Apm_internal failed

Lo_Tel · November 21, 2018, 8:28am

Hi,

I created group and user

POST _xpack/security/role/apm_writer
{
"cluster": ["manage_index_templates","monitor"],
"indices": [
{
"names": [ "apm-*" ],
"privileges": ["write","create_index"]
}
]
}

POST /_xpack/security/user/apm_internal
{
"password" : "xxxxxxxx:",
"roles" : [ "apm_writer","kibana_user"],
"full_name" : "Internal APM Server User"
}

successfully

But i had this message when started

ipeline/output.go:121 Failed to publish events: 403 Forbidden: {"error":{"root_cause":[{"type":"security_exception","reason":"action [cluster:admin/xpack/monitoring/bulk] is unauthorized for user [apm_internal]"}],"type":"security_exception","reason":"action [cluster:admin/xpack/monitoring/bulk] is unauthorized for user [apm_internal]"},"status":403}

If i add cluster:all it works !

Any idea ?

simitt · November 23, 2018, 8:22am

Hi,
did you see that from 6.5 on there is a built-in apm_system user with the apm_system role that has privileges to write system-level data (such as monitoring) ?

Lo_Tel · November 23, 2018, 10:15am

yes but one for monitoring and one to connect

Lo_Tel · November 23, 2018, 10:29am

Tx Silvia !

system · December 14, 2018, 6:29am

This topic was automatically closed 20 days after the last reply. New replies are no longer allowed.