Elasticsearch Reference 5.5 中文翻译5

Set up X-Pack

安装X-Pack

X-Pack is an Elastic Stack extension that bundles security, alerting, monitoring, reporting, machine learning, and graph capabilities into one easy-to-install package. To access this functionality, you must install X-Pack in Elasticsearch.
X-Pack是一个可伸缩的栈扩展以及处理安全、警报、监控、报告、机器学习和图标能力的易于安装的组合。为了使用这些功能，你必须在Elasticsearch中安装X-Pack。

Installing X-Pack in Elasticsearch

在Elasticsearch中安装X-Pack

After you install Elasticsearch, you can optionally obtain and install X-Pack. For more information about how to obtain X-Pack, see https://www.elastic.co/products/x-pack.
在你安装Elasticsearch之后，你可以选择获取和安装X-Pack。关于如何获取X-Pack，请参考x-pack网站。

You must run the version of X-Pack that matches the version of Elasticsearch you are running.

你要运行的X-Pack的版本必须匹配你正在使用的Elasticsearch的版本。

Important
重要
If you are installing X-Pack for the first time on an existing cluster, you must perform a full cluster restart. Installing X-Pack enables security and security must be enabled on ALL nodes in a cluster for the cluster to operate correctly. When upgrading you can usually perform a rolling upgrade.
如果你对于已有的集群首次安装X-Pack，你必须将整个集群重新启动。安装X-Pack必须保证安全并且对于集群中每个节点都必须正确操作。当你进行升级的时候你通常可以选择滚动升级。

To install X-Pack in Elasticsearch:
在Elasticsearch上安装X-Pack：

1. Optional: If you want to install X-Pack on a machine that doesn’t have internet access:
   选项：如果你希望在没有网络的机器上安装X-Pack：

   • Manually download the X-Pack zip file: https://artifacts.elastic.co/downloads/packs/x-pack/x-pack-5.5.2.zip (sha1)
     手动下载X-Pack的zip文件：下载链接

     Note
     注意
     The plugins for Elasticsearch, Kibana, and Logstash are included in the same zip file. If you have already downloaded this file to install X-Pack on one of those other products, you can reuse the same file.
     用于Elasticsearch、Kibana和Logstash的插件在相同的zip文件中。如果你已经下载了其中的这个文件来安装X-Pack，你可以重用相同的文件。

   • Transfer the zip file to a temporary directory on the offline machine. (Do NOT put the file in the Elasticsearch plugins directory.)
     将zip文件放置在离线机器的临时目录中。（不要文件放置在Elasticsearch插件目录下。）

2. Run bin/elasticsearch-plugin install from ES_HOME on each node in your cluster:
   运行bin/elasticsearch-plugin从ES_HOME中开始安装对于你的集群中的每个节点：

   bin/elasticsearch-plugin install x-pack

   Note
   注意
   If you are using a DEB/RPM distribution of Elasticsearch, run the installation with superuser permissions.
   如果你使用使用Elasticsearch的DEB或RPM，使用超级管理员的权限来运行安装。

   The plugin install scripts require direct internet access to download and install X-Pack. If your server doesn’t have internet access, specify the location of the X-Pack zip file that you downloaded to a temporary directory.
   插件安装脚本要求直接网络访问来下载和安装X-Pack。如果你的服务器没有网络访问，指定你下载到临时目录的X-Pack的zip文件的位置。

   bin/elasticsearch-plugin install file:///path/to/file/x-pack-5.5.2.zip

   Note
   注意
   You must specify an absolute path to the zip file after the file:// protocol.
   你必须使用file://协议来指定zip文件的绝对路径。

3. Confirm that you want to grant X-Pack additional permissions.
   确认你已经被授予了X-Pack的额外的权限。

   Tip
   提示
   Specify the –batch option when running the install command to automatically grant these permissions and bypass these install prompts.
   指定--batch选项在运行自动安装命令的时候赋予了这些全蝎和通过这些安装许可。

   • X-Pack needs these permissions to set the threat context loader during install so Watcher can send email notifications.
     X-Pack需要这些权限来设置关键的上下文加载器在安装的过程中因此Watcher可以发送邮件提醒。

   @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@     WARNING: plugin requires additional permissions     @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@* java.lang.RuntimePermission accessClassInPackage.com.sun.activation.registries* java.lang.RuntimePermission getClassLoader* java.lang.RuntimePermission setContextClassLoader* java.lang.RuntimePermission setFactory* java.security.SecurityPermission createPolicy.JavaPolicy* java.security.SecurityPermission getPolicy* java.security.SecurityPermission putProviderProperty.BC* java.security.SecurityPermission setPolicy* java.util.PropertyPermission * read,write* java.util.PropertyPermission sun.nio.ch.bugLevel write* javax.net.ssl.SSLPermission setHostnameVerifierSee http://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.htmlfor descriptions of what these permissions allow and the associated risks.Continue with installation? [y/N]y

   • X-Pack requires permissions to enable Elasticsearch to launch the machine learning analytical engine. The native controller ensures that the launched process is a valid machine learning component. Once launched, communications between the machine learning processes and Elasticsearch are limited to the operating system user that Elasticsearch runs as.
     X-Pack要求允许Elasticsearch来启动机器学习分析引擎。本地的控制器保证加载进程是合法的机器学习组件。一旦加载、机器学习集成之间的通信和Elasticsearch被限制于Elasticsearch运行的操作系统用户上。

   @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@        WARNING: plugin forks a native controller        @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@This plugin launches a native controller that is not subject tothe Java security manager nor to system call filters.Continue with installation? [y/N]y

4. X-Pack will try to automatically create a number of indices within Elasticsearch. By default, Elasticsearch is configured to allow automatic index creation, and no additional steps are required. However, if you have disabled automatic index creation in Elasticsearch, you must configure action.auto_create_index in elasticsearch.yml to allow X-Pack to create the following indices:
   X-Pack将试图自动创建一系列指定使用Elasticsearch。默认的，Elasticsearch可以被配置来允许自动创建索引并且不需要额外的步骤。然而，如果你需要关闭在Elasticsearch中的自动索引创建，你必须在elasticsearch.yml中配置action.auto_create_index来允许X-Pack来创建下面的指示：
   action.auto_create_index: .security,.monitoring*,.watches,.triggered_watches,.watcher-history*,.ml*

   Important
   重要
   If you are using Logstash or Beats then you will most likely require additional index names in your action.auto_create_index setting, and the exact value will depend on your local configuration. If you are unsure of the correct value for your environment, you may consider setting the value to * which will allow automatic creation of all indices.
   如果你使用Logstash或Beats，你可能需要额外的索引名在你的action.auto_create_index设置中，并且值将会依赖于你本地的配置。如果你不能保证你环境中正确的值，你可以考虑设置值为*来允许自动创建所有的索引。

5. Start Elasticsearch.
   启动Elasticsearch

   bin/elasticsearch

For information, see Installing X-Pack on Kibana and Installing X-Pack on Logstash.
有关更多的信息，见Installing X-Pack on Kibana和Installing X-Pack on Logstash

Important
重要
SSL/TLS encryption is disabled by default, which means user credentials are passed in the clear. Do not deploy to production without enabling encryption! For more information, see Encrypting Communications.
SSL/TLS加密默认是关闭的，意味着用户凭证是通过名文传递的。如果没有部署到生产上是不需要加密的！对于更多的信息，见加密通信。
You must also change the passwords for the built-in elastic user and the kibana user that enables Kibana to communicate with Elasticsearch before deploying to production. For more information, see Setting Up User Authentication.
你也必须改变内置elastic用户和kibana用户的密码来保证Kibana和Elasticsearch的通信在部署到生产环境之前。有关更多的信息，见设置用户权限。

Installing X-Pack on a DEB/RPM Package Installation
使用DEB/RPM安装包来安装X-Pack

If you use the DEB/RPM packages to install Elasticsearch, by default Elasticsearch is installed in /usr/share/elasticsearch and the configuration files are stored in /etc/elasticsearch. (For the complete list of default paths, see Debian Directory Layout and RPM Directory Layout in the Elasticsearch Reference.)
如果你使用DEB/RPM包来安装Elasticsearch，默认的Elasticsearch被安装到/usr/share/elasticsearch兵器配置文件被存储在/etc/elasticsearch中。（对于默认路径的完整清单，见Elasticsearch参考文档中有关Debian目录结构和RPM目录结构的相关内容）

To install X-Pack on a DEB/RPM package installation, you need to run bin/plugin install from the /usr/share/elasticsearch directory with superuser permissions:
为了在DEB/RPM包安装方式的前提下安装X-Pack，你需要运行/usr/share/elasticsearch目录中的bin/plugin install，但是要注意权限问题。

cd /usr/share/elasticsearchsudo bin/elasticsearch-plugin install x-pack

Note
注意
If the configuration files are not in /etc/elasticsearch you need to specify the location of the configuration files by setting the system property es.path.conf to the config path via ES_JAVA_OPTS=”-Des.path.conf=” or by setting the environment variable CONF_DIR via CONF_DIR=.
如果配置文件不是在/etc/elasticsearch中，你需要指定配置文件的位置通过设置系统属性es.path.conf来配置路径通过ES_JAVA_OPTS="-Des.path.conf=<path>"或者设置环境变量CONF_DIR通过CONF_DIR=<path>。

Configuring X-Pack

配置X-Pack

You configure settings for X-Pack features in the elasticsearch.yml, kibana.yml, and logstash.yml configuration files.
你在elasticsearch.yml、kibana.yml和logstash.yml中配置设置用于X-Pack的特性。

X-Pack Feature Elasticsearch Settings Kibana Settings Logstash Settings Graph No Yes No Machine learning Yes Yes No Monitoring Yes Yes Yes Reporting No Yes No Security Yes Yes No Watcher Yes No No

Machine Learning Settings in Elasticsearch

在Elasticsearch中的机器学习设置

You do not need to configure any settings to use machine learning. It is enabled by default.
你如果使用机器学习的话不需要进行任何的设置。他默认是处于启用状态的。

General Machine Learning Settings
通用的机器学习设置

xpack.ml.enabled

Set to true (default) to enable machine learning.设置为true（默认值）来启用机器学习。  If set to false in elasticsearch.yml, the machine learning APIs are disabled. You also cannot open jobs, start datafeeds, or receive transport (internal) communication requests related to machine learning APIs. It also affects all Kibana instances that connect to this Elasticsearch instance; you do not need to disable machine learning in those kibana.yml files. For more information about disabling machine learning in specific Kibana instances, see Kibana Machine Learning Settings.  如果在elasticsearch.yml中设置了false，机器学习的API是关闭的。你不能启动任务、启动datafeeds或接收传输（内部）通信请求依赖于机器学习的API，他也影响所有到所有连接到这个Elasticsearch实例的Kibana实例；你不需要关闭机器学习在kibana.yml文件中。对于更多有关在指定Kibana实例中关闭机器学习的方式，见[Kibana机器学习设置](https://www.elastic.co/guide/en/kibana/5.5/ml-settings-kb.html) 

Important重要If you want to use machine learning features in your cluster, you must have xpack.ml.enabled set to true on all master-eligible nodes. This is the default behavior.如果你希望使用机器学习特性在你的集群中，你必须设置xpack.ml.enable设置为true对于所有的主节点。这是默认的行为。

node.ml

Set to true (default) to identify the node as a machine learning node.设置为true（默认值）来定义节点作为机器学习的学习节点If set to false in elasticsearch.yml, the node cannot run jobs. If set to true but xpack.ml.enabled is set to false, the node.ml setting is ignored and the node cannot run jobs. If you want to run jobs, there must be at least one machine learning node in your cluster.如果在elasticsearch.yml中设置为false，节点不能运行任务。如果设置为true但是xpack.xml.enabled是设置为ifalse，则node.ml的设置将被忽略并且节点不能运行任务，在你的集群中需要至少一个机器学习节点。

Important重要On dedicated coordinating nodes or dedicated master nodes, disable the node.ml role.对于专用的协调节点或探测主节点，关闭了node.ml的角色。

Monitoring Settings in Elasticsearch

在Elasticsearch中的监控设置

Monitoring is enabled by default when you install X-Pack. You can configure these monitoring settings in the elasticsearch.yml file.
当你安装X-Pack的时候监控室默认启用的。你可以配置这些监控设置在elasticsearch.yml文件中。

To adjust how monitoring data is displayed in the monitoring UI, configure xpack.monitoring settings in kibana.yml. To control how monitoring data is collected from Logstash, configure xpack.monitoring settings in logstash.yml.
为了调整在监控UI显示的监控数据，配置xpack.monitoring.settings的设置在kibana.yml文件中。为了控制从Logstash中收集的数据，配置在logstash.yml中的xpack.monitoring的相关设置。

For more information, see Monitoring the Elastic Stack.
有关更多的信息，请参考监控Elastic Stack。

General Monitoring Settings

通用的监控设置

xpack.monitoring.enabled

Set to false to disable Elasticsearch X-Pack monitoring for Elasticsearch.  设置为false来关闭Elasticsearch X-Pack对于Elasticsearch的监控。 

Monitoring Collection Settings

监控集合设置

The xpack.monitoring.collection settings control how data is collected from your Elasticsearch nodes.
xpack.monitoring.collection设置控制数据是如何从你的Elasticsearch节点来收集的。

xpack.monitoring.collection.cluster.state.timeout

Sets the timeout for collecting the cluster state. Defaults to 10m.
设置收集集群状态的超时。默认是10m。

xpack.monitoring.collection.cluster.stats.timeout

Sets the timeout for collecting the cluster statistics. Defaults to 10m.
设置收集集群信息的超时。默认是10m。

xpack.monitoring.collection.indices

Controls which indices Monitoring collects data from. Defaults to all indices. Specify the index names as a comma-separated list, for example test1,test2,test3. Names can include wildcards, for example test*. You can explicitly include or exclude indices by prepending + to include the index, or - to exclude the index. For example, to include all indices that start with test except test3, you could specify +test*,-test3.
控制指定监控收集数据的来源。默认是所有的节点。指定索引的名字以逗号分隔的列表，例如test1,test2,test3。名字可以包含通配符，例如test*。你可以指定包含或排除使用+来代表包含，-来代表排除。例如，包括以test开始的索引但是排除test3，你可以指定+test*,-test3。
You can update this setting through the Cluster Update Settings API.
你可以更新这些设置通过集群的更新设置API。

xpack.monitoring.collection.index.stats.timeout

Sets the timeout for collecting index statistics. Defaults to 10m.
设置用于收集索引状态的超时。默认是10m。

xpack.monitoring.collection.indices.stats.timeout

Sets the timeout for collecting total indices statistics. Defaults to 10m.
设置收集所有索引状态的超时。默认是10m。

xpack.monitoring.collection.index.recovery.active_only

Controls whether or not all recoveries are collected. Set to true to collect only active recoveries. Defaults to false.
控制是否收集所有的recoveries。设置为true则收集活跃的recoveries。默认为false。

xpack.monitoring.collection.index.recovery.timeout

Sets the timeout for collecting the recovery information. Defaults to 10m.
设置收集恢复消息的超时。默认是10m。

xpack.monitoring.collection.interval

Controls how often data samples are collected. Defaults to 10s. If you modify the collection interval, set the xpack.monitoring.min_interval_seconds option in kibana.yml to the same value. Set to -1 to temporarily disable data collection. You can update this setting through the Cluster Update Settings API.
控制数据样本收集的频率。默认是10s。如果你修改的了收集间隔，设置kibana.yml中的xpack.monitoring.min_interval_seconds选项。设置为-1表示临时关闭数据收集。你可以更新这些设置通过集群更新设置的API。

xpack.monitoring.history.duration

Sets the retention duration beyond which the indices created by a Monitoring exporter will be automatically deleted. Defaults to 7d (7 days).
设置通过监控导出创建的indices保留间隔将自动被删除。默认是7d（7天）。
This setting has a minimum value of 1d (1 day) to ensure that something is being monitored, and it cannot be disabled.
这个设置有最小值为1d（一天）来保证监控并且不可以被关闭。

ImportantThis setting currently only impacts local-type exporters. Indices created using the http exporter will not be deleted automatically.这个设置当前只是指定本地类型的exporters。创建的indices使用http导出将不会被自动删除。

xpack.monitoring.exporters

Configures where the agent stores monitoring data. By default, the agent uses a local exporter that indexes monitoring data on the cluster where it is installed. Use an HTTP exporter to send data to a separate monitoring cluster. For more information, see Local Exporter Settings, HTTP Exporter Settings, and Setting up a Separate Monitoring Cluster.
配置代理存储监控数据。默认的，代理使用本地的导出器有关索引的监控数据对于已经被安装的集群。使用HTTP导出器来发送数据给分别的监控集群。有关更多的内容，见Local Exporter Settings，HTTP Exporter Settings和Setting up a Separate Monitoring Cluster。

Local Exporter Settings

本地的导出设置

The local exporter is the default exporter used by Monitoring. As the name is meant to imply, it exports data to the local cluster, which means that there is not much needed to be configured.
本地的导出是默认的导出器由Monitoring来使用。就像名字表面一样，他导出数据到本地的集群，意味着他不需要被配置。

If you do not supply any exporters, then Monitoring will automatically create one for you. If any exporter is provided, then no default is added.
如果你不要任何的导出器，则Monitoring将自动为你创建一个。如果提供了导出器则不会添加默认的导出器。

xpack.monitoring.exporters.my_local:  type: local

type

The value for a Local exporter must always be local and it is required.
用于本地导出器的值必须是本地并且是必须的。

use_ingest

Whether to supply a placeholder pipeline to the cluster and a pipeline processor with every bulk request. The default value is true. If disabled, then it means that it will not use pipelines, which means that a future release cannot automatically upgrade bulk requests to future-proof them.
是否应用占位符对于集群和管道处理器对于每个大块的请求。默认值是true。如果关闭就意味着未来的发行版不能自动升级块请求对于后续的内容。

cluster_alerts.management.enabled

Whether to create cluster alerts for this cluster. The default value is true. To use this feature, Watcher must be enabled. If you have a basic license, cluster alerts are not displayed.
是否为这个集群创建集群警告。默认值是true。为了使用这个特性，需要启用Watcher。如果你有一个基础license，集群警告不会显示。

HTTP Exporter Settings

HTTP导出设置

The following lists settings that can be supplied with the http exporter. All settings are shown as what follows the name you select for your exporter:
下面的列表设置可以被应用于http的导出器。所有的展示的设置有如下的名字，你可以选择用于你的导出器。

xpack.monitoring.exporters.my_remote:  type: http  host: ["host:port", ...]

type

The value for an HTTP exporter must always be http and it is required.
用于HTTP导出器必须是http并且是必须的。

host

Host supports multiple formats, both as an array or as a single value. Supported formats include hostname, hostname:port, http://hostname http://hostname:port, https://hostname, and https://hostname:port. Hosts cannot be assumed. The default scheme is always http and the default port is always 9200 if not supplied as part of the host string.
主机支持多个格式，包括数组或一个单独的值。支持格式包括hostname、hostname:port、http://hostname http://hostname:port、https://hostname和https://hostname:port。Hosts不能被省略。默认的scheme是http并且默认的端口是9200如果没有在提供的主机字符串中指定的化。

xpack.monitoring.exporters:  example1:    type: http    host: "10.1.2.3"  example2:    type: http    host: ["http://10.1.2.4"]  example3:    type: http    host: ["10.1.2.5", "10.1.2.6"]  example4:    type: http    host: ["https://10.1.2.3:9200"]

auth.username

The username is required if a auth.password is supplied.
如果指定了autho.password则用户名是必须的。

auth.password

The password for the auth.username.
用于auth.username的密码。

connection.timeout

The amount of time that the HTTP connection is supposed to wait for a socket to open for the request. The default value is 6s.
HTTP连接的时间用于等待socket来打开请求。默认值是6s。

connection.read_timeout

The amount of time that the HTTP connection is supposed to wait for a socket to send back a response. The default value is 10 * connection.timeout (60s if neither are set).
HTTTP连接的时间被指定来等待socket返回一个响应。默认值是10*connection.timeout（如果没有被设置的话是60s）

ssl

Each HTTP exporter can define its own TLS / SSL settings or inherit them. See the TLS / SSL section below.
每个HTTP导出器可以定义它自己的TLS/SSL设置或内置他们。见下面的TLS / SSL章节

proxy.base_path

The base path to prefix any outgoing request, such as /base/path (e.g., bulk requests would then be sent as /base/path/_bulk). There is no default value.
基本路径前缀用于输出请求，例如/bast/path（例如，请求被发送作为/base/path/_bulk）。这个是默认值。

headers

Optional headers that are added to every request, which can assist with routing requests through proxies.
可选头信息添加到每个请求中，可以指定请求的代理路由。

xpack.monitoring.exporters.my_remote:  headers:    X-My-Array: [abc, def, xyz]    X-My-Header: abc123

Array-based headers are sent n times where n is the size of the array. Content-Type and Content-Length cannot be set. Any headers created by the Monitoring agent will override anything defined here.
基于数组的头信息被发送n次当n是数组的长度时。Content-Type和Content-Length不能被设置。由监控代理创建的任何头信息将被覆盖这里定义的内容。

index.name.time_format

A mechanism for changing the default date suffix for the, by default, daily Monitoring indices. The default value is YYYY.MM.DD, which is why the indices are created daily.
策略用于改变默认的前缀，默认日常的监控设置。默认值是YYYY.MM.DD，就是每天创建。

use_ingest

Whether to supply a placeholder pipeline to the monitoring cluster and a pipeline processor with every bulk request. The default value is true. If disabled, then it means that it will not use pipelines, which means that a future release cannot automatically upgrade bulk requests to future-proof them.
是否应用占位符管道对于监控集群和管道处理器对于每个请求。默认值是true。如果被关闭，意味着他不会使用管道，意味着后续的发行版不能自动更新请求对于后续的内容。

cluster_alerts.management.enabled

Whether to create cluster alerts for this cluster. The default value is true. To use this feature, Watcher must be enabled. If you have a basic license, cluster alerts are not displayed.
是否为这个集群创建集群警告。默认值是true。为了使用这个特性，必须启用Watcher。如果你有一个基础的license，集群警告不会显示。

X-Pack monitoring TLS/SSL Settings

X-Pack监控的TLS/SSL设置

You can configure the following TLS/SSL settings. If the settings are not configured, the Default TLS/SSL Settings are used.
你可以配置下面的TLS/SSL设置。如果设置没有的配置则使用默认的TLS/SSL设置

xpack.monitoring.exporters.$NAME.ssl.supported_protocols

Supported protocols with versions. Valid protocols: SSLv2Hello, SSLv3, TLSv1, TLSv1.1, TLSv1.2. Defaults to TLSv1.2, TLSv1.1, TLSv1. Defaults to the value of xpack.ssl.supported_protocols.
支持的协议和版本。可用的协议是：SSLv2Hello, SSLv3, TLSv1, TLSv1.1, TLSv1.2. Defaults to TLSv1.2, TLSv1.1, TLSv1。默认是xpack.ssl.supported_protocols的值。

xpack.monitoring.exporters.$NAME.ssl.verification_mode

Controls the verification of certificates. Valid values are none, certificate, and full. Defaults to the value of xpack.ssl.verification_mode.
控制验证内容。值是none、certificate和full。默认是xpack.ssl.verification_mode的值。

xpack.monitoring.exporters.$NAME.ssl.cipher_suites

Supported cipher suites can be found in Oracle’s Java Cryptography Architecture documentation. Defaults to the value of xpack.ssl.cipher_suites.
支持加密组件，可以在Oracle的 Java Cryptography Architecture documentation上找到。默认是xpack.ssl.cipher_suites的值。

X-Pack monitoring TLS/SSL Key and Trusted Certificate Settings

X-Pack监控TLS/SSL的Key和可信的验证设置

The following settings are used to specify a private key, certificate, and the trusted certificates that should be used when communicating over an SSL/TLS connection. If none of the settings below are specified, the Default TLS/SSL Settings are used. A private key and certificate are optional and would be used if the server requires client authentication for PKI authentication. If none of the settings below are specified, the Default TLS/SSL Settings are used.
下面的设置备用于指定私钥、certificate和可信的验证可以被使用基于SSL/TLS的通信中。如果没有指定，默认的TLS/SSL设置会被使用。私钥和certificate是可选的并且可以被使用如果服务器要求客户端验证用于PKI的认证。如果没有指定下面的设置，会使用默认的TLS/SSL设置。

PEM Encoded Files

PEM编码文件

When using PEM encoded files, use the following settings:
当使用PEM的编码文件，使用下面的设置：

xpack.monitoring.exporters.$NAME.ssl.key

Path to a PEM encoded file containing the private key.
包含私钥的PEM编码文件的路径。

xpack.monitoring.exporters.$NAME.ssl.key_passphrase

The passphrase that will be used to decrypt the private key. This value is optional as the key may not be encrypted.
密码将会被用于解密私钥。这个值是可选的由于key可能不是加密的。

xpack.monitoring.exporters.$NAME.ssl.certificate

Path to a PEM encoded file containing the certificate (or certificate chain) that will be presented when requested.
PEM编码文件包含的certificate（或certificate链）的路径将会根据请求被持久化。

xpack.monitoring.exporters.$NAME.ssl.certificate_authorities

List of paths to the PEM encoded certificate files that should be trusted.
PEM编码certificate文件的路径列表，其内容是可信的。

Java Keystore Files

Java的Keystore文件

When using Java keystore files (JKS), which contain the private key, certificate and certificates that should be trusted, use the following settings:
当使用Java keystore files（JKS），包含私钥、certificate和可信的certificate，使用下面的设置：

xpack.monitoring.exporters.$NAME.ssl.keystore.path

Path to the keystore that holds the private key and certificate.
包含私钥和certificate的keystore的路径。

xpack.monitoring.exporters.$NAME.ssl.keystore.password

Password to the keystore.
用于keystore的密码

xpack.monitoring.exporters.$NAME.ssl.keystore.key_password

Password for the private key in the keystore. Defaults to the same value as xpack.monitoring.exporters.$NAME.ssl.keystore.password.
用于keystore中私钥的密码。默认值是xpack.monitoring.exporters.$NAME.ssl.keystore.password的值。

xpack.monitoring.exporters.$NAME.ssl.truststore.path

Path to the truststore file.
trustore文件的路径。

xpack.monitoring.exporters.$NAME.ssl.truststore.password

Password to the truststore.
用于trutstore的密码。

Security Settings in Elasticsearch

用于Elasticsearch中的安全设置

You configure xpack.security settings to enable anonymous access and perform message authentication, set up document and field level security, configure realms, and encrypt communications with SSL.
你可以配置xpack.security设置用于enable anonymous access和消息授权，set up document and field level security、configure realms和encrypt communications with SSL。

General Security Settings

通用的安全设置

xpack.security.enabled

Set to true (default) to enable X-Pack security.
设置为true（默认值）来启用X-Pack安全。
If set to false in elasticsearch.yml, X-Pack security is disabled. It also affects all Kibana instances that connect to this Elasticsearch instance; you do not need to disable X-Pack security in those kibana.yml files. For more information about disabling X-Pack security in specific Kibana instances, see Kibana Security Settings.
如果在elasticsearch.yml中设置为ifalse，X-Pack的安全被关闭。他也影响所有的Kibana实例来收集Elasticsearch的实例，你不需要在kibana.yml文件中关闭X-Pack安全。有关更多在指定的Kibana实例中关闭X-Pack安全的内容，参考Kibana Security Settings。

Default Password Security Settings

默认的密码安全设置

xpack.security.authc.accept_default_password

In elasticsearch.yml, set this to false to disable support for the default “changeme” password. For more information, see Disable Default Password Functionality.
在elasticsearch.yml中，设置这个为false将关闭对于默认的”changeme”密码的支持。有关更多的内容，见Disable Default Password Functionality。

Anonymous Access Settings

匿名的访问设置

You can configure the following anonymous access settings in elasticsearch.yml. For more information, see Enabling Anonymous Access.
你可以配置下面的匿名的访问设置在elasticsearch.yml中。有关更多的内容，见Enabling Anonymous Access。

xpack.security.authc.anonymous.username

The username (principal) of the anonymous user. Defaults to _es_anonymous_user.
用于匿名用户的用户名（主要的）。默认是_es_anonymous_user。

xpack.security.authc.anonymous.roles

The roles to associate with the anonymous user. Required.
对于匿名用户的相关的角色。必输项。

xpack.security.authc.anonymous.authz_exception

When true, an HTTP 403 response is returned if the anonymous user does not have the appropriate permissions for the requested action. The user is not prompted to provide credentials to access the requested resource. When set to false, a HTTP 401 is returned and the user can provide credentials with the appropriate permissions to gain access. Defaults to true.
当为true时，HTTP的403响应码被返回如果匿名用户没有相应的权限来实现请求操作。用户没有允许提供访问权限对于请求资源。当设置为false，HTTP的401错误码被返回并且用户可以提供信息来获得访问的权限。默认是true。

Document and Field Level Security Settings

文档和域级别的安全设置

You can set the following document and field level security settings in elasticsearch.yml. For more information, see Setting Up Document and Field Level Security.
你可以设置下面的文档和域级别的安全设置在elasticsearch.yml中。有关更多的信息，见Setting Up Document and Field Level Security

xpack.security.dls_fls.enabled

Set to false to prevent document and field level security from being configured. Defaults to true.
设置为false阻止文档和域级别的安全被配置。默认为true。

Token Service Settings

令牌服务的设置

You can set the following token service settings in elasticsearch.yml.
你可以设置下面的令牌服务的设置在elasticsearch.yml文件中。

xpack.security.authc.token.enabled

Set to true to enable the built-in token service. Defaults to false.
设置为true来开启内置的令牌服务。默认为false。

xpack.security.authc.token.passphrase

A secure passphrase that must be the same on each node and greater than 8 characters in length. This passphrase is used to derive a cryptographic key with which the tokens will be encrypted and authenticated.
安全密码必须同时对于每个节点并且要求八个字符以上。密码被使用来加密key其中令牌用于加密和授权。

xpack.security.authc.token.timeout

The length of time that a token is valid for. By default this value is 20m or 20 minutes. The maximum value is 1 hour.
令牌有效的时间。默认这个值是20m或20分钟。最大值为一小时。

Realm Settings

范围设置

You configure realm settings in the xpack.security.authc.realms namespace in elasticsearch.yml. For example:
你可以配置范围设置在elasticsearch.yml中的xpack.security.authc.realms命名空间中。例如：

xpack.security.authc.realms:    realm1:        type: native        order: 0        ...    realm2:        type: ldap        order: 1        ...    realm3:        type: active_directory        order: 2        ...    ...

The valid settings vary depending on the realm type. For more information, see Setting Up Authentication.
有效的设置依赖于范围的类型。有关更多的内容，参考Setting Up Authentication。

Settings Valid for All Realms

设置有效值对于所有的范围

type

The type of the realm: native, `ldap, active_directory, pki, or file. Required.
范围的类型：native、ldap、active_directory、pki或file。必输项。

order

The priority of the realm within the realm chain. Defaults to Integer.MAX_VALUE.
在范围链中范围的优先级。默认是Integer.MAX_VALUE。

enabled

Enable/disable the realm. Defaults to true.
开启关闭范围。默认是true。

File Realm Settings

文件范围设置

cache.ttl

The time-to-live for cached user entries—user credentials are cached for this configured period of time. Defaults to 20m. Specify values using the standard Elasticsearch time units. Defaults to 20m.
用于缓存用户验证权限的时间。默认是20m。指定值使用标准的Elasticsearch时间单位。默认是20m。

cache.max_users

The maximum number of user entries that can live in the cache at a given time. Defaults to 100,000.
最大数量的用户实体可以存在于缓存中对于给定的时间。默认是100000。

cache.hash_algo

(Expert Setting) The hashing algorithm that is used for the in-memory cached user credentials. See the Cache hash algorithms table for all possible values. Defaults to ssha256.
（高级设置）哈希算法用于内存中的缓存验证。见Cache hash algorithms表格来查找可选值。默认是ssha256。

LDAP Realm Settings

LDAP范围设置

url

An LDAP URL in the format ldap[s]://:. Required.
LDAP的URL格式要求为ldap[s]://<server>:<port>。必输项。

load_balance.type

The behavior to use when there are multiple LDAP URLs defined. For supported values see LDAP load balancing and failover types. Defaults to failover.
当定义多个LDAP的URL时的使用行为。对于支持的值参考LDAP load balancing and failover types。默认是failover。

load_balance.cache_ttl

When using dns_failover or dns_round_robin as the load balancing type, this setting controls the amount of time to cache DNS lookups. Defaults to 1h.
当使用dns_failover或dns_round_robin作为负载均衡类型，这个设置控制时间来缓存DNS的查找。默认是1h。

bind_dn

The DN of the user that will be used to bind to the LDAP and perform searches. Only applicable in user search mode. If this is not specified, an anonymous bind will be attempted. Defaults to Empty.
用户的DN将被使用来绑定LDAP和执行搜索。只适用于user search mode。如果没有被指定，将会尝试匿名绑定。默认是Empty。

bind_password

The password for the user that will be used to bind to the LDAP. Defaults to Empty.
用户使用的密码将被使用来绑定LDAP。默认是Empty。

user_dn_templates

The DN template that replaces the user name with the string {0}. This element is multivalued; you can specify multiple user contexts. Required to operate in user template mode. Not valid if user_search.base_dn is specified. For more information on the different modes, see LDAP realms.
DN模板使用string {0}来替换用户的姓名。这个元素是可以多值的，你可以指定多个用户上下文。要求在用户模板模式下操作。如果指定了user_search.base_on的话则不会生效。有关对于不同模式的更多信息，见LDAP realms。

user_group_attribute

Specifies the attribute to examine on the user for group membership. The default is memberOf. This setting will be ignored if any group_search settings are specified. Defaults to memberOf.
指定对于用户的检查属性用于组成员。默认是memberOf。这个设置将被忽略如果指定了任何的group_search。默认是memberOf。

user_search.base_dn

Specifies a container DN to search for users. Required to operated in user search mode. Not valid if user_dn_templates is specified. For more information on the different modes, see LDAP realms.
指定一个容器DW来寻找用户。要求在用户查询模式下操作。如果指定了user_dn_templates`则不会生效。有关不同模式的更多信息。见LDAP realms。

user_search.scope

The scope of the user search. Valid values are sub_tree, one_level or base. one_level only searches objects directly contained within the base_dn. sub_tree searches all objects contained under base_dn. base specifies that the base_dn is the user object, and that it is the only user considered. Defaults to sub_tree.
用户搜索的范围。可选值是sub_tree、one_level和base。one_level只会搜索直接使用在base_on中的。sub_tree搜索所有在base_on之下的内容。base指定base_on是一个用户object并且只考虑用户。默认是sub_tree。

user_search.attribute

The attribute to match with the username presented to. Defaults to uid.
匹配用户名的属性。默认是uid。

user_search.pool.enabled

Enables or disables connection pooling for user search. When disabled a new connection is created for every search. The default is true.
开启和关闭用户搜索的连接池。当关闭时会为每个查询创建一个新的连接。默认值是true。

user_search.pool.size

The maximum number of connections to the LDAP server to allow in the connection pool. Defaults to 20.
对于LDAP服务器允许的最大连接数在连接池中。默认是20个。

user_search.pool.initial_size

The initial number of connections to create to the LDAP server on startup. Defaults to 5.
在启动时创建初始连接的数目。默认是5个。

user_search.pool.health_check.enabled

Flag to enable or disable a health check on LDAP connections in the connection pool. Connections are checked in the background at the specified interval. Defaults to true.
开启或关闭标志用于检查LDAP连接在连接池中。连接被检查在后台经过指定的时间间隔。默认是true。

user_search.pool.health_check.dn

The distinguished name to be retrieved as part of the health check. Defaults to the value of bind_dn. Required if bind_dn is not specified.
作为健康检测的一部分获得的名字。默认是bind_on的值。如果没有指定bind_on的话则为必输项。

user_search.pool.health_check.interval

The interval to perform background checks of connections in the pool. Defaults to 60s.
执行后台检查对于连接池中的连接的间隔时间。默认是60s。

group_search.base_dn

The container DN to search for groups in which the user has membership. When this element is absent, Security searches for the attribute specified by user_group_attribute set on the user in order to determine group membership.
容器DN用于搜索组对于包含在组内的用户。当这个元素不存在时，安全检查属性通过user_group_attribute指定的用户将会决定组。

group_search.scope

Specifies whether the group search should be sub_tree, one_level or base. one_level only searches objects directly contained within the base_dn. sub_tree searches all objects contained under base_dn. base specifies that the base_dn is a group object, and that it is the only group considered. Defaults to sub_tree.
指定组搜索是否应当是sub_tree、one_level或base。one_level只会搜索直接使用在base_on中的。sub_tree搜索所有在base_on之下的内容。base指定base_on是一个用户object并且只考虑用户。默认是sub_tree。

group_search.filter

When not set, the realm searches for group, groupOfNames, groupOfUniqueNames, or posixGroup with the attributes member, memberOf, or memberUid. Any instance of {0} in the filter is replaced by the user attribute defined in group_search.user_attribute.
如果没有被指定，则范围搜索用于group、groupOfNames、groupOfUniqueNames或posixGroup使用属性member、mebmerOf或memberUid。任何有关{0}的实例在过滤器中被替代通过用户属性定义在group_search.user_attribute中。

group_search.user_attribute

Specifies the user attribute that will be fetched and provided as a parameter to the filter. If not set, the user DN is passed into the filter. Defaults to Empty.
指定用户属性将获取和提供作为过滤器的一部分。如果没有设置，用户DN被床底DAO过滤器中。默认是为空。

unmapped_groups_as_roles

Takes a boolean variable. When this element is set to true, the names of any LDAP groups that are not referenced in a role-mapping file are used as role names and assigned to the user. Defaults to false.
要求一个布尔值。当这个元素被指定为true，LDAP组的名字没有引用role-mapping文件被使用作为角色名并且赋值给用户。默认是false。

files.role_mapping

The location for the YAML role mapping configuration file. Defaults to CONFIG_DIR/x-pack/role_mapping.yml.
YAML角色配置文件的位置。默认是CONFIG_DIR/x-pack/role_mapping.yml。

follow_referrals

Boolean value that specifies whether Securityshould follow referrals returned by the LDAP server. Referrals are URLs returned by the server that are to be used to continue the LDAP operation (e.g. search). Defaults to true.
布尔值指定Securityshould符合LDAP服务器的返回。返回是URL通过服务器返回被使用来继续LDAP操作（例如，搜索）。默认是true。

metadata

A list of additional LDAP attributes that should be loaded from the LDAP server and stored in the authenticated user’s metadata field.
额外的LDAP属性的列表应当被加载从LDAP服务器中并且存储在授权的用户元数据域中。

timeout.tcp_connect

The TCP connect timeout period for establishing an LDAP connection. An s at the end indicates seconds, or ms indicates milliseconds. Defaults to 5s (5 seconds ).
TCP连接超时用于建立LDAP连接。其中s代表单位为秒，或ms指定为毫秒。默认是5s（5秒）。

timeout.tcp_read

The TCP read timeout period after establishing an LDAP connection. An s at the end indicates seconds, or ms indicates milliseconds. Defaults to 5s (5 seconds ).
TCP读超时在建立LDAP连接之后。 其中s代表单位为秒，或ms指定为毫秒。默认是5s（5秒）。

timeout.ldap_search

The LDAP Server enforced timeout period for an LDAP search. An s at the end indicates seconds, or ms indicates milliseconds. Defaults to 5s (5 seconds ).
LDAP服务器强制超时对于LDAP搜索。其中s代表单位为秒，或ms指定为毫秒。默认是5s（5秒）。

ssl.key

Path to a PEM encoded file containing the private key.
PEM编码文件的路径包含私钥。

ssl.key_passphrase

The passphrase that will be used to decrypt the private key. This value is optional as the key may not be encrypted.
密码将会用户加密私钥。这个值是可选的由于key可能不会被加密。

ssl.certificate

Path to a PEM encoded file containing the certificate (or certificate chain) that will be presented to clients when they connect.
PEM编码文件的路径包含certificate（或certificate链）将被展示给客户端当他们连接的时候。

ssl.certificate_authorities

List of paths to PEM encoded certificate files that should be trusted.
PEM编码certificate文件的路径的列表应当是可信的。

ssl.keystore.path

The path to the Java Keystore file that contains a private key and certificate. ssl.key and ssl.keystore.path may not be used at the same time.
Java的Keystore的路径包含私钥和certificate、ssl.key和ssl.keystore.path可能不会被同时使用。

ssl.keystore.password

The password to the keystore.
keystore的密码。

ssl.keystore.key_password

The password for the key in the keystore. Defaults to the keystore password.
用于在keystore中key的密码。默认是keystore的密码。

ssl.truststore.path

The path to the Java Keystore file that contains the certificates to trust. ssl.certificate_authorities and ssl.truststore.path may not be used at the same time.
Java的Keystore文件的路径包含可信的certificate。ssl.certificate_authorities和ssl.truststore.path可能不会同时使用。

ssl.truststore.password

The password to the truststore.
用于truststore的密码。

ssl.verification_mode

Indicates the type of verification when using ldaps to protect against man in the middle attacks and certificate forgery. Values are none, certificate, and full. Defaults to the value of xpack.ssl.verification_mode.
指定验证的类型当使用ldap来保护中间攻击和certificate的伪造。值可以是none、certificate和full。默认是xpack.ssl.verification_mode的值。

ssl.supported_protocols

Supported protocols with versions. Defaults to the value of xpack.ssl.supported_protocols.
支持的带有版本的协议。默认是xpack.ssl.supported_protocols的值。

ssl.cipher_suites Supported cipher suites can be found in Oracle’s Java Cryptography Architecture documentation. Defaults to the value of xpack.ssl.cipher_suites.
ssl.cipher_suites支持加密包可以被找到在Oracle的Java Cryptography Architecture documentation中。默认是xpack.ssl.cipher_suites的值。

cache.ttl

Specifies the time-to-live for cached user entries (a user and its credentials are cached for this period of time). Use the standard Elasticsearch time units). Defaults to 20m.
指定缓存用户实体的时间（一个用户和他的验证被缓存的时间）。使用标准的Elasticsearch单位。默认是20m。

cache.max_users

Specifies the maximum number of user entries that the cache can contain. Defaults to 100000.
指定用户实体被包含在缓存中的最大数目。默认是100000。

cache.hash_algo

(Expert Setting) Specifies the hashing algorithm that is used for the in-memory cached user credentials (see Cache hash algorithms table for all possible values). Defaults to ssha256.
（高级设置）指定哈希算法用于内存缓存用户验证（见Cache hash algorithms来了解可选值）。默认是ssha256。

Active Directory Realm Settings

激活目录范围的设置

url

A URL in the format ldap[s]://:. Defaults to ldap://:389.
URL格式要求是ldap[s]://<server>:<port>。默认是ldap://<domain_name>:389。

load_balance.type

The behavior to use when there are multiple LDAP URLs defined. For supported values see load balancing and failover types. Defaults to failover.
当指定多个LDAP的URL时的行为。可选值见load balancing and failover types。默认是failover。

load_balance.cache_ttl

When using dns_failover or dns_round_robin as the load balancing type, this setting controls the amount of time to cache DNS lookups. Defaults to 1h.
当使用dns_failover或dns_round_robin作为负载均衡类型时，这个设置控制缓存DNS查找的时间。默认是1h。

domain_name

The domain name of Active Directory. The cluster can derive the URL and user_search_dn fields from values in this element if those fields are not otherwise specified. Required.
激活的目录的域名。集群可以使用URL和user_search_field用于来自这个元素如果这些域没有被指定的话。必输项。

unmapped_groups_as_roles

Takes a boolean variable. When this element is set to true, the names of any LDAP groups that are not referenced in a role-mapping file are used as role names and assigned to the user. Defaults to false.
使用布尔值。当这个元素被设置为true，任何LDAP组的名字不是引用role-mapping文件被使用作为角色名和赋值个用户。默认是false。

files.role_mapping

The location for the YAML role mapping configuration file. Defaults to CONFIG_DIR/x-pack/role_mapping.yml.
YAML角色匹配配置文件的位置。默认是CONFIG_DIR/x-pack/role_mapping.yml。

user_search.base_dn

The context to search for a user. Defaults to the root of the Active Directory domain.
搜索用于用户的上下文。默认是激活目录域名的根。

user_search.scope

Specifies whether the user search should be sub_tree, one_level or base. one_level only searches users directly contained within the base_dn. sub_tree searches all objects contained under base_dn. base specifies that the base_dn is a user object, and that it is the only user considered. Defaults to sub_tree.
指定用户搜索是否是sub_tree、one_level或base。 one_level只会搜索直接使用在base_on中的。sub_tree搜索所有在base_on之下的内容。base指定base_on是一个用户object并且只考虑用户。默认是sub_tree。

user_search.filter

Specifies a filter to use to lookup a user given a username. The default filter looks up user objects with either sAMAccountName or userPrincipalName.
指定使用的过滤器用于查找用户通过给定的用户名。默认的过滤器查找用户object使用sAMAccountName和userPrincipalName。

user_search.upn_filter

Specifies a filter to use to lookup a user given a user principal name. The default filter looks up user objects with either a matching userPrincipalName or a sAMAccountName matching the account portion of the user principal name. If specified, this must be a valid LDAP user search filter, for example (&(objectClass=user)(sAMAccountName={0})). {0} is the value preceding the @ sign in the user principal name and {1} is the full user principal name provided by the user.
指定使用的过滤器来查找用户对于给定的名字。默认的过滤器查找用户object使用匹配的userPrincipalName和sAMAccountName来匹配用户的位置。如果指定必须是一个合法的LDAP用户查询过滤器，例如：(&(objectClass=user)(sAMAccountName={0}))。 {0} 是处理用户名字中@的标志并且{1}是用户提供的全用户名。

user_search.down_level_filter

Specifies a filter to use to lookup a user given a down level logon name (DOMAIN\user). The default filter looks up user objects with a matching sAMAccountName in the domain provided. If specified, this must be a valid LDAP user search filter, for example (&(objectClass=user)(sAMAccountName={0})).
指定过滤器来查找用户对于给定登录名(DOMAIN\user). 默认过滤器查找用户object使用匹配的sAMAccountName在域名中被提供。如果被指定，必须是一个合法的LDAP用户搜索过滤器，例如：(&(objectClass=user)(sAMAccountName={0})).

group_search.base_dn

The context to search for groups in which the user has membership. Defaults to the root of the Active Directory domain.
用于组查询的上下文当用户在于组之中。默认是激活目录域名的根。

group_search.scope

Specifies whether the group search should be sub_tree, one_level or base. one_level searches for groups directly contained within the base_dn. sub_tree searches all objects contained under base_dn. base specifies that the base_dn is a group object, and that it is the only group considered. Defaults to sub_tree.
指定组搜索应当是sub_tree、one_level或base。 one_level只会搜索直接使用在base_on中的。sub_tree搜索所有在base_on之下的内容。base指定base_on是一个用户object并且只考虑用户。默认是sub_tree。

metadata

A list of additional LDAP attributes that should be loaded from the LDAP server and stored in the authenticated user’s metadata field.
额外的LDAP属性的列表应当被加载来自LDAP服务器和存储在授权的用户元数据的域中。

timeout.tcp_connect

The TCP connect timeout period for establishing an LDAP connection. An s at the end indicates seconds, or ms indicates milliseconds. Defaults to 5s (5 seconds ).
TCP连接超时用于建立LDAP连接。s代表单位是秒或ms代表单位是毫秒。默认是5s（5秒）。

timeout.tcp_read

The TCP read timeout period after establishing an LDAP connection. An s at the end indicates seconds, or ms indicates milliseconds. Defaults to 5s (5 seconds ).
在建立LDAP连接之后的TCP读超时。s代表单位是秒或ms代表单位是毫秒。默认是5s（5秒）。

timeout.ldap_search

The LDAP Server enforced timeout period for an LDAP search. An s at the end indicates seconds, or ms indicates milliseconds. Defaults to 5s (5 seconds ).
LDAP服务器强制的LDAP搜索的超时。s代表单位是秒或ms代表单位是毫秒。默认是5s（5秒）。

ssl.key

Path to the PEM encoded file containing the private key.
PEM编码文件的路径包含私钥。

ssl.key_passphrase

The passphrase that will be used to decrypt the private key. This value is optional as the key may not be encrypted.
密码用于加密私钥。这个值是可选的因为key可能没有被加密。

ssl.certificate

Path to a PEM encoded file containing the certificate (or certificate chain) that will be presented to clients when they connect.
PEM编码文件的路径包含certificate（或certificate链）将被展示给客户端当他们连接的时候。

ssl.certificate_authorities

List of paths to PEM encoded certificate files that should be trusted.
PEM编码的certificate文件的路径的列表应当是可信的。

ssl.keystore.path

The path to the Java Keystore file that contains a private key and certificate.
Java Keystore文件的路径包含私钥和certificate。

ssl.keystore.password

The password to the keystore.
用于keystore的密码。

ssl.keystore.key_password

The password for the key in the keystore. Defaults to the keystore password.
用于在keystore的key的密码。默认是keystore的密码。

ssl.truststore.path

The path to the Java Keystore file that contains the certificates to trust.
Java Keystore文件的路径包含可信的certificate。

ssl.truststore.password

The password to the truststore.
truststore的密码。

ssl.verification_mode

Indicates the type of verification when using ldaps to protect against man in the middle attacks and certificate forgery. Values are none, certificate, and full. Defaults to the value of xpack.ssl.verification_mode.
指定验证的类型当ldap保护中间攻击和certificate伪造。可取值为none、certificate和full。默认是的xpack.ssl.verification_mode的值。

ssl.supported_protocols

Supported protocols with versions. Defaults to the value of xpack.ssl.supported_protocols.
支持带有版本的协议。默认是xpack.ssl.supported_protocols的值。

ssl.cipher_suites Supported cipher suites can be found in Oracle’s Java Cryptography Architecture documentation. Defaults to the value of xpack.ssl.cipher_suites.
ssl.cipher_suites支持加密包可以被找到在Oracle的Java Cryptography Architecture documentation中。默认是xpack.ssl.cipher_suites的值。

cache.ttl

Specifies the time-to-live for cached user entries (user credentials are cached for this configured period of time). Use the standard Elasticsearch time units). Defaults to 20m.
指定缓存用户实体的超时（用户验证被缓存用于这个配置的时长）。使用标准的Elasticsearch单位。美容恩是20m。

cache.max_users

Specifies the maximum number of user entries that the cache can contain. Defaults to 100000.
指定最大数目的用户实体的缓存可以包含。默认是100000.

cache.hash_algo

(Expert Setting) Specifies the hashing algorithm that will be used for the in-memory cached user credentials (see Cache hash algorithms table for all possible values). Defaults to ssha256.
（高级设置）指定哈希算法将被使用在内存缓存用户验证（见Cache hash alogrithms来了解可取值）。默认是ssha256.

PKI Realm Settings

PKI范围设置

username_pattern

The regular expression pattern used to extract the username from the certificate DN. The first match group is the used as the username. Defaults to CN=(.*?)(?:,|$)
正则表达式用于处理certificate的DN中的用户名。首先匹配组使用的是用户名。默认是CN=(.*?)(?:,|$)。

certificate_authorities

List of PEM certificate files that should be used to authenticate a user’s certificate as trusted. Defaults to the trusted certificates configured for SSL. See the SSL settings section of the PKI realm documentation for more information. This setting may not be used with truststore.path.
PEM的certificate文件的列表应当被使用来授权一个用户的可信的certificate。默认是用可信的certificate来配置SSL。见PKI范围文档的SSL settings来了解更多的内容。这个设置可能不会使用trustore.path。

truststore.path

The path of a truststore to use. Defaults to the trusted certificates configured for SSL. See the SSL settings section of the PKI realm documentation for more information. This setting may not be used with certificate_authorities.
使用的truststore的路径。默认对于可信的certificate配置用于SSL。见PKI范围文档的SSL settings来了解更多的内容。这个设置可能不会被使用certificate_authorities。

truststore.password

The password for the truststore. Must be provided if truststore.path is set.
用于truststore的密码。如果设置了truststore.path的话必须被指定。

truststore.algorithm

Algorithm for the truststore. Defaults to SunX509.
用于truststore的算法。默认是SunX509.

files.role_mapping

Specifies the location of the YAML role mapping configuration file. Defaults to CONFIG_DIR/x-pack/role_mapping.yml.
指定YAML角色匹配配置文件的位置。默认是CONFIG_DIR/x-pack/role_mapping.yml。

Default TLS/SSL Settings

默认的TLS/SSl设置

You can configure the following TLS/SSL settings in elasticsearch.yml. For more information, see Encrypting Communications. These settings will be used for all of X-Pack unless they have been overridden by more specific settings such as those for HTTP or Transport.
你可以在elasticsearch.yml中配置TLS/SSL设置。有关更多的信息，见Encrypting Communications。这些设置将被使用于所有的X-Pack除非对于HTTP或传输中进行了特殊的指定。

xpack.ssl.supported_protocols

Supported protocols with versions. Valid protocols: SSLv2Hello, SSLv3, TLSv1, TLSv1.1, TLSv1.2. Defaults to TLSv1.2, TLSv1.1, TLSv1.
支持的带有版本的协议。合法的协议是：SSLv2Hello, SSLv3, TLSv1, TLSv1.1, TLSv1.2. Defaults to TLSv1.2, TLSv1.1, TLSv1.

xpack.ssl.client_authentication

Controls the server’s behavior in regard to requesting a certificate from client connections. Valid values are required, optional, and none. required forces a client to present a certificate, while optional requests a client certificate but the client is not required to present one. Defaults to required.
控制服务器的行为当客户端连接请求验证时。可选的值为required、optional和none。required强制客户端展示certificate，当optional请求客户端的certificate但是客户端没有要求展示。默认是required。

xpack.ssl.verification_mode

Controls the verification of certificates. Valid values are none, certificate, and full. Defaults to full.
控制certificate的验证。合法值为none、certificate和full。默认是full。

xpack.ssl.cipher_suites Supported cipher suites can be found in Oracle’s Java Cryptography Architecture documentation. Defaults to TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA.
xpack.ssl.cipher_suites的支持可以在Oracle的Java Cryptography Architecture documentation中找到。默认是TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA。

Default TLS/SSL Key and Trusted Certificate Settings

默认的TLS/SSL的key和可信的验证设置

The following settings are used to specify a private key, certificate, and the trusted certificates that should be used when communicating over an SSL/TLS connection. If none of the settings below are specified, this will default to the X-Pack defaults. If no trusted certificates are configured, the default certificates that are trusted by the JVM will be trusted along with the certificate(s) from the key settings. The key and certificate must be in place for connections that require client authentication or when acting as a SSL enabled server.
下面的设置可以被使用来指定私钥、certificate和可信的certificate应当被使用当使用基于SSL/TLS的通讯时。如果没有指定下面的设置，将默认指定为X-Pack。如果没有配置可信的验证，默认的certificate是可信的并且JVM将使用其中的key设置。key和certificate必须被放置在连接中要求客户端授权或是一个开启SSL的服务器。

PEM Encoded Files

PEM编码文件

When using PEM encoded files, use the following settings:
当使用PEM编码文件，需要使用下面的设置：

xpack.ssl.key

Path to the PEM encoded file containing the private key.
PEM编码文件的路径包含私钥。

xpack.ssl.key_passphrase

The passphrase that will be used to decrypt the private key. This value is optional as the key may not be encrypted.
将被使用来加密私钥的密码。这个值是可选的由于key可能没有被加密。

xpack.ssl.certificate

Path to a PEM encoded file containing the certificate (or certificate chain) that will be presented to clients when they connect.
PEM编码文件的路径包含certificate（或certificate链）将被展示给客户端当他们进行连接的时候。

xpack.ssl.certificate_authorities

List of paths to the PEM encoded certificate files that should be trusted.
PEM编码的certificate文件的路径的列表应当是可信的。

Java Keystore Files

Java的Keystore文件

When using Java keystore files (JKS), which contain the private key, certificate and certificates that should be trusted, use the following settings:
当使用Java Keystore文件（JKS）时，包含私钥、certificate和certificate应当是可信的，使用下面的设置：

xpack.ssl.keystore.path

Path to the keystore that holds the private key and certificate.
keystore的路径保存私钥和certificate。

xpack.ssl.keystore.password

Password to the keystore.
用于keystore的密码。

xpack.ssl.keystore.key_password

Password for the private key in the keystore. Defaults to the same value as xpack.ssl.keystore.password.
用于在keystore中私钥的密码。默认是xpack.ssl.keystore.password的值。

xpack.ssl.truststore.path

Path to the truststore file.
truststore文件的路径。

xpack.ssl.truststore.password

Password to the truststore.
用于truststore的密码。

HTTP TLS/SSL Settings

HTTP的TLS/SSL设置

You can configure the following TLS/SSL settings. If the settings are not configured, the Default TLS/SSL Settings are used.
你可以配置下面的TLS/SSL设置。如果没有被指定则会使用默认的TLS/SSL设置。

xpack.security.http.ssl.enabled

Used to enable or disable TLS/SSL. The default is false.
使用来开启或关闭TLS/SSL。默认是false。

xpack.security.http.ssl.supported_protocols

Supported protocols with versions. Valid protocols: SSLv2Hello, SSLv3, TLSv1, TLSv1.1, TLSv1.2. Defaults to TLSv1.2, TLSv1.1, TLSv1. Defaults to the value of xpack.ssl.supported_protocols.
支持的带有版本的协议。合法的协议是：SSLv2Hello, SSLv3, TLSv1, TLSv1.1, TLSv1.2. Defaults to TLSv1.2, TLSv1.1, TLSv1。默认是xpack.ssl.supported_protocols的值。

xpack.security.http.ssl.client_authentication

Controls the server’s behavior in regard to requesting a certificate from client connections. Valid values are required, optional, and none. required forces a client to present a certificate, while optional requests a client certificate but the client is not required to present one. Defaults to none.
控制服务器的行为用于请求来自客户连接的certificate。 可选的值为required、optional和none。required强制客户端展示certificate，当optional请求客户端的certificate但是客户端没有要求展示。默认是none。

xpack.security.http.ssl.cipher_suites

Supported cipher suites can be found in Oracle’s Java Cryptography Architecture documentation. Defaults to the value of xpack.ssl.cipher_suites.
支持的加密工具可以在Oracle的Java Cryptography Architecture documentation中找到。默认是xpack.ssl.cipher_suites的值。

HTTP TLS/SSL Key and Trusted Certificate Settings

HTTP的TLS/SSL的key和可信的certificate设置

The following settings are used to specify a private key, certificate, and the trusted certificates that should be used when communicating over an SSL/TLS connection. If none of the settings below are specified, the Default TLS/SSL Settings are used. A private key and certificate must be configured. If none of the settings below are specified, the Default TLS/SSL Settings are used.
下面的设置被使用用于指定私钥、certificate和可信的certificate可以被使用当基于SSL/TLS连接的时候。如果没有指定下面的设置，则默认的TLS/SSL设置将被使用。必须配置私钥和certificate。如果没有指定下面的设置，会使用默认的TLS/SSL设置。

PEM Encoded Files

PEM编码文件

When using PEM encoded files, use the following settings:
当使用PEM编码文件时，使用下面的设置：

xpack.security.http.ssl.key

Path to a PEM encoded file containing the private key.
PEM编码文件的路径包含私钥。

xpack.security.http.ssl.key_passphrase

The passphrase that will be used to decrypt the private key. This value is optional as the key may not be encrypted.
密码将被使用来加密私钥。这个值是可选的由于key可能不是被加密的。

xpack.security.http.ssl.certificate

Path to a PEM encoded file containing the certificate (or certificate chain) that will be presented when requested.
PEM编码文件的路径包含certificate（或certificate链）当请求的时候会被展示。

xpack.security.http.ssl.certificate_authorities

List of paths to the PEM encoded certificate files that should be trusted.
PEM编码的certificate文件的路径的列表应当是可信的。

Java Keystore Files

Java的Keystore文件

When using Java keystore files (JKS), which contain the private key, certificate and certificates that should be trusted, use the following settings:
当使用Java的keystore文件（JKS）包含私钥、certificate和certificate应当是可信的，使用下面的设置：

xpack.security.http.ssl.keystore.path

Path to the keystore that holds the private key and certificate.
keystore的路径保存私钥和certificate。

xpack.security.http.ssl.keystore.password

Password to the keystore.
用于keystore的密码。

xpack.security.http.ssl.keystore.key_password

Password for the private key in the keystore. Defaults to the same value as xpack.security.http.ssl.keystore.password.
用于在keystore中私钥的密码。默认是xpack.security.http.ssl.keystore.password的值。

xpack.security.http.ssl.truststore.path

Path to the truststore file.
truststore文件的路径。

xpack.security.http.ssl.truststore.password

Password to the truststore.
用于truststore的密码。

Transport TLS/SSL Settings

传输TLS/SSL设置

You can configure the following TLS/SSL settings. If the settings are not configured, the Default TLS/SSL Settings are used.
你可以配置下面的TLS/SSL设置。如果没有被设置则会使用默认的TLS/SSL设置。

xpack.security.transport.ssl.enabled

Used to enable or disable TLS/SSL. The default is false.
使用来开启或关闭TLS/SSL。默认是false。

xpack.security.transport.ssl.supported_protocols

Supported protocols with versions. Valid protocols: SSLv2Hello, SSLv3, TLSv1, TLSv1.1, TLSv1.2. Defaults to TLSv1.2, TLSv1.1, TLSv1. Defaults to the value of xpack.ssl.supported_protocols.
支持的带有版本的协议。合法的协议是：SSLv2Hello, SSLv3, TLSv1, TLSv1.1, TLSv1.2. Defaults to TLSv1.2, TLSv1.1, TLSv1。默认的值是xpack.ssl.supported_protocols的值。

xpack.security.transport.ssl.client_authentication

Controls the server’s behavior in regard to requesting a certificate from client connections. Valid values are required, optional, and none. required forces a client to present a certificate, while optional requests a client certificate but the client is not required to present one. Defaults to the value of xpack.ssl.client_authentication.
控制服务器的行为要求客户端的请求来请求certificate。可选的值为required、optional和none。required强制客户端展示certificate，当optional请求客户端的certificate但是客户端没有要求展示。默认是xpack.ssl.client_authentication的值。

xpack.security.transport.ssl.verification_mode

Controls the verification of certificates. Valid values are none, certificate, and full. Defaults to the value of xpack.ssl.verification_mode.
控制certificate的验证。合法取值是none、certificate和full。默认是xpack.ssl.verification_mode的值。

xpack.security.transport.ssl.cipher_suites

Supported cipher suites can be found in Oracle’s Java Cryptography Architecture documentation. Defaults to the value of xpack.ssl.cipher_suites.
支持加密包可以在Oracle的Java Cryptography Architecture documentation中被找到。默认是xpack.ssl.cipher_suites的值。

Transport TLS/SSL Key and Trusted Certificate Settings

传输TLS/SSL的Key和可信的certificate设置

The following settings are used to specify a private key, certificate, and the trusted certificates that should be used when communicating over an SSL/TLS connection. If none of the settings below are specified, the Default TLS/SSL Settings are used. A private key and certificate must be configured. If none of the settings below are specified, the Default TLS/SSL Settings are used.
下面的设置用于指定私钥、certificate和可信的certificate被使用基于SSL/TLS通信。如果没有指定会使用默认的TLS/SSL设置。私钥和certificate必须被配置。如果没有指定则会使用默认的TLS/SSL设置。

PEM Encoded Files

PEM编码文件

When using PEM encoded files, use the following settings:
当使用PEM编码文件时，使用下面的设置：

xpack.security.transport.ssl.key

Path to a PEM encoded file containing the private key.
PEM编码文件的路径包含私钥。

xpack.security.transport.ssl.key_passphrase

The passphrase that will be used to decrypt the private key. This value is optional as the key may not be encrypted.
密码将被使用用于加密私钥。这个值是可选的由于key可能没有被加密。

xpack.security.transport.ssl.certificate

Path to a PEM encoded file containing the certificate (or certificate chain) that will be presented when requested.
PEM编码文件的路径包含certificate（或certificate的链）当被请求时会被展示。

xpack.security.transport.ssl.certificate_authorities

List of paths to the PEM encoded certificate files that should be trusted.
PEM编码的certificate文件的路径的列表应当是可信的。

Java Keystore Files

Java的Keystore文件

When using Java keystore files (JKS), which contain the private key, certificate and certificates that should be trusted, use the following settings:
当使用Java的keystore文件（JKS）时，包含私钥、certificate和可信的certificate，使用如下的设置：

xpack.security.transport.ssl.keystore.path

Path to the keystore that holds the private key and certificate.
keystore的路径保存私钥和certificate。

xpack.security.transport.ssl.keystore.password

Password to the keystore.
keystore的密码。

xpack.security.transport.ssl.keystore.key_password

Password for the private key in the keystore. Defaults to the same value as xpack.security.transport.ssl.keystore.password.
用于keystore中私钥的密码。默认是xpack.security.transport.ssl.keystore.password的值。

xpack.security.transport.ssl.truststore.path

Path to the truststore file.
truststore文件的路径。

xpack.security.transport.ssl.truststore.password

Password to the truststore.
用于truststore的密码。

Transport Profile TLS/SSL Settings

传输数据的TLS/SSL设置

The same settings that are available for the default transport are also available for each transport profile. By default, the settings for a transport profile will be the same as the default transport unless they are specified.
相同的设置是可用的适用于默认的传输并且适用于每个传输数据。默认的，用于传输数据的设置将使用默认值除非特殊指定。

As an example, lets look at the enabled setting. For the default transport this is xpack.security.transport.ssl.enabled. In order to use this setting in a transport profile, use the prefix transport.profiles.$PROFILE.xpack.security. and append the portion of the setting after xpack.security.transport.. For the enabled setting, this would be transport.profiles.$PROFILE.xpack.security.ssl.enabled.
举个例子，让我们看一下已经启用的设置。对于默认的传输是xpack.security.transport.ssl.enabled。为了使用这个设置在传输文件中，使用前缀transport.profiles.$PROFILE.xpack.security.和添加设置的一部分在xpack.security.transport.之后。为了启用设置可以是transport.profiles.$PROFILE.xpack.security.ssl.enabled。

IP Filtering Settings

IP过滤器设置

You can configure the following settings for IP filtering.
你可以配置下面的设置用于IP过滤器。

xpack.security.transport.filter.allow

List of IP addresses to allow.
允许的IP地址列表。

xpack.security.transport.filter.deny

List of IP addresses to deny.
阻止的IP地址列表。

xpack.security.http.filter.allow

List of IP addresses to allow just for HTTP.
只允许HTTP协议的IP地址列表。

xpack.security.http.filter.deny

List of IP addresses to deny just for HTTP.
只拒绝HTTP协议的IP地址列表。

transport.profiles.$PROFILE.xpack.security.filter.allow

List of IP addresses to allow for this profile.
允许这个设置的IP地址列表。

transport.profiles.$PROFILE.xpack.security.filter.deny

List of IP addresses to deny for this profile.
阻止这个设置的IP地址列表。

Watcher Settings in Elasticsearch

在Elasticsearch中观察器的设置

You configure xpack.notification settings in elasticsearch.yml to send set up Watcher and send notifications via email, HipChat, Slack, and PagerDuty.
你可以在elasticsearch.yml中配置xpack.notification设置来发送启动观察器并且发送通知通过email、HipChat、Slack和PagerDuty。

General Watcher Settings

通用的观察器设置

xpack.watcher.enabled

Set to false to disable Watcher.
设置为false可以关闭观察器。

xpack.http.proxy.host

Specifies the address of the proxy server to use to connect to HTTP services.
指定代理服务器的地址用于连接HTTP服务。

xpack.http.proxy.port

Specifies the port number to use to connect to the proxy server.
指定使用来连接代理服务器的端口号。

xpack.http.default_connection_timeout

The maximum period to wait until abortion of the request, when a connection is being initiated.
当一个连接被初始化之后，最大的等待时间直到放弃请求。

xpack.http.default_read_timeout

The maximum period of inactivity between two data packets, before the request is aborted.
在请求被抛弃之前，最大的两个包之间的间隔时间。

Watcher TLS/SSL Settings

观察器的TLS/SSL设置

You can configure the following TLS/SSL settings. If the settings are not configured, the Default TLS/SSL Settings are used.
你可以配置如下的设置。如果下面的设置没有被指定，会使用默认的TLS/SSL设置。

xpack.http.ssl.supported_protocols

Supported protocols with versions. Valid protocols: SSLv2Hello, SSLv3, TLSv1, TLSv1.1, TLSv1.2. Defaults to TLSv1.2, TLSv1.1, TLSv1. Defaults to the value of xpack.ssl.supported_protocols.
支持的带有版本的协议。合法取值为：SSLv2Hello, SSLv3, TLSv1, TLSv1.1, TLSv1.2. Defaults to TLSv1.2, TLSv1.1, TLSv1。默认是xpack.ssl.supported_protocols的值。

xpack.http.ssl.verification_mode

Controls the verification of certificates. Valid values are none, certificate, and full. Defaults to the value of xpack.ssl.verification_mode.
控制certificate的验证。合法取值是none、certificate和full。默认是xpack.ssl.verification_mode的值。

xpack.http.ssl.cipher_suites

Supported cipher suites can be found in Oracle’s Java Cryptography Architecture documentation. Defaults to the value of xpack.ssl.cipher_suites.
支持的加密包可以在Oracle的Java Cryptography Architecture documentation上找到。默认是xpack.ssl.cipher_suites的值。

Watcher TLS/SSL Key and Trusted Certificate Settings

观察器的TLS/SSL的key和可信的certificate设置

The following settings are used to specify a private key, certificate, and the trusted certificates that should be used when communicating over an SSL/TLS connection. If none of the settings below are specified, the Default TLS/SSL Settings are used. A private key and certificate are optional and would be used if the server requires client authentication for PKI authentication. If none of the settings below are specified, the Default TLS/SSL Settings are used.
下面的设置用于使用来指定私钥、certificate和可信的certificate用于基于SSL/TLS通信使用。如果没有指定下面的设置，默认的TLS/SSL设置被使用。私钥和certificate是可选的并且如果服务器要求客户端授权用于PKI的认证。如果没有指定下面的设置，会使用默认的TLS/SSL设置。

PEM Encoded Files

PEM编码文件

When using PEM encoded files, use the following settings:
当使用PEM编码文件时，可以使用如下的设置：

xpack.http.ssl.key

Path to a PEM encoded file containing the private key.
PEM编码文件的路径包含私钥。

xpack.http.ssl.key_passphrase

The passphrase that will be used to decrypt the private key. This value is optional as the key may not be encrypted.
密码用于加密私钥。这个值是可选的由于key可能没有被加密。

xpack.http.ssl.certificate

Path to a PEM encoded file containing the certificate (or certificate chain) that will be presented when requested.
PEM编码文件的路径包含certificate（或certificate链）将会用于请求时的展示。

xpack.http.ssl.certificate_authorities

List of paths to the PEM encoded certificate files that should be trusted.
PEM编码的certificate文件的路径列表应当是可信的。

Java Keystore Files

Java的Keystore文件

When using Java keystore files (JKS), which contain the private key, certificate and certificates that should be trusted, use the following settings:
当使用Java的keystore文件（JKS）时，包含私钥、certificate和可信的certificate，使用如下的设置。

xpack.http.ssl.keystore.path

Path to the keystore that holds the private key and certificate.
keystore的路径保存私钥和certificate。

xpack.http.ssl.keystore.password

Password to the keystore.
用于keystore的密码。

xpack.http.ssl.keystore.key_password

Password for the private key in the keystore. Defaults to the same value as xpack.http.ssl.keystore.password.
用于在keystore中的私钥的密码。默认是xpack.http.ssl.keystore.password的值。

xpack.http.ssl.truststore.path

Path to the truststore file.
truststore文件的路径。

xpack.http.ssl.truststore.password

Password to the truststore.
用于truststore的密码。

Email Notification Settings

Email通知设置

You can configure the following email notification settings in elasticsearch.yml. For more information about sending notifications via email, see Configuring Email.
你可以在elasticsearch.yml中配置下面的email通知设置。有关更多通过email发送通知的内容，见Configuring Email。

xpack.notification.email.account

Specifies account information for sending notifications via email. You can specify the following email account attributes:
指定用户信息用于通过email发送通知。你可以指定下列的email用户属性。

profile
The email profile to use to build the MIME messages that are sent from the account. Valid values: standard, gmail and outlook. Defaults to standard.
email属性用于构建MIME消息可以来自用户。合法取值是：standard、gmail和outlook。默认是standard。
email_defaults.*
An optional set of email attributes to use as defaults for the emails sent from the account. See Email Action Attributes for the supported attributes.
email属性的可选集合默认用于用户发送邮件。见Email Action Attributes来了解支持的属性。
smtp.auth
Set to true to attempt to authenticate the user using the AUTH command. Defaults to false.
设置为true将会使用AUTH命令来验证用户。默认是false。
smtp.host
The SMTP server to connect to. Required.
用于连接的SMTP服务器。必输项。
smtp.port
The SMTP server port to connect to. Defaults to 25.
用于连接的STMP服务器端口。默认是25.
smtp.user
The user name for SMTP. Required.
用于SMTP的用户名。必输项。
smtp.password
The password for the specified SMTP user.
用于指定STMP用户的密码。
smtp.starttls.enable
Set to true to enable the use of the STARTTLS command (if supported by the server) to switch the connection to a TLS-protected connection before issuing any login commands. Note that an appropriate trust store must configured so that the client will trust the server’s certificate. Defaults to false.
设置为true启用STARTTLS命令的使用（如果服务器支持的话）来切换连接为TLS保护的连接在登录命令之前。注意适当的可信存储必须被配置因此客户端将会相信服务器的certificate。默认是false。
smtp.*
SMTP attributes that enable fine control over the SMTP protocol when sending messages. See com.sun.mail.smtp for the full list of SMTP properties you can set. Note that all timeouts (writetimeout, connection_timeout and timeout) default to 2 minutes.
SMTP属性开启适当的控制基于SMTP协议当发送消息时。见com.sun.mail.smtp来了解你可以设置的SMTP属性的完整清单。 注意所有的超时（读超时、连接超时和超时）默认设置都是2分钟。

xpack.notification.email.html.sanitization.allow

Specifies the HTML elements that are allowed in email notifications. For more information, see Configuring HTML Sanitization Options. You can specify individual HTML elements and the following HTML feature groups:
指定允许使用在email通知中的HTML元素。有关更多的信息，见Configuring HTML Sanitization Options。你可以指定独立的HTML元素和下面的HTML特性组：
_tables
All table related elements: <table>, <th>, <tr> and <td>.
所有表格相关的元素：<table>、 <th>、 <tr> 和 <td>。
_blocks
The following block elements: <p>, <div>, <h1>, <h2>, <h3>, <h4>, <h5>, <h6>, <ul>, <ol>, <li>, and <blockquote>.
下面的块元素： <p>、 <div>、 <h1>、 <h2>、 <h3>、 <h4>、 <h5>、 <h6>、 <ul>、 <ol>、 <li>, 和 <blockquote>。
_formatting
The following inline formatting elements: <b>, <i>, <s>, <u>, <o>, <sup>, <sub>, <ins>, <del>, <strong>, <strike>, <tt>, <code>, <big>, <small>, <br>, <span>, and <em>.
下面的内联的格式元素：<b>、 <i>、 <s>、 <u>、 <o>、 <sup>、 <sub>、 <ins>、 <del>、 <strong>、 <strike>、 <tt>、 <code>、 <big>、 <small>、 <br>、 <span>, 和 <em>。
_links
The <a> element with an href attribute that points to a URL using the following protocols: http, https and mailto.
带有href属性的<a>元素指向的URL使用下面的协议：http、https和mailto。
_styles
The style attribute on all elements. Note that CSS attributes are also sanitized to prevent XSS attacks.
对于所有元素的style属性。注意CSS也要注意防止XSS攻击。
img , img:all
All images (external and embedded).
所有的图片（外置和内嵌的）。
img:embedded
Only embedded images. Embedded images can only use the cid: URL protocol in their src attribute.
只有内嵌的图片。内嵌的图片只能使用cid：URL协议在src属性中。

xpack.notification.email.html.sanitization.disallow

Specifies the HTML elements that are NOT allowed in email notifications. You can specify individual HTML elements and HTML feature groups.
指定HTML元素不允许出现在email通知中。你可以独立指定HTML元素和HTML特性组。

xpack.notification.email.html.sanitization.enabled

Set to false to completely disable HTML sanitation. Not recommended. Defaults to true.
设置为false来完全关闭HTML的元素使用。不建议。默认是true。

HipChat Notification Settings

HipChat通知的设置

You can configure the following HipChat notification settings in elasticsearch.yml. For more information about sending notifications via HipChat, see Configuring HipChat.
你可以在elasticsearch.yml中配置下面的HipChat通知设置。有关更多通过HipChat发送通知的设置，详见Configuring HipChat。

xpack.notification.hipchat

Specifies account information for sending notifications via HipChat. You can specify the following HipChat account attributes:
指定用户信息用于通过HipChat来发送通知。你可以指定下面的HipChat的用户属性：
profile
The HipChat account profile to use: integration, user, or v1. Required.
使用的HipChat用户数据：integration、user或v1.必输项。
auth_token
The authentication token to use to access the HipChat API. Required.
授权来访问HipChat的API的令牌。必输项。
host
The HipChat server hostname. Defaults to api.hipchat.com.
HipChat服务器的主机名。默认是api.hipchat.com。
port
The HipChat server port number. Defaults to 443.
HipChat服务器端口。默认是443.
room
The room you want to send messages to. Must be specified if the profile is set to integration. Not valid for the user or vi profiles.
你希望发送消息的room。必须被指定如果profile被设置为integration时。当设置为user或v1时不可用。
user
The HipChat user account to use to send messages. Specified as an email address. Must be specified if the profile is set to user. Not valid for the integration or v1 profiles.
使用来发送消息的HipChat用户账号。指定为emaill地址。必须被指定如果profile被设置为user的话。当profile为integration或v1时不可用。
message.format
The format of the message: text or html. Defaults to html.
消息的格式。text或html。默认是html。
message.color
The background color of the notification in the room. Defaults to yellow.
在room中通知的背景色。默认是yellow。
message.notify
Indicates whether people in the room should be actively notified. Defaults to false.
指定在room中的用户是否应当是被激活通知。默认是false。

Slack Notification Settings

Slack通知设置

You can configure the following Slack notification settings in elasticsearch.yml. For more information about sending notifications via Slack, see Configuring Slack.
你可以在elasticsearch.yml中配置下面的Slack通知设置。有关更多的通过Slack发送通知的内容，见Configuring Slack。

xpack.notification.slack

Specifies account information for sending notifications via Slack. You can specify the following Slack account attributes:
指定通过Slack发送通知的用户信息。你可以指定下面的用户属性。
url
The Incoming Webhook URL to use to post messages to Slack. Required.
输入的Webhook的URL来使用发送消息给Slack。必输项。
message_defaults.from
The sender name to display in the Slack message. Defaults to the watch ID.
发送者的名字来展示在Slack消息中。默认是watch的ID。
message_defaults.to
The default Slack channels or groups you want to send messages to.
默认的你希望发送消息的渠道或组。
message_defaults.icon
The icon to display in the Slack messages. Overrides the incoming webhook’s configured icon. Accepts a public URL to an image.
展示在Slack消息中的图表。覆盖输入的webhook的配置的图表。接受一个公共的URL对于图片。
message_defaults.text
The default message content.
默认的消息内容。
message_defaults.attachment
Default message attachments. Slack message attachments enable you to create more richly-formatted messages. Specified as an array as defined in the Slack attachments documentation.
默认的消息附件。Slack消息附件允许你创建更多富格式化的消息。指定一个数组定义在Slack attachments documentation中。

Jira Notification Settings

Jira的通知设置

You can configure the following Jira notification settings in elasticsearch.yml. For more information about using notifications to create issues in Jira, see Configuring Jira.
你可以在elasticsearch.yml中配置下面的Jira通知设置。

xpack.notification.jira

Specifies account information for using notifications to create issues in Jira. You can specify the following Jira account attributes:
指定用户信息用于创建通知在Jira中创建讨论。你可以指定相爱无的Jira用户属性：
url
The URL of the Jira Software server. Required.
Jira软件服务器的URL。必输项。
user
The name of the user to connect to the Jira Software server. Required.
连接Jira软件服务器的用户的名字。必输项。
password
The password of the user to connect to the Jira Software server. Required.
连接Jira软件服务器的用户的密码。必输项。
issue_defaults
Default fields values for the issue created in Jira. See Jira Action Attributes for more information. Optional.
默认域值用于在Jira中创建讨论。见Jira Action Attributes来了解更多的信息。可选项。

PagerDuty Notification Settings

PagerDuty的通知设置

You can configure the following PagerDuty notification settings in elasticsearch.yml. For more information about sending notifications via PagerDuty, see Configuring PagerDuty.
你可以在elasticsearch.yml中配置如下的pagerDuty的通知设置。有关更多通过PagerDuty发送通知的内容，见Configuring PagerDuty。

xpack.notification.pagerduty

Specifies account information for sending notifications via PagerDuty. You can specify the following PagerDuty account attributes:
指定通过PagerDuty发送通知的用户信息。你可以指定如下的PagerDuty用户属性：
name
A name for the PagerDuty account associated with the API key you are using to access PagerDuty. Required.
用于PagerDuty用户的名字连接API的key你可以使用来访问PagerDuty。必输项。
service_api_key
The PagerDuty API key to use to access PagerDuty. Required.
PagerDuty的API的key用于访问PagerDuty。必输项。
event_defaults
Default values for PagerDuty event attributes. Optional.
用于PagerDuty事件属性的默认值。可选项。

description

A string that contains the default description for PagerDuty events. If no default is configured, each PagerDuty action must specify a description.
字符串包含对于PagerDuty事件的默认描述。如果没有指定默认值，每个PagerDuty动作必须指定其相应的描述。

incident_key

A string that contains the default incident key to use when sending PagerDuty events.
字符串包含默认的incident的key使用当发送PagerDuty事件时。

client

A string that specifies the default monitoring client.
字符串指定默认的监控客户端。

client_url

The URL of the default monitoring client.
默认的监控客户端的URL。

event_type

The default event type. Valid values: trigger,resolve, acknowledge.
默认的事件类型。合法取值为：trigger、resolve、acknowledge。

attach_payload

Whether or not to provide the watch payload as context for the event by default. Valid values: true, false.
是否提供watch的负载作为上下文应用于默认的事件。合法取值为：true、false。