Elasticsearch


Create a connection 

To create a connection you need the required permission ManageConnections. Learn more about permissions

Navigate to Admin > Connections and click Add Connection. There you will find an option to connect among others a Elasticsearch.

Elasticsearch connection

The bellow parameters are required for the connection:

Form ParameterDescriptionRequiredNotes
NameThe name of the connectionYESString between 1-127 Characters.
TagsMetadata for your connectionNO
UsernameThe user to connect with.NO
PasswordThe password for that userNO
NodesThe security of the connectionYESArray of strings

The connection allows the client to specify multiple hosts from a cluster. This means that if one node goes down, Lenses can still connect to another.

Security Recommendations

In order to minimise security risks, we recommend to connect with a READ ONLY user. This can be created with the following command, by a user with the appropriate permissions.

curl -XPOST -u elastic '<URL>/_security/role/read_only' -H "Content-Type: application/json" -d '{
  "indices" : [
    {
      "names" : [ "*" ],
      "privileges" : [ "read" ]
    },
  ]
}'

Grant access to users 

The Elasticsearch data connection is subject to namespace permissions, via Lenses security Groups. You can then assign User and Service accounts to those Groups.

You can use Namespaces to authorise access to specific datasets or use wildcard to enable all.

Elasticsearch permissions for groups

There are 4 granular permissions for the Elasticsearch connection:

Form ParameterDescription
ShowIndexCan view the Index, but cannot query Data or Schema
QueryIndexCan view the Index and query its Data
ViewSchemaCan view the Index and its Schema
UpdateMetadataCan view the Index and its Metadata

Add protection policies 

Use Data Policies to obfuscate data retrieved from Lenses via the UI, CLI, or API without affecting how the underlying data is stored [1].

Elasticsearch data policies

When the policy is applied, Lenses will automatically obfuscate all fields that match. For each connection you can see which indices are using those fields and the policy is applied.

Read on data protection policies.