Link Search Menu Expand Document Documentation Menu

This version of the OpenSearch documentation is no longer maintained. For the latest version, see the current documentation. For information about OpenSearch version maintenance, see Release Schedule and Maintenance Policy.

System indices

By default, OpenSearch has a protected system index, .opendistro_security, which you create using securityadmin.sh. Even if your user account has read permissions for all indices, you can’t directly access the data in this system index.

You can add additional system indices in in opensearch.yml. In addition to automatically creating .opendistro_security, the demo configuration adds several indices for the various OpenSearch plugins that integrate with the security plugin:

plugins.security.system_indices.enabled: true
plugins.security.system_indices.indices: [".opendistro-alerting-config", ".opendistro-alerting-alert*", ".opendistro-anomaly-results*", ".opendistro-anomaly-detector*", ".opendistro-anomaly-checkpoints", ".opendistro-anomaly-detection-state", ".opendistro-reports-*", ".opendistro-notifications-*", ".opendistro-notebooks", ".opendistro-asynchronous-search-response*"]

To access these indices, you must authenticate with an admin certificate:

curl -k --cert ./kirk.pem --key ./kirk-key.pem -XGET 'https://localhost:9200/.opendistro_security/_search'

The alternative is to remove indices from the plugins.security.system_indices.indices list on each node and restart OpenSearch.