Apm_internal failed

Elastic Observability APM
1

Hi,

I created group and user

POST _xpack/security/role/apm_writer
{
"cluster": ["manage_index_templates","monitor"],
"indices": [
{
"names": [ "apm-*" ],
"privileges": ["write","create_index"]
}
]
}

POST /_xpack/security/user/apm_internal
{
"password" : "xxxxxxxx:",
"roles" : [ "apm_writer","kibana_user"],
"full_name" : "Internal APM Server User"
}

successfully

But i had this message when started :slight_smile:

ipeline/output.go:121 Failed to publish events: 403 Forbidden: {"error":{"root_cause":[{"type":"security_exception","reason":"action [cluster:admin/xpack/monitoring/bulk] is unauthorized for user [apm_internal]"}],"type":"security_exception","reason":"action [cluster:admin/xpack/monitoring/bulk] is unauthorized for user [apm_internal]"},"status":403}

If i add cluster:all it works !

Any idea ?

2

Hi,
did you see that from 6.5 on there is a built-in apm_system user with the apm_system role that has privileges to write system-level data (such as monitoring) ?

3

yes but one for monitoring and one to connect

4

Tx Silvia !

5

This topic was automatically closed 20 days after the last reply. New replies are no longer allowed.