Hi there,
I had a problem that I managed to resolve but it seems then that the documentation isn't completely accurate. Let me know if I should post this somewhere else.
So, when configuring Beats agents to send data to a cluster with security activated, I followed this documentation and configured a user having a "writer role" with the privileges create_doc
and view_index_metadata
for all the metricbeat-*
, filebeat-*
and other *beat-*
as specified in the doc. The Beats were able to connect to the cluster but no data was coming in.
The solution was to actually give this role the create_doc
and view_index_metadata
privileges for all indices *
and the data began flowing. As far as I know, it's not mentioned anywhere in the doc that privileges need to be applied to more than the specific *beat-*
indices.
Is it indeed a problem with the documentation ?
ps : my indices do have the regular patterns *beat-*
.
pps : I linked the doc for Metricbeat, but it's the same for others (here for Auditbeat)