auditbeat_host001
elastic
reserved
August 5th 2020 15:15:14
Never
but on beat log i see:
Connection marked as failed because the onConnect callback failed: 403 Forbidden: {"error":{"root_cause":[{"type":"security_exception","reason":"action [cluster:admin/ilm/put] is unauthorized for API key id [0__CvnMByUXjOQWk9Wum] of user [elastic]"}],"type":"security_exception","reason":"action [cluster:admin/ilm/put] is unauthorized for API key id [0__CvnMByUXjOQWk9Wum] of user [elastic]"},"status":403}
am i missing something ? second question it is ok that this api key is generated for user elastic ? ;/
thanks for advice ..
cluster:admin/ilm/put is not a read_ilm action, it is part of manage_ilm.
Your beat is trying to configure ILM and the authorization system is preventing that (correctly) because your API Key is not permitted to update ILM policies.
Thanks for your reply ... but tell me what exactly that mean ? This error occur when i run setup ( so the Dashboards is deployed into kibana ) - so this is ok ? Secondly on this credentials this beat should working but only for deploying the Dashboards i need to change credentials ?
ok ... as i understand the setup operation need more privileges (for deploying dashboards ) - it is clear ... but after when i deploy dashboards (used elastic user and password) i change the config file to use api-key ... and i still have
Aug 11 09:36:11 radius auditbeat: 2020-08-11T09:36:11.261+0200#011ERROR#011[publisher_pipeline_output]#011pipeline/output.go:155#011Failed to connect to backoff(elasticsearch(https://kibana-host.xxx.xxx:9200)): Connection marked as failed because the onConnect callback failed: failed to check for alias 'auditbeat-7.8.1': (status=403) : 403 Forbidden:
can you tell me how to fix it ? or what post i need to send to fix it ? ..
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.