By Jochen Kressin

Search Guard vs. Search Guard FLX

It's been a while since we published Search Guard FLX ("Flex"), the next-generation Search Guard. In this article, we'd like to clarify how both versions relate, when to use which version, and what the migration path looks like.

Search Guard Classic

Search Guard (now sometimes called "Search Guard Classic") is the product we released in 2016. Search Guard began as a pure security plugin for Elasticsearch and Kibana. In January 2020, we added "Signals", our Alerting solution. The Security and the Alerting features are available as a free Apache2-licenses Community Edition and a commercial Enterprise Edition with added features.
Search Guard is available for Elasticsearch and Kibana 2.3.0 up until 7.17.9. The documentation can be found here:

Search Guard FLX

In August 2022, we released Search Guard FLX. Search Guard FLX is the next generation of Search Guard and is essentially a rewrite of Search Guard Classic. It offers many new features and improvements, making it easier than ever to install, configure and run Search Guard FLX. The highlights include the following:
    new sgctl admin tool, which replaces sgadmin. sgctl is stateful, which means you can define connection profiles once and use them later
    New configuration format which is more coherent, more predictable, and much more powerful
    Server-side sessions and multiple authentication methods for Kibana
    Performance: Many components of Search Guard FLX underwent significant optimizations. Thus, Search Guard FLX can handle more throughput with a lower CPU footprint.
    Easily reachable diagnostics and metrics
The documentation for Search Guard FLX can be found here:
Search Guard FLX is available for Elasticsearch 7.17.x and above.

Version Matrix

Search Guard FLX


Consider Search Guard and Search Guard FLX as two different products. Both provide similar features but are different regarding configuration and features. As with previous major releases, we tried to make the transition from Search Guard to Search Guard FLX as smooth as possible. Please refer to our comprehensive guide on migrating from Search Guard to Search Guard FLX.
One of the main differences is the new configuration schema. We completely overhauled how Search Guard FLX can be configured and have outlined the changes between legacy and FLX config in our documentation.

Does that mean you need to rewrite all existing configuration files manually?

No. Search Guard FLX can still read and apply the legacy Search Guard Classic configuration files. However, most new features are not supported when using the legacy configuration. In addition, in rare cases, some legacy features may not be supported anymore or behave differently. Before upgrading, please read the Search Guard FLX release notes.
quotes icon
Search Guard FLX can still read and apply the legacy Search Guard Classic configuration files
For migrating your legacy configuration to the new configuration format, the sgctl tool has a built-in migrate-config command to migrate the configuration from legacy to FLX style.

When should I migrate to Search Guard FLX

If Search Guard FLX is available for the Elasticsearch version you are using, you should upgrade as soon as possible to enjoy the performance and feature improvements of FLX. If you are using the Enterprise or Compliance Edition, you can use your existing license key with Search Guard FLX. There is no additional cost involved.
For a detailed migration path, please refer to our documentation's "Migrating to FLX" chapter.

Where to go next

Published: 2023-04-19
linkedIn icon
y icon
Questions? Drop us a line!
your message
This form collects your name and email. Please take a look in our privacy policy for a better understanding on how we protect and manage your submitted data.
Other posts you may like
follow us
twitter iconfacebook iconlinkedIn iconyoutube icon
Search Guard Newsletter
For the latest product developments, new versions and cybersecurity news, sign up to our newsletter.