with hotfix the max indexing was around 290k/s and the cluster remained fast and usable during this.
For reference:
17k/s max before hotfix
310k/s max with searchguard disabled
There was zero performance difference inbetween the Logstash user with 26 individual index permissions and the Logstash user with a single * index permission.
@nils Hi, which version of SG has already this patch please ? We have same performance issue and I have tried version 53.1 but seems like it wasnât released there.
11:27:10 ERR: Seems deva/sg_config.yml is not in SG 7 format: com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException: Unrecognized field âsupport_aliases_in_index_privilegesâ (class com.floragunn.searchguard.sgconf.impl.v7.ConfigV7$Dynamic), not marked as ignorable (17 known properties: âlicenseâ, âdisable_intertransport_authâ, âhttpâ, âauth_token_providerâ, âkibanaâ, âauthzâ, âauth_failure_listenersâ, âtransport_userrname_attributeâ, âfiltered_alias_modeâ, âauthcâ, âdisable_rest_authâ, ârespect_request_indices_optionsâ, âmulti_rolespan_enabledâ, âdo_not_fail_on_forbiddenâ, âfield_anonymization_salt2â, âhosts_resolver_modeâ, âdo_not_fail_on_forbidden_emptyâ])
11:27:10 at [Source: (String)â{â_sg_meta":{âtypeâ:âconfigâ,âconfig_versionâ:2},âsg_configâ:{âdynamicâ:{âdo_not_fail_on_forbiddenâ:true,âsupport_aliases_in_index_privilegesâ:false,âkibanaâ:{âmultitenancy_enabledâ:true,âserver_usernameâ:âkibana_systemâ,âindexâ:â.kibanaâ},âhttpâ:{âanonymous_auth_enabledâ:false},âauthcâ:{âbasic_internal_auth_domainâ:{âhttp_enabledâ:true,âtransport_enabledâ:true,âorderâ:0,âhttp_authenticatorâ:{âtypeâ:âbasicâ,âchallengeâ:false},âauthentication_backendâ:{âtypeâ:âinternalâ}},âopenid_auth_domainâ:{âhâ[truncated 2957 chars]; line: 1, column: 149] (through reference chain: com.floragunn.searchguard.sgconf.impl.SgDynamicConfiguration[âsg_configâ]->com.floragunn.searchguard.sgconf.impl.v7.ConfigV7[âdynamicâ]->com.floragunn.searchguard.sgconf.impl.v7.ConfigV7$Dynamic[âsupport_aliases_in_index_privilegesâ])