Столкнулся с проблемой, под пользователем elastic не пускает в stack monitoring хотя до этого все работало.
в логах кибаны такое
"{ Error: [security_exception] action [indices:data/read/search[can_match]] is unauthorized for user [elastic] (and) [security_exception] action [indices:data/read/search[can_match]] is unauthorized for user [elastic] (and) [security_exception] action [indices:data/read/search[can_match]] is unauthorized for user [elastic]
at respond (/usr/share/kibana/node_modules/elasticsearch/src/lib/transport.js:349:15)\n at checkRespForFailure (/usr/share/kibana/node_modules/elasticsearch/src/lib/transport.js:306:7)
at HttpConnector.<anonymous> (/usr/share/kibana/node_modules/elasticsearch/src/lib/connectors/http.js:173:7)
at IncomingMessage.wrapper (/usr/share/kibana/node_modules/lodash/lodash.js:4949:19)
at IncomingMessage.emit (events.js:203:15)
at endReadableNT (_stream_readable.js:1145:12)
at process._tickCallback (internal/process/next_tick.js:63:19)
status: 403,
displayName: 'AuthorizationException',
message:
'[security_exception] action [indices:data/read/search[can_match]] is unauthorized for user [elastic] (and) [security_exception] action [indices:data/read/search[can_match]] is unauthorized for user [elastic] (and) [security_exception] action [indices:data/read/search[can_match]] is unauthorized for user [elastic]',
path:
'/*%3A.monitoring-es-6-*%2C*%3A.monitoring-es-7-*%2C.monitoring-es-6-*%2C.monitoring-es-7-*%2Cmetricbeat-*/_search',
query:
{ size: 10000,
ignore_unavailable: true,
filter_path:
'hits.hits._index,hits.hits._source.cluster_uuid,hits.hits._source.cluster_name,hits.hits._source.version,hits.hits._source.license.status,hits.hits._source.license.type,hits.hits._source.license.issue_date,hits.hits._source.license.expiry_date,hits.hits._source.license.expiry_date_in_millis,hits.hits._source.cluster_stats,hits.hits._source.cluster_state,hits.hits._source.cluster_settings.cluster.metadata.display_name' },
body:
{ error:
{ root_cause: [Array],
type: 'search_phase_execution_exception',
reason: 'all shards failed',
phase: 'can_match',
grouped: true,
failed_shards: [Array] },
status: 403 },
statusCode: 403,
response:
'{\"error\":{\"root_cause\":[{\"type\":\"security_exception\",\"reason\":\"action [indices:data/read/search[can_match]] is unauthorized for user [elastic]\"},{\"type\":\"security_exception\",\"reason\":\"action [indices:data/read/search[can_match]] is unauthorized for user [elastic]\"},{\"type\":\"security_exception\",\"reason\":\"action [indices:data/read/search[can_match]] is unauthorized for user [elastic]\"}],\"type\":\"search_phase_execution_exception\",\"reason\":\"all shards failed\",\"phase\":\"can_match\",\"grouped\":true,\"failed_shards\":[{\"shard\":0,\"index\":\".monitoring-es-7-mb-2020.12.03\",\"node\":\"wKGpMWv-RWmsQsbT-2q9jw\",\"reason\":{\"type\":\"security_exception\",\"reason\":\"action [indices:data/read/search[can_match]] is unauthorized for user [elastic]\",\"caused_by\":{\"type\":\"illegal_state_exception\",\"reason\":\"There are no external requests known to support wildcards that don\\'t support replacing their indices\"}}},{\"shard\":0,\"index\":\".monitoring-es-7-mb-2020.12.04\",\"node\":\"0Kr0JkebTY6Ln93_uB1caA\",\"reason\":{\"type\":\"security_exception\",\"reason\":\"action [indices:data/read/search[can_match]] is unauthorized for user [elastic]\",\"caused_by\":{\"type\":\"illegal_state_exception\",\"reason\":\"There are no external requests known to support wildcards that don\\'t support replacing their indices\"}}},{\"shard\":0,\"index\":\"metricbeat-7.10.0-2020.12.03-000001\",\"node\":\"0Kr0JkebTY6Ln93_uB1caA\",\"reason\":{\"type\":\"security_exception\",\"reason\":\"action [indices:data/read/search[can_match]] is unauthorized for user [elastic]\",\"caused_by\":{\"type\":\"illegal_state_exception\",\"reason\":\"There are no external requests known to support wildcards that don\\'t support replacing their indices\"}}}]},\"status\":403}',
toString: [Function],\n toJSON: [Function] }"
x-pack-security: true