Apm_internal failed

(Lo Tel) #1


I created group and user

POST _xpack/security/role/apm_writer
"cluster": ["manage_index_templates","monitor"],
"indices": [
"names": [ "apm-*" ],
"privileges": ["write","create_index"]

POST /_xpack/security/user/apm_internal
"password" : "xxxxxxxx:",
"roles" : [ "apm_writer","kibana_user"],
"full_name" : "Internal APM Server User"


But i had this message when started :slight_smile:

ipeline/output.go:121 Failed to publish events: 403 Forbidden: {"error":{"root_cause":[{"type":"security_exception","reason":"action [cluster:admin/xpack/monitoring/bulk] is unauthorized for user [apm_internal]"}],"type":"security_exception","reason":"action [cluster:admin/xpack/monitoring/bulk] is unauthorized for user [apm_internal]"},"status":403}

If i add cluster:all it works !

Any idea ?

(Silvia Mitter) #2

did you see that from 6.5 on there is a built-in apm_system user with the apm_system role that has privileges to write system-level data (such as monitoring) ?

(Lo Tel) #3

yes but one for monitoring and one to connect

(Lo Tel) #4

Tx Silvia !