Summary
{
"_id": "oL-Gx3sBAykVLJegWAeU",
"_index": ".ds-logs-elastic_agent.metricbeat-default-2021.08.20-000005",
"_score": "1",
"_type": "_doc",
"@timestamp": "2021-09-08T22:27:53.683Z",
"agent": {
"ephemeral_id": "25f42c34-bf82-4c92-aa54-ec4e766a249e",
"hostname": "XXXXXXX",
"id": "5e7e18af-79c8-4b04-8b0e-0b453a330572",
"name": "XXXXXX",
"type": "filebeat",
"version": "7.14.1"
},
"data_stream": {
"dataset": "elastic_agent.metricbeat",
"namespace": "default",
"type": "logs"
},
"ecs": {
"version": "1.10.0"
},
"elastic_agent": {
"id": "5e7e18af-79c8-4b04-8b0e-0b453a330572",
"snapshot": "false",
"version": "7.14.1"
},
"event": {
"dataset": "elastic_agent.metricbeat"
},
"host": {
"architecture": "x86_64",
"hostname": "XXXXXX",
"id": "99a8f794-5c97-41d5-80b2-fdfd04239a95",
"ip": "XXXXXX",
"mac": "XXXXXX",
"name": "XXXXXX",
"os": {
"build": "17763.2145",
"family": "windows",
"kernel": "10.0.17763.2145 (WinBuild.160101.0800)",
"name": "Windows Server 2019 Standard",
"platform": "windows",
"type": "windows",
"version": "10.0"
}
},
"input": {
"type": "filestream"
},
"log": {
"level": "warn",
"logger": "elasticsearch",
"offset": "2363",
"origin": {
"file": {
"line": "405",
"name": "elasticsearch/client.go"
}
},
"path": "C:\Program Files\Elastic\Agent\data\elastic-agent-703d58\logs\default\metricbeat-json.log"
},
"message": "Cannot index event publisher.Event{Content:beat.Event{Timestamp:time.Time{wall:0xc0466c1a2408d058, ext:58912880251701, loc:(*time.Location)(0x6c50160)}, Meta:null, Fields:{"agent":{"ephemeral_id":"3667b3ac-16f9-405a-8d30-415ba1f66c37","hostname":"XXXXXX","id":"115e7c79-12fb-4019-a61d-c98b6537be67","name":"XXXXXX","type":"metricbeat","version":"7.14.1"},"ecs":{"version":"1.10.0"},"event":{"dataset":"system.process","duration":79533900,"module":"system"},"host":{"architecture":"x86_64","hostname":"XXXXXX","id":"99a8f794-5c97-41d5-80b2-fdfd04239a95","ip":["XXXXXX","XXXXXX"],"mac":["XXXXXX"],"name":"XXXXXX","os":{"build":"17763.2145","family":"windows","kernel":"10.0.17763.2145 (WinBuild.160101.0800)","name":"Windows Server 2019 Standard","platform":"windows","type":"windows","version":"10.0"}},"metricset":{"name":"process","period":10000},"process":{"args":["C:\\Windows\\system32\\lsass.exe"],"command_line":"C:\\Windows\\system32\\lsass.exe","cpu":{"pct":0.001900,"start_time":"2021-09-08T06:05:53.293Z"},"memory":{"pct":0.003600},"name":"lsass.exe","pgid":0,"pid":732,"ppid":580,"state":"running"},"service":{"type":"system"},"system":{"process":{"cmdline":"C:\\Windows\\system32\\lsass.exe","cpu":{"start_time":"2021-09-08T06:05:53.293Z","total":{"norm":{"pct":0.001900},"pct":0.007800,"value":285124.000000}},"memory":{"rss":{"bytes":31023104,"pct":0.003600},"size":16850944},"state":"running"}},"user":{"name":"NT AUTHORITY\\SYSTEM"}}, Private:interface {}(nil), TimeSeries:true}, Flags:0x0, Cache:publisher.EventCache{m:common.MapStr(nil)}} (status=403): {"type":"security_exception","reason":"action [indices:admin/auto_create] is unauthorized for API key id [XXXXXX] of user [elastic/fleet-server] on indices [metricbeat-7.14.1-2021.09.09], this action is granted by the index privileges [auto_configure,create_index,manage,all]"}",
"service": {
"name": "metricbeat"
}
}