Frequently Asked Questions

Search Guard is an independent implementation of a security access layer for Elasticsearch and is completely independent of Elasticsearch’s own security offerings.

Search Guard offers a similar functionality to its competitor products and adds additional features on top, with a flexible licensing scheme. Additional features include:

  • OpenSSL support
  • Kerberos support
  • HTTP Proxy Authentication support
  • JSON web token support
  • Kibana multitenancy
  • Open Source

Search Guard does not support symmetric encryption on the transport layer but requires TLS.

Licenses for Search Guard are based on production clusters, not nodes. That means that you can scale your cluster up and down as necessary, without affecting the license costs. Development, staging, integration and QA/AUT-systems are covered by the license as well at no additional cost.

Absolutely. The roots of Search Guard date back to the end of 2013, and our code base is mature and stable.

Search Guard runs on mission-critical production clusters protecting sensitive data in the finance, healthcare, pharmaceutical, aviation, telecommunications, security, and data intelligence industries. Since our code is Open Source, it has been audited several times already, with only minor findings.

Search Guard is available on the Red Hat OpenShift platform as part of the OpenShift Elasticsearch plugin. We also secure Kibi, the highly configurable platform for fast and beautiful data intelligence, as part of Kibi Enterprise Edition.

Search Guard support can be booked from us directly or from one of our business partners. If you’re looking for a combined offering, including Search Guard and Elasticsearch, you can get a support package from:

Excelerate Systems

We also provide community support on the official Search Guard Google Group.

Search Guard is dual licensed: all basic security features in the Community Edition are free, while you need to obtain a license in order to use the Enterprise Edition in production. All free and enterprise features are listed in our feature comparison matrix.

Taking Search Guard enterprise features into production without purchasing a license is illegal. If you have any questions, please reach out to us anytime – we are happy to help.

We license Search Guard per production cluster, you need one license per cluster. The regular license has no limits regarding the number of nodes, so you can scale your cluster indefinitely without additional costs. All other systems, like development, staging, integration, test and the like are included in the license.

The easiest way to set up a PoC and try out all Search Guard features is to use the Search Guard Demo Installer:

Search Guard Demo Installer

It is possible to set up a PoC and test the enterprise features during the trial phase. Once you take Search Guard into production you must purchase an enterprise license.

You can test all of our Enterprise features for 60 days.

Search Guard 6 already comes with all modules installed, and a Trial License is automatically generated when you start Search Guard for the first time. So, just install the Search Guard plugin and you’re good to go!

For Search Guard 5, each enterprise feature comes as a separate jar file and lives in its own repository on github. You can either:

  • download the jar file from Maven Central
  • clone the repository and build the jar yourself with a simple mvn install command

Please refer to the documentation for detailed installation instructions.

We believe that any security related software has to be Open Source by definition. You as a customer need to have the possibility to inspect our code and run your own security audits on it if required.

With closed source software, the only option you have is to trust the vendor. You can’t be sure that there are no security holes or backdoors in the software, or that it does not “call home”. If you’re serious about the security of your data, closed source is simply not an option.

However, it is important to understand that compliance regulations, licenses and GDPR are fully applicable. This means it is illegal to take our enterprise features into production without purchasing a license. This can lead to serious legal consequences, which can bring more harm and costs to a company than our fair and user-oriented pricing and licensing model.

All features will continue to work, but you need to renew your license. We will get in touch with you when the license is about to expire. The regular run-time of a license is one year, but it is possible to purchase licenses for a longer period of time. Get in contact with us and we will be happy to find the best solution for your needs.

Transport layer TLS (node-to-node communication) is mandatory for Search Guard. Without TLS on the transport layer, authentication and authorization do not make much sense from a security point of view. With TLS, you can ensure that:

  • Your data cannot be infiltrated
  • Your data cannot be tampered with
  • Only authenticated clients can connect

Search Guard is fully compatible with the Elastic Stack, including:

  • Kibana
  • Logstash
  • Beats
  • X-Pack Monitoring
  • X-Pack Alerting
  • X-Pack Machine Learning

Search Guard also provides true multitenancy for Kibana: you can fully separate Dashboards, Visualizations and Saved Searches by user and role.

Please refer to the compatibility section of the documentation for further information.

Yes, Kibi EE supports (and ships with) Elasticsearch security based on Search Guard. Kibi Access control eases the security configuration process by providing a plugin to manage roles and users with a graphical user interface.

Not finding an answer to your question?
Just contact us, and we’ll get back to you as soon as possible.

Any questions left?

Community support is available via the Search Guard Forum.


Read the material which contains instructions and explanations around set up and configuration.


See our blog topics for in depth information on selected subjects.