Using elasticsplunk with elasticsearch using readonlyREST

brunotm / elasticsplunk

A Search command to explore Elasticsearch data within Splunk.

MIT License

40 stars 25 forks source link

Using elasticsplunk with elasticsearch using readonlyREST #11

Open 1vish99 opened 6 years ago

1vish99 commented 6 years ago

Hi,

Is there a way to add ldap connection details so it can be used with elasticsearch cluster which is secured with readonlyREST

brunotm commented 6 years ago

Hello,

It depends how readonlyREST authenticates the client in the api. By reading the project readme ldap is only a backend for auth, do you know how it works on the fronted? Basic? JWT?

Also can you share the detail of the error you’re getting? On Wed, 7 Feb 2018 at 08:07, vishnuSE notifications@github.com wrote:

Hi,

Is there a way to add ldap connection details so it can be used with elasticsearch cluster which is secured with readonlyREST

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/brunotm/elasticsplunk/issues/11, or mute the thread https://github.com/notifications/unsubscribe-auth/AGCQDslvBjm8wXYBO55u2BtFHArI5BR0ks5tSVnWgaJpZM4R8Syn .

-- Bruno Moura +351 932 518 676

1vish99 commented 6 years ago

credentials are passed through kibana which in turn connects to elasticsearch client. how ever i am not getting any error when i use command in below format. | ess eaddr="http://username:password@hostname:port" index="" query=""

i was thinking if its possible to get the username and password with which the user logged in to the splunk and insert them in the esaddr.

brunotm commented 6 years ago

Ok. So it is basic auth. I don’t think splunk makes the user password available for integrations but I’ll check.

Thanks On Thu, 8 Feb 2018 at 13:27, vishnuSE notifications@github.com wrote:

credentials are passed through kibana which in turn connects to elasticsearch client. how ever i am not getting any error when i use command in below format. | ess eaddr="http://username:password@hostname:port" index="" query=""

i was thinking if its possible to get the username and password with which the user logged in and insert then in the esaddr.

— You are receiving this because you commented.

Reply to this email directly, view it on GitHub https://github.com/brunotm/elasticsplunk/issues/11#issuecomment-364110932, or mute the thread https://github.com/notifications/unsubscribe-auth/AGCQDhmADe4Cx0JQrl6VLhGp_09bWuQFks5tSvZVgaJpZM4R8Syn .

-- Bruno Moura +351 932 518 676

brunotm commented 6 years ago

Hi @1tarak,

i didn't had the time to investigate this further, you managed to get this working?

Thanks

nanjum88 commented 5 years ago

hi @brunotm @1vish99

I am trying to get the basic cluster health status using the app

Curl works -

curl -u usernam:password -XGET "https://elasticsearchdev.domain.com:443/_cluster/health"?pretty

{ "cluster_name" : "newdev", "status" : "green", "timed_out" : false, "number_of_nodes" : 2, "number_of_data_nodes" : 2, "active_primary_shards" : 1608, "active_shards" : 3216, "relocating_shards" : 0, "initializing_shards" : 0, "unassigned_shards" : 0, "delayed_unassigned_shards" : 0, "number_of_pending_tasks" : 0, "number_of_in_flight_fetch" : 0, "task_max_waiting_in_queue_millis" : 0, "active_shards_percent_as_number" : 10.0 }

How do I make this work using the app ?