Use only the security features as a module/plugin for an existing ELK stack setup?



We are super interested in this project as this has the potential to greatly improve elasticsearch and its ecosystem as a whole. Real good stuff!

However, we have a need for audit logging in our existing ELK stack environment which is using the community edition of search guard. Would it be possible to utilize the audit logging features of openDistro with our existing ELK stack?


Open Distro uses Searchguard under the hood (they renamed it though) where they’ve stripped the license restrictions (I’m not sure what else they’ve done). It should be fairly trivial to move to Open Distro as the configuration is the same - just different root key names (as far as I can tell).