From 3330658411985be3697ca6ee95d5dd14664c61ac Mon Sep 17 00:00:00 2001 From: Nastasha Solomon Date: Tue, 9 Sep 2025 17:24:40 -0400 Subject: [PATCH 1/8] First draft --- .../kibana-reporting-configuration.md | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/deploy-manage/kibana-reporting-configuration.md b/deploy-manage/kibana-reporting-configuration.md index 1cff860024..c68c3ea551 100644 --- a/deploy-manage/kibana-reporting-configuration.md +++ b/deploy-manage/kibana-reporting-configuration.md @@ -42,6 +42,25 @@ Configuring reporting in your environment involves two main areas: Depending on your license, the type of users, and whether you prefer using the {{kib}} UI or API, there are multiple ways to [grant access to reporting functionality](#grant-user-access). +::::{admonition} Generate reports in a cross-cluster search environment + +To generate reports in a cross-cluster search environment, ensure your role has the appropriate cluster and index privileges to access indices in the remote and local cluster. This may differ based on whether you are using an API key for authentication or directly authenticating as with your user credentials. For more information, refer to [Configure privileges for cross-cluster replication](remote-clusters/remote-clusters-cert.md#remote-clusters-privileges-ccr). + +To provide an example, here is a role that has access to both the index in the remote cluster (`general:filebeat-*`) and the index in the local cluster (`filebeat-*`). The `read_cross_cluster` privilege allows cross-cluster search access to the remote index. + +```yaml +{ + "indices": [ + { + "names": [ "general:filebeat-*-isam*", "filebeat-*-isam*" ], + "privileges": [ "read", "view_index_metadata", "read_cross_cluster" ] + } + ] +} +``` + +:::: + ### Applying system configuration The following configurations are required at {{es}}, {{kib}}, and OS levels to support {{report-features}}. From eeb7ebb7c1c19b3ecf16f39d6fb689e8cc2335d8 Mon Sep 17 00:00:00 2001 From: Nastasha Solomon Date: Mon, 20 Oct 2025 17:27:12 -0400 Subject: [PATCH 2/8] Revised note --- deploy-manage/kibana-reporting-configuration.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/deploy-manage/kibana-reporting-configuration.md b/deploy-manage/kibana-reporting-configuration.md index a0511ff6e3..44eb96cee2 100644 --- a/deploy-manage/kibana-reporting-configuration.md +++ b/deploy-manage/kibana-reporting-configuration.md @@ -34,7 +34,11 @@ Before upgrading {{kib}} in a production environment, we encourage you to test y ## Configuration overview -To secure {{report-features}}, you must grant users access to reporting functionality and protect the reporting endpoints with TLS/SSL encryption. Additionally, you can install graphical packages on the operating system to enable screenshot capabilities in the {{kib}} server. +To secure {{report-features}}, you must grant users role access to reporting functionality and protect the reporting endpoints with [API key authentication](remote-clusters/remote-clusters-api-key.md). Additionally, you can install graphical packages on the operating system to enable screenshot capabilities in the {{kib}} server. + +:::{admonition} Set up security for cross-cluster search environments +TLS certificate-based authentication is deprecated in 9.0.0. To secure connections between local (self-managed) and remote clusters, set up API key authentication instead or follow a guide on how to [migrate remote clusters from certificate to API key authentication](remote-clusters/remote-clusters-api-key.md). +::: Configuring reporting in your environment involves two main areas: From c16da3bd06f98343430898ed8a3d2bafb02475f9 Mon Sep 17 00:00:00 2001 From: Nastasha Solomon Date: Tue, 21 Oct 2025 14:25:48 -0400 Subject: [PATCH 3/8] Fixed note --- .../kibana-reporting-configuration.md | 25 +++---------------- .../automating-report-generation.md | 6 +++++ 2 files changed, 10 insertions(+), 21 deletions(-) diff --git a/deploy-manage/kibana-reporting-configuration.md b/deploy-manage/kibana-reporting-configuration.md index 44eb96cee2..82e54d17cf 100644 --- a/deploy-manage/kibana-reporting-configuration.md +++ b/deploy-manage/kibana-reporting-configuration.md @@ -36,8 +36,10 @@ Before upgrading {{kib}} in a production environment, we encourage you to test y To secure {{report-features}}, you must grant users role access to reporting functionality and protect the reporting endpoints with [API key authentication](remote-clusters/remote-clusters-api-key.md). Additionally, you can install graphical packages on the operating system to enable screenshot capabilities in the {{kib}} server. -:::{admonition} Set up security for cross-cluster search environments -TLS certificate-based authentication is deprecated in 9.0.0. To secure connections between local (self-managed) and remote clusters, set up API key authentication instead or follow a guide on how to [migrate remote clusters from certificate to API key authentication](remote-clusters/remote-clusters-api-key.md). +:::{note} + +API keys are used to authenticate requests to generate reports. If you have a cross-cluster search environment and want to generate reports from remote clusters, you must have the appropriate cluster and index privileges on the remote cluster and local cluster. For example, if requests are authenticated with an API key, the API key requires certain privileges on the local cluster that contains the leader index, instead of the remote. For more information and examples, refer to [Configure roles and users for remote clusters](remote-clusters/remote-clusters-cert.md). + ::: Configuring reporting in your environment involves two main areas: @@ -46,25 +48,6 @@ Configuring reporting in your environment involves two main areas: Depending on your license, the type of users, and whether you prefer using the {{kib}} UI or API, there are multiple ways to [grant access to reporting functionality](#grant-user-access). -::::{admonition} Generate reports in a cross-cluster search environment - -To generate reports in a cross-cluster search environment, ensure your role has the appropriate cluster and index privileges to access indices in the remote and local cluster. This may differ based on whether you are using an API key for authentication or directly authenticating as with your user credentials. For more information, refer to [Configure privileges for cross-cluster replication](remote-clusters/remote-clusters-cert.md#remote-clusters-privileges-ccr). - -To provide an example, here is a role that has access to both the index in the remote cluster (`general:filebeat-*`) and the index in the local cluster (`filebeat-*`). The `read_cross_cluster` privilege allows cross-cluster search access to the remote index. - -```yaml -{ - "indices": [ - { - "names": [ "general:filebeat-*-isam*", "filebeat-*-isam*" ], - "privileges": [ "read", "view_index_metadata", "read_cross_cluster" ] - } - ] -} -``` - -:::: - ### Applying system configuration The following configurations are required at {{es}}, {{kib}}, and OS levels to support {{report-features}}. diff --git a/explore-analyze/report-and-share/automating-report-generation.md b/explore-analyze/report-and-share/automating-report-generation.md index 5325997687..123d630174 100644 --- a/explore-analyze/report-and-share/automating-report-generation.md +++ b/explore-analyze/report-and-share/automating-report-generation.md @@ -12,6 +12,12 @@ products: To automatically generate PDF and CSV reports, generate a POST URL, then submit an HTTP `POST` request using {{watcher}} or a script. In {{stack}} 9.1 and Serverless, you can use {{kib}} to generate reports on a recurring schedule and share them with a list of emails that you specify. +:::{note} + +API keys are used to authenticate requests to generate reports. If you have a cross-cluster search environment and want to generate reports from remote clusters, you must have the appropriate cluster and index privileges on the remote cluster and local cluster. For example, if requests are authenticated with an API key, the API key requires certain privileges on the local cluster that contains the leader index, instead of the remote. For more information and examples, refer to [Configure roles and users for remote clusters](../../deploy-manage/remote-clusters/remote-clusters-cert.md). + +::: + ## Create a POST URL [create-a-post-url] Create the POST URL that triggers a report to generate PDF and CSV reports. From 3baac1351acfe77dfcf83212a42ee3e9fab7e0c2 Mon Sep 17 00:00:00 2001 From: Nastasha Solomon Date: Tue, 21 Oct 2025 14:35:56 -0400 Subject: [PATCH 4/8] Adds applies to tags --- deploy-manage/kibana-reporting-configuration.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/deploy-manage/kibana-reporting-configuration.md b/deploy-manage/kibana-reporting-configuration.md index 82e54d17cf..fd24c5d240 100644 --- a/deploy-manage/kibana-reporting-configuration.md +++ b/deploy-manage/kibana-reporting-configuration.md @@ -37,9 +37,8 @@ Before upgrading {{kib}} in a production environment, we encourage you to test y To secure {{report-features}}, you must grant users role access to reporting functionality and protect the reporting endpoints with [API key authentication](remote-clusters/remote-clusters-api-key.md). Additionally, you can install graphical packages on the operating system to enable screenshot capabilities in the {{kib}} server. :::{note} - -API keys are used to authenticate requests to generate reports. If you have a cross-cluster search environment and want to generate reports from remote clusters, you must have the appropriate cluster and index privileges on the remote cluster and local cluster. For example, if requests are authenticated with an API key, the API key requires certain privileges on the local cluster that contains the leader index, instead of the remote. For more information and examples, refer to [Configure roles and users for remote clusters](remote-clusters/remote-clusters-cert.md). - +:applies_to: {stack: ga, serverless: unavailable} +API keys are used to authenticate requests to generate reports. If you have a cross-cluster search environment and want to generate reports from remote clusters, you must have the appropriate cluster and index privileges on the remote cluster and local cluster. For example, if requests are authenticated with an API key, the API key requires certain privileges on the local cluster that contains the leader index, instead of the remote. For more information and examples, refer to [Configure roles and users for remote clusters](../../deploy-manage/remote-clusters/remote-clusters-cert.md). ::: Configuring reporting in your environment involves two main areas: From 8ee2523ba4f7dbc9a677071bbdcfabf214f2fe3c Mon Sep 17 00:00:00 2001 From: Nastasha Solomon Date: Tue, 21 Oct 2025 14:47:50 -0400 Subject: [PATCH 5/8] Fix ref --- deploy-manage/kibana-reporting-configuration.md | 2 +- .../report-and-share/automating-report-generation.md | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/deploy-manage/kibana-reporting-configuration.md b/deploy-manage/kibana-reporting-configuration.md index fd24c5d240..7f0310c1ec 100644 --- a/deploy-manage/kibana-reporting-configuration.md +++ b/deploy-manage/kibana-reporting-configuration.md @@ -38,7 +38,7 @@ To secure {{report-features}}, you must grant users role access to reporting fun :::{note} :applies_to: {stack: ga, serverless: unavailable} -API keys are used to authenticate requests to generate reports. If you have a cross-cluster search environment and want to generate reports from remote clusters, you must have the appropriate cluster and index privileges on the remote cluster and local cluster. For example, if requests are authenticated with an API key, the API key requires certain privileges on the local cluster that contains the leader index, instead of the remote. For more information and examples, refer to [Configure roles and users for remote clusters](../../deploy-manage/remote-clusters/remote-clusters-cert.md). +API keys are used to authenticate requests to generate reports. If you have a cross-cluster search environment and want to generate reports from remote clusters, you must have the appropriate cluster and index privileges on the remote cluster and local cluster. For example, if requests are authenticated with an API key, the API key requires certain privileges on the local cluster that contains the leader index, instead of the remote. For more information and examples, refer to [Configure roles and users for remote clusters](../deploy-manage/remote-clusters/remote-clusters-cert.md). ::: Configuring reporting in your environment involves two main areas: diff --git a/explore-analyze/report-and-share/automating-report-generation.md b/explore-analyze/report-and-share/automating-report-generation.md index 123d630174..71db167393 100644 --- a/explore-analyze/report-and-share/automating-report-generation.md +++ b/explore-analyze/report-and-share/automating-report-generation.md @@ -13,9 +13,8 @@ products: To automatically generate PDF and CSV reports, generate a POST URL, then submit an HTTP `POST` request using {{watcher}} or a script. In {{stack}} 9.1 and Serverless, you can use {{kib}} to generate reports on a recurring schedule and share them with a list of emails that you specify. :::{note} - +:applies_to: {stack: ga, serverless: unavailable} API keys are used to authenticate requests to generate reports. If you have a cross-cluster search environment and want to generate reports from remote clusters, you must have the appropriate cluster and index privileges on the remote cluster and local cluster. For example, if requests are authenticated with an API key, the API key requires certain privileges on the local cluster that contains the leader index, instead of the remote. For more information and examples, refer to [Configure roles and users for remote clusters](../../deploy-manage/remote-clusters/remote-clusters-cert.md). - ::: ## Create a POST URL [create-a-post-url] From 4bfe78fa659418417b0614495a5c23339c20a364 Mon Sep 17 00:00:00 2001 From: Nastasha Solomon Date: Tue, 21 Oct 2025 14:54:59 -0400 Subject: [PATCH 6/8] Reverts changes to intro --- deploy-manage/kibana-reporting-configuration.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy-manage/kibana-reporting-configuration.md b/deploy-manage/kibana-reporting-configuration.md index 7f0310c1ec..f5da825f0a 100644 --- a/deploy-manage/kibana-reporting-configuration.md +++ b/deploy-manage/kibana-reporting-configuration.md @@ -34,7 +34,7 @@ Before upgrading {{kib}} in a production environment, we encourage you to test y ## Configuration overview -To secure {{report-features}}, you must grant users role access to reporting functionality and protect the reporting endpoints with [API key authentication](remote-clusters/remote-clusters-api-key.md). Additionally, you can install graphical packages on the operating system to enable screenshot capabilities in the {{kib}} server. +To secure {{report-features}}, you must grant users access to reporting functionality and protect the reporting endpoints with TLS/SSL encryption. Additionally, you can install graphical packages on the operating system to enable screenshot capabilities in the {{kib}} server. :::{note} :applies_to: {stack: ga, serverless: unavailable} From d9388e62b2e7f2d8adbf2031614e88fbe3b1d937 Mon Sep 17 00:00:00 2001 From: Nastasha Solomon Date: Tue, 21 Oct 2025 14:58:20 -0400 Subject: [PATCH 7/8] Linked to correct section --- deploy-manage/kibana-reporting-configuration.md | 2 +- .../report-and-share/automating-report-generation.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy-manage/kibana-reporting-configuration.md b/deploy-manage/kibana-reporting-configuration.md index f5da825f0a..c687806b92 100644 --- a/deploy-manage/kibana-reporting-configuration.md +++ b/deploy-manage/kibana-reporting-configuration.md @@ -38,7 +38,7 @@ To secure {{report-features}}, you must grant users access to reporting function :::{note} :applies_to: {stack: ga, serverless: unavailable} -API keys are used to authenticate requests to generate reports. If you have a cross-cluster search environment and want to generate reports from remote clusters, you must have the appropriate cluster and index privileges on the remote cluster and local cluster. For example, if requests are authenticated with an API key, the API key requires certain privileges on the local cluster that contains the leader index, instead of the remote. For more information and examples, refer to [Configure roles and users for remote clusters](../deploy-manage/remote-clusters/remote-clusters-cert.md). +API keys are used to authenticate requests to generate reports. If you have a cross-cluster search environment and want to generate reports from remote clusters, you must have the appropriate cluster and index privileges on the remote cluster and local cluster. For example, if requests are authenticated with an API key, the API key requires certain privileges on the local cluster that contains the leader index, instead of the remote. For more information and examples, refer to [Configure roles and users for remote clusters](../deploy-manage/remote-clusters/remote-clusters-cert.md#remote-clusters-privileges-cert). ::: Configuring reporting in your environment involves two main areas: diff --git a/explore-analyze/report-and-share/automating-report-generation.md b/explore-analyze/report-and-share/automating-report-generation.md index 71db167393..627133b03a 100644 --- a/explore-analyze/report-and-share/automating-report-generation.md +++ b/explore-analyze/report-and-share/automating-report-generation.md @@ -14,7 +14,7 @@ To automatically generate PDF and CSV reports, generate a POST URL, then submit :::{note} :applies_to: {stack: ga, serverless: unavailable} -API keys are used to authenticate requests to generate reports. If you have a cross-cluster search environment and want to generate reports from remote clusters, you must have the appropriate cluster and index privileges on the remote cluster and local cluster. For example, if requests are authenticated with an API key, the API key requires certain privileges on the local cluster that contains the leader index, instead of the remote. For more information and examples, refer to [Configure roles and users for remote clusters](../../deploy-manage/remote-clusters/remote-clusters-cert.md). +API keys are used to authenticate requests to generate reports. If you have a cross-cluster search environment and want to generate reports from remote clusters, you must have the appropriate cluster and index privileges on the remote cluster and local cluster. For example, if requests are authenticated with an API key, the API key requires certain privileges on the local cluster that contains the leader index, instead of the remote. For more information and examples, refer to [Configure roles and users for remote clusters](../../deploy-manage/remote-clusters/remote-clusters-cert#remote-clusters-privileges-cert). ::: ## Create a POST URL [create-a-post-url] From 9e0eaffab3cdba5f085102473344c8bd0571cacd Mon Sep 17 00:00:00 2001 From: Nastasha Solomon Date: Tue, 21 Oct 2025 15:04:31 -0400 Subject: [PATCH 8/8] forgot the md! --- .../report-and-share/automating-report-generation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/explore-analyze/report-and-share/automating-report-generation.md b/explore-analyze/report-and-share/automating-report-generation.md index 627133b03a..5976bd65dd 100644 --- a/explore-analyze/report-and-share/automating-report-generation.md +++ b/explore-analyze/report-and-share/automating-report-generation.md @@ -14,7 +14,7 @@ To automatically generate PDF and CSV reports, generate a POST URL, then submit :::{note} :applies_to: {stack: ga, serverless: unavailable} -API keys are used to authenticate requests to generate reports. If you have a cross-cluster search environment and want to generate reports from remote clusters, you must have the appropriate cluster and index privileges on the remote cluster and local cluster. For example, if requests are authenticated with an API key, the API key requires certain privileges on the local cluster that contains the leader index, instead of the remote. For more information and examples, refer to [Configure roles and users for remote clusters](../../deploy-manage/remote-clusters/remote-clusters-cert#remote-clusters-privileges-cert). +API keys are used to authenticate requests to generate reports. If you have a cross-cluster search environment and want to generate reports from remote clusters, you must have the appropriate cluster and index privileges on the remote cluster and local cluster. For example, if requests are authenticated with an API key, the API key requires certain privileges on the local cluster that contains the leader index, instead of the remote. For more information and examples, refer to [Configure roles and users for remote clusters](../../deploy-manage/remote-clusters/remote-clusters-cert.md#remote-clusters-privileges-cert). ::: ## Create a POST URL [create-a-post-url]