I had a problem that I managed to resolve but it seems then that the documentation isn't completely accurate. Let me know if I should post this somewhere else.
So, when configuring Beats agents to send data to a cluster with security activated, I followed this documentation and configured a user having a "writer role" with the privileges
view_index_metadata for all the
filebeat-* and other
*beat-* as specified in the doc. The Beats were able to connect to the cluster but no data was coming in.
The solution was to actually give this role the
view_index_metadata privileges for all indices
* and the data began flowing. As far as I know, it's not mentioned anywhere in the doc that privileges need to be applied to more than the specific
Is it indeed a problem with the documentation ?
ps : my indices do have the regular patterns
pps : I linked the doc for Metricbeat, but it's the same for others (here for Auditbeat)