APM Server failed to index event (security_exception): action [indices:admin/auto_create] is unauthorized for user

CodeToElastic · April 1, 2022, 12:58pm

Kibana version: 8.0.0

Elasticsearch version: 8.0.0

APM Server version: 8.0.0

APM Agent language and version: JAVA 11

Browser version: Chrome

Original install method (e.g. download page, yum, deb, from source, etc.) and version: Deployed ELK stack with APM server using Helm3 and ECK operator in Azure kubernetes env.

Fresh install or upgraded from other version? Fresh

Is there anything special in your setup? NO

I'm exploring APM for microservices. Servers are running fine in k8s.
Added apm agent to microservice and its able to send logs to apm server but APM is not able to send logs to Elasticsearch.

apm server logs

{"log.level":"info","@timestamp":"2022-04-01T10:08:11.758Z","log.logger":"request","log.origin":{"file.name":"middleware/log_middleware.go","file.line":61},"message":"request accepted","service.name":"apm-server","url.original":"/intake/v2/events","http.request.method":"POST","user_agent.original":"apm-agent-java/1.29.0 (apm-rules 0.0.1-SNAPSHOT)","source.address":"10.244.16.157","http.request.id":"95caa481-eb81-4671-bf28-c556295856a3","event.duration":10012098365,"http.response.status_code":202,"ecs.version":"1.6.0"}
{"log.level":"error","@timestamp":"2022-04-01T10:08:12.335Z","log.logger":"modelindexer","log.origin":{"file.name":"modelindexer/indexer.go","file.line":388},"message":"failed to index event (security_exception): action [indices:admin/auto_create] is unauthorized for user [efk-dev-efk-dev-apm-user] with roles [apm_system,eck_apm_user_role_v75,ingest_admin] on indices [metrics-apm.app.apm_sync_data-default], this action is granted by the index privileges [auto_configure,create_index,manage,all]","service.name":"apm-server","ecs.version":"1.6.0"}

failed to index event (security_exception): action [indices:admin/auto_create] is unauthorized for user [efk-dev-efk-dev-apm-user] with roles [apm_system,eck_apm_user_role_v75,ingest_admin] on indices [metrics-apm.app.apm_sync_data-default]

apmserver.yaml

apiVersion: apm.k8s.elastic.co/v1
kind: ApmServer
metadata:
  name: {{ .Release.Name }}
  namespace: efk-dev
spec:
  type: ApmServer
  version: {{ .Values.elasticStackVersion }}
  count: 1
  elasticsearchRef:
    name: {{ .Release.Name }}
  kibanaRef:
    name: {{ .Release.Name }}
  podTemplate:
    spec:
      containers:
        - name: apm-server
          resources:
            limits:
              memory: 1Gi
              cpu: 1

system · April 22, 2022, 8:59am

This topic was automatically closed 20 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
ECK apm server failed to to index event (security_exception): action [indices:admin/auto_create] APM elastic-stack-security , java , server	7	520	October 24, 2023
Authentication failed in APM Server in 7.17.4 but works in 8.2.0 APM docker , java	7	2435	July 18, 2022
Security-exception-action-[indices:admin/settings/update] is unauthorized for user [kibana] on indices [apm-7.6.0-error-000001] Elasticsearch elastic-stack-security	3	1700	June 1, 2021
Error Elastic APM Self Hosting APM elastic-stack-security , fleet , server	9	618	June 21, 2022
Unauthorized elastic-stack-apm-apm-user user failed to index document metrics-apm indices APM server	3	253	November 15, 2023

APM Server failed to index event (security_exception): action [indices:admin/auto_create] is unauthorized for user

Related topics