Security_exception action [indices:data/read/search] is unauthorised for user [_system]

[ramee535]

@bolemebrige @saratvemulapalli similar to issue number #338

I use elastics version of elasticsearch and kibana with opendistro plugins.
Also for security functionalities I have x-pack enabled.

Is there any way to solve above mentioned issue and use alerting for my basic elk.

Thanks in advance for your help..

[saratvemulapalli]

@ramee535 thanks for reaching out.
Unfortunately ODFE does not support x-pack enabled security, we only support ODFE security today.

I was hoping @bolemebrige/community would take a stab at it and come back with the challenges.

[ramee535]

Thanks for your response Sarat, now I tried to install opendistro security plugin after after disabling x-pack features.. but when I am trying to run securityadmin script.. facing below issue. can you help

ERR: Cannot retrieve cluster state due to: Open Distro Security not initialized for cluster:monitor/health.
Root cause: ElasticsearchSecurityException[Open Distro Security not initialized for cluster:monitor/health] (org.elasticsearch.ElasticsearchSecurityException/org.elasticsearch.ElasticsearchSecurityException)

Try running securityadmin.sh with -icl (but no -cl) and -nhnv (If that works you need to check your clustername as well as hostnames in your TLS certificates)
Make also sure that your keystore or PEM certificate is a client certificate (not a node certificate) and configured properly in elasticsearch.yml
If this is not working, try running securityadmin.sh with --diagnose and see diagnose trace log file)
Add --accept-red-cluster to allow securityadmin to operate on a red cluster. @saratvemulapalli

[filipzag]

I haven't figured it out yet but my plan was to reverse engineer open distro roles and users and than create them in xpack role and user management... I think it should work but I haven't had time to try it...