parameters are required for the connection:
The connection allows the client to specify multiple hosts from a cluster. This means that if one node goes down, Lenses can still connect to another.
Security Recommendations
In order to minimise security risks, we recommend to connect with a READ ONLY user. This can be created with the following command, by a user with the appropriate permissions.
curl -XPOST -u elastic '<URL>/_security/role/read_only' -H "Content-Type: application/json" -d '{ "indices" : [ { "names" : [ "*" ], "privileges" : [ "read" ] }, ] }'
The Elasticsearch data connection is subject to namespace permissions, via Lenses security Groups. You can then assign User and Service accounts to those Groups.
User
Service
You can use Namespaces to authorise access to specific datasets or use wildcard to enable all.
There are 4 granular permissions for the Elasticsearch connection:
Use Data Policies to obfuscate data retrieved from Lenses via the UI, CLI, or API without affecting how the underlying data is stored [1].
Data Policies
When the policy is applied, Lenses will automatically obfuscate all fields that match. For each connection you can see which indices are using those fields and the policy is applied.
Read on data protection policies.
On this page
