Link Search Menu Expand Document

Open Distro for Elasticsearch development has moved to OpenSearch. The ODFE plugins will continue to work with legacy versions of Elasticsearch OSS, but we recommend upgrading to OpenSearch to take advantage of the latest features and improvements.

System indices

By default, Open Distro for Elasticsearch has a protected system index, .opendistro_security, which you create using securityadmin.sh. Even if your user account has read permissions for all indices, you can’t directly access the data in this system index.

You can add additional system indices in in elasticsearch.yml. In addition to automatically creating .opendistro_security, the demo configuration adds several indices for the various Open Distro for Elasticsearch plugins that integrate with the security plugin:

opendistro_security.system_indices.enabled: true
opendistro_security.system_indices.indices: [".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state"]

To access these indices, you must authenticate with an admin certificate:

curl -k --cert ./kirk.pem --key ./kirk-key.pem -XGET 'https://localhost:9200/.opendistro_security/_search'

The alternative is to remove indices from the opendistro_security.system_indices.indices list on each node and restart Elasticsearch.