Compatible with xpack reporting


(Joe Chop) #1

I’m wondering if you have any plans/workarounds to support Xpack Reporting w/ ROR.

Let me explain, we have it setup so each users has their own .kibana_{user} index and access to their own data indices in ES. Everything works great.
We would like the ability to export from the discover tab via the Saved Search/Reporting -> Export to CSV feature.

This works great, but when I head to Management -> Reporting to download the report, I can see other users reports generated. In a perfect world - they shouldn’t even be visible. In a sub-perfect world, the user could see them, but not download them. Make sense?


(Joe Chop) #2

By the way - using 6.4.1


(Joe Chop) #3

Just checking in. Any ideas?


(Simone Scarduzio) #4

Hello Joe, sorry the delayed response on this. I just tested this in our demo environment. You are right, something is missing when X-Pack code uses the saved objects API. ROR should intercept that too. Will have a look on how to ensure all the calls to the saved objects API are covered.


(Joe Chop) #5

Great - yeah I wonder if you could route the saved reports to a .report-{user} index to mimic the behavior of .kibana-{user} index. Otherwise - as long as other users cannot see other user reports.

Thanks!


(Askids) #6

Simone is really going to hate what I am about to say.

@jchop01 I am just wondering. AFAIK, Xpack reporting is a paid feature. Per my understanding, if you are paying for xpack license for using reporting, even security also comes with it. For that matter, other features like alerting, graph, ML etc also part of it. So why not use xpack security itself, if you are anyway paying for it?


(Joe Chop) #7

Don’t worry - we love ROR, and Simone’s ongoing support!

However, I haven’t been able to find ANY documentation regarding Xpack reporting - but from testing with our recent Kibana upgrade to 6.4, I assume a subset of the reporting is free for use. For example, we do not have Xpack license and we aren’t in their trial mode (confirmed with Get License API). I see this CSV reporting feature in Kibana, but not some of the more advanced reporting options like PDF reports or scheduled reports.

Correct me if I’m wrong - but thats why I assumed CSV/Saved Search exports fall under their xpack free features (same boat as monitoring, search profile, etc).


(Ld57) #8

Hi guys,
Using basic licnese ( free )

I use csv reporting in search tabs.

I use sentinl for pdf report and alerting


(Askids) #9

Good to know that its part of FOSS version. Then there is nothing to look beyond ROR for security :smile:

@ld57 with Siren now almost going into paid category, are you able to use it on a multi-node cluster OR is it just single node?


(Ld57) #10

HI @askids,

well, i am on es 6.2.1 as cluster, and kibana on a dedicated server.

regarding Sentinl, I have installed it on my kibana, but I had to create some modification to code to make it compatible with RoR.

Sentinl is installed as standalone, not as sentinl cluster approach ( had no need, as kibana/sentinl host is on vm clustering system)

regarding that I did, i posted something on their github

if you need, I can share my kibana.yml config, and my RoR config.

unfortunately, I know they changed a lot of things, and i do not hink it still apply with earlier version.

@sscarduzio, it could be a great new feature to integrate that kind of feature to Ror feature pack, but it is a lot of work.

@sscarduzio, alos I apologize about delay regarding transport ssl authentication, but i did not forget it.