Skip to main content
Version: 7.12

Creating Users in Elasticsearch for ElastiFlow

This guide explains how to configure internal users and roles in Elasticsearch to provide read-only access to ElastiFlow indices.

Create a Role

  1. Log into Kibana with administrative privileges.
  2. Navigate to Stack Management → Security → Roles.
  3. Click Create role and name it elastiflow-readonly.
  4. Under Cluster privileges, add:
    • monitor
  5. Under Index privileges:
    • Indices: elastiflow-*
    • Privileges: read, view_index_metadata
  6. (Optional) Add .kibana* with read if access to dashboards is needed.
  7. Click Create role.

Create a User

  1. Go to Stack Management → Security → Users.
  2. Click Create user.
  3. Fill in the username and password.
  4. Assign the elastiflow-readonly role.
  5. Save the user.

Test the New User

  • Log into Kibana with the new user account.
  • Go to Discover and verify access to elastiflow-* data.

External Authentication Mapping (Optional)

If using LDAP or SAML:

  • Map the backend role from your IdP to the internal role elastiflow-readonly under Roles → elastiflow-readonly → Mapped backend roles.

This enables secure, read-only access to ElastiFlow data via Kibana.