For tasks like T116055 we need the ability for hadoop workers to send data to elasticsearch cluster. For that, we need to modify firewall configuration to allow outgoing connections (specific port is OK) to the cluster.
We do not think it would be a privacy issue since in order to use this connection you should already have access to hadoop workers/analytics cluster, at which time you will be able to see (and export) the data contained there anyway.
The hadoop workers all need to communicate with search.svc.eqiad.wmnet and search.svc.codfw.wmnet on port 9200. The servers behind this are firewalled, but port 9200 is open to 10.0.0.0/8.