Search Guard vs. Search Guard FLX
It's been a while since we published Search Guard FLX ("Flex"), the next-generation Search Guard. In this article, we'd like to clarify how both versions relate, when to use which version, and what the migration path looks like.
Search Guard Classic
Search Guard (now sometimes called "Search Guard Classic") is the product we released in 2016. Search Guard began as a pure security plugin for Elasticsearch and Kibana. In January 2020, we added "Signals", our Alerting solution. The Security and the Alerting features are available as a free Apache2-licenses Community Edition and a commercial Enterprise Edition with added features.
Search Guard is available for Elasticsearch and Kibana 2.3.0 up until 7.17.9. The documentation can be found here: https://docs.search-guard.com/7.x-53/
Search Guard FLX
In August 2022, we released Search Guard FLX. Search Guard FLX is the next generation of Search Guard and is essentially a rewrite of Search Guard Classic. It offers many new features and improvements, making it easier than ever to install, configure and run Search Guard FLX. The highlights include the following:
new sgctl admin tool, which replaces sgadmin. sgctl is stateful, which means you can define connection profiles once and use them later
New configuration format which is more coherent, more predictable, and much more powerful
Server-side sessions and multiple authentication methods for Kibana
Performance: Many components of Search Guard FLX underwent significant optimizations. Thus, Search Guard FLX can handle more throughput with a lower CPU footprint.
Easily reachable diagnostics and metrics
The documentation for Search Guard FLX can be found here: https://docs.search-guard.com/latest/
Search Guard FLX is available for Elasticsearch 7.17.x and above.
Consider Search Guard and Search Guard FLX as two different products. Both provide similar features but are different regarding configuration and features. As with previous major releases, we tried to make the transition from Search Guard to Search Guard FLX as smooth as possible. Please refer to our comprehensive guide on migrating from Search Guard to Search Guard FLX
One of the main differences is the new configuration schema. We completely overhauled how Search Guard FLX can be configured and have outlined the changes between legacy and FLX config
in our documentation.
Does that mean you need to rewrite all existing configuration files manually?
No. Search Guard FLX can still read and apply the legacy Search Guard Classic configuration files. However, most new features are not supported when using the legacy configuration. In addition, in rare cases, some legacy features may not be supported anymore or behave differently. Before upgrading, please read the Search Guard FLX release notes
Search Guard FLX can still read and apply the legacy Search Guard Classic configuration files
For migrating your legacy configuration to the new configuration format, the sgctl
tool has a built-in migrate-config
command to migrate the configuration from legacy to FLX style.
When should I migrate to Search Guard FLX
If Search Guard FLX is available for the Elasticsearch version you are using, you should upgrade as soon as possible to enjoy the performance and feature improvements of FLX. If you are using the Enterprise or Compliance Edition, you can use your existing license key with Search Guard FLX. There is no additional cost involved.
For a detailed migration path, please refer to our documentation's "Migrating to FLX"
Where to go next