Using elasticsplunk with elasticsearch using readonlyREST

[1vish99]

Hi,

Is there a way to add ldap connection details so it can be used with elasticsearch cluster which is secured with readonlyREST

[brunotm]

Hello, It depends how readonlyREST authenticates the client in the api. By reading the project readme ldap is only a backend for auth, do you know how it works on the fronted? Basic? JWT? Also can you share the detail of the error you’re getting?

On Wed, 7 Feb 2018 at 08:07, vishnuSE ***@***.***> wrote: Hi, Is there a way to add ldap connection details so it can be used with elasticsearch cluster which is secured with readonlyREST — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#11>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AGCQDslvBjm8wXYBO55u2BtFHArI5BR0ks5tSVnWgaJpZM4R8Syn> .

-- Bruno Moura +351 932 518 676

[1vish99]

credentials are passed through kibana which in turn connects to elasticsearch client.
how ever i am not getting any error when i use command in below format.
| ess eaddr="http://username:password@hostname:port" index="" query=""

i was thinking if its possible to get the username and password with which the user logged in to the splunk and insert them in the esaddr.

[brunotm]

Ok. So it is basic auth. I don’t think splunk makes the user password available for integrations but I’ll check. Thanks

On Thu, 8 Feb 2018 at 13:27, vishnuSE ***@***.***> wrote: credentials are passed through kibana which in turn connects to elasticsearch client. how ever i am not getting any error when i use command in below format. | ess ***@***.***:port" index="*" query="*" i was thinking if its possible to get the username and password with which the user logged in and insert then in the esaddr. — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#11 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AGCQDhmADe4Cx0JQrl6VLhGp_09bWuQFks5tSvZVgaJpZM4R8Syn> .

-- Bruno Moura +351 932 518 676

[brunotm]

Hi @1tarak,

i didn't had the time to investigate this further, you managed to get this working?

Thanks

[nanjum88]

hi @brunotm @1vish99

I am trying to get the basic cluster health status using the app

Curl works -

curl -u usernam:password -XGET "https://elasticsearchdev.domain.com:443/_cluster/health"?pretty

{
"cluster_name" : "newdev",
"status" : "green",
"timed_out" : false,
"number_of_nodes" : 2,
"number_of_data_nodes" : 2,
"active_primary_shards" : 1608,
"active_shards" : 3216,
"relocating_shards" : 0,
"initializing_shards" : 0,
"unassigned_shards" : 0,
"delayed_unassigned_shards" : 0,
"number_of_pending_tasks" : 0,
"number_of_in_flight_fetch" : 0,
"task_max_waiting_in_queue_millis" : 0,
"active_shards_percent_as_number" : 10.0
}

How do I make this work using the app ?