Slow / Unsusable Dashboards for non admin users

ElasticSearch 6.1.3
SearchGuard 6.1.3.20

I have a role for IT users:

sg_role_it:

cluster:

  • CLUSTER_COMPOSITE_OPS_RO

indices:

‘hardware-*’:

‘*’:

  • READ
  • GET
  • SEARCH

dls: ‘{ “bool”: { “must”: { “match”: { “fields.environment”: “bath-office” }}}}’

All kibana users also use this:

For users which use kibana

sg_kibana:

readonly: true

cluster:

  • CLUSTER_COMPOSITE_OPS_RO

indices:

‘?kibana’:

‘*’:

  • MANAGE
  • INDEX
  • READ
  • DELETE

When a user tries to load a certain dashboard with “hardware-*” data, it eithers partially loads or times out. I see no load on the box, no errors in the log. However when an admin views the dashboard it loads within seconds. I’m almost certain I have missed a permission somewhere, does anyone have an input?

Timeout error seen is:

Error: Request Timeout after 30000ms

at https://kibana.x/bundles/kibana.bundle.js?v=16371:61:163257
at https://kibana.x/bundles/kibana.bundle.js?v=16371:61:163678

···

On Thursday, 8 March 2018 17:28:50 UTC, anthony...@actual-experience.com wrote:

ElasticSearch 6.1.3
SearchGuard 6.1.3.20

I have a role for IT users:

sg_role_it:

cluster:

  • CLUSTER_COMPOSITE_OPS_RO

indices:

‘hardware-*’:

‘*’:

  • READ
  • GET
  • SEARCH

dls: ‘{ “bool”: { “must”: { “match”: { “fields.environment”: “bath-office” }}}}’

All kibana users also use this:

For users which use kibana

sg_kibana:

readonly: true

cluster:

  • CLUSTER_COMPOSITE_OPS_RO

indices:

‘?kibana’:

‘*’:

  • MANAGE
  • INDEX
  • READ
  • DELETE

When a user tries to load a certain dashboard with “hardware-*” data, it eithers partially loads or times out. I see no load on the box, no errors in the log. However when an admin views the dashboard it loads within seconds. I’m almost certain I have missed a permission somewhere, does anyone have an input?

Bump.

This is caused by DLS, I hash out DLS for this user and the dashboard is rapid.

···

On Thursday, 8 March 2018 17:28:50 UTC, anthony...@actual-experience.com wrote:

ElasticSearch 6.1.3
SearchGuard 6.1.3.20

I have a role for IT users:

sg_role_it:

cluster:

  • CLUSTER_COMPOSITE_OPS_RO

indices:

‘hardware-*’:

‘*’:

  • READ
  • GET
  • SEARCH

dls: ‘{ “bool”: { “must”: { “match”: { “fields.environment”: “bath-office” }}}}’

All kibana users also use this:

For users which use kibana

sg_kibana:

readonly: true

cluster:

  • CLUSTER_COMPOSITE_OPS_RO

indices:

‘?kibana’:

‘*’:

  • MANAGE
  • INDEX
  • READ
  • DELETE

When a user tries to load a certain dashboard with “hardware-*” data, it eithers partially loads or times out. I see no load on the box, no errors in the log. However when an admin views the dashboard it loads within seconds. I’m almost certain I have missed a permission somewhere, does anyone have an input?

Raised a bug as I feel this may be a bug rather than configuration:

https://github.com/floragunncom/search-guard/issues/457

···

On Monday, 12 March 2018 09:28:05 UTC, anthony...@actual-experience.com wrote:

Bump.

This is caused by DLS, I hash out DLS for this user and the dashboard is rapid.

On Thursday, 8 March 2018 17:28:50 UTC, anthony...@actual-experience.com wrote:

ElasticSearch 6.1.3
SearchGuard 6.1.3.20

I have a role for IT users:

sg_role_it:

cluster:

  • CLUSTER_COMPOSITE_OPS_RO

indices:

‘hardware-*’:

‘*’:

  • READ
  • GET
  • SEARCH

dls: ‘{ “bool”: { “must”: { “match”: { “fields.environment”: “bath-office” }}}}’

All kibana users also use this:

For users which use kibana

sg_kibana:

readonly: true

cluster:

  • CLUSTER_COMPOSITE_OPS_RO

indices:

‘?kibana’:

‘*’:

  • MANAGE
  • INDEX
  • READ
  • DELETE

When a user tries to load a certain dashboard with “hardware-*” data, it eithers partially loads or times out. I see no load on the box, no errors in the log. However when an admin views the dashboard it loads within seconds. I’m almost certain I have missed a permission somewhere, does anyone have an input?