Sorry, I made a mistake in password for elastic user earlier and response was wrong.
So new queries and responses are below.
curl -XPOST -u elastic:password 'https://myhost:9200/*:.monitoring-es-7-*,.monitoring-es-7-*/_search?pretty'
{
"error" : {
"root_cause" : [
{
"type" : "security_exception",
"reason" : "action [indices:data/read/search[phase/query]] is unauthorized for user [elastic]"
},
{
"type" : "security_exception",
"reason" : "action [indices:data/read/search[phase/query]] is unauthorized for user [elastic]"
},
{
"type" : "security_exception",
"reason" : "action [indices:data/read/search[phase/query]] is unauthorized for user [elastic]"
},
{
"type" : "security_exception",
"reason" : "action [indices:data/read/search[phase/query]] is unauthorized for user [elastic]"
},
{
"type" : "security_exception",
"reason" : "action [indices:data/read/search[phase/query]] is unauthorized for user [elastic]"
},
{
"type" : "security_exception",
"reason" : "action [indices:data/read/search[phase/query]] is unauthorized for user [elastic]"
},
{
"type" : "security_exception",
"reason" : "action [indices:data/read/search[phase/query]] is unauthorized for user [elastic]"
}
],
"type" : "search_phase_execution_exception",
"reason" : "all shards failed",
"phase" : "query",
"grouped" : true,
"failed_shards" : [
{
"shard" : 0,
"index" : ".monitoring-es-7-2020.09.24",
"node" : "9FcVASLhQaecOi41I6Nu0g",
"reason" : {
"type" : "security_exception",
"reason" : "action [indices:data/read/search[phase/query]] is unauthorized for user [elastic]",
"caused_by" : {
"type" : "illegal_state_exception",
"reason" : "There are no external requests known to support wildcards that don't support replacing their indices"
}
}
},
{
"shard" : 0,
"index" : ".monitoring-es-7-2020.09.25",
"node" : "9FcVASLhQaecOi41I6Nu0g",
"reason" : {
"type" : "security_exception",
"reason" : "action [indices:data/read/search[phase/query]] is unauthorized for user [elastic]",
"caused_by" : {
"type" : "illegal_state_exception",
"reason" : "There are no external requests known to support wildcards that don't support replacing their indices"
}
}
},
{
"shard" : 0,
"index" : ".monitoring-es-7-2020.09.26",
"node" : "9FcVASLhQaecOi41I6Nu0g",
"reason" : {
"type" : "security_exception",
"reason" : "action [indices:data/read/search[phase/query]] is unauthorized for user [elastic]",
"caused_by" : {
"type" : "illegal_state_exception",
"reason" : "There are no external requests known to support wildcards that don't support replacing their indices"
}
}
},
{
"shard" : 0,
"index" : ".monitoring-es-7-2020.09.27",
"node" : "9FcVASLhQaecOi41I6Nu0g",
"reason" : {
"type" : "security_exception",
"reason" : "action [indices:data/read/search[phase/query]] is unauthorized for user [elastic]",
"caused_by" : {
"type" : "illegal_state_exception",
"reason" : "There are no external requests known to support wildcards that don't support replacing their indices"
}
}
},
{
"shard" : 0,
"index" : ".monitoring-es-7-2020.09.28",
"node" : "0HC5iE8ITcqRY7kFPem6rQ",
"reason" : {
"type" : "security_exception",
"reason" : "action [indices:data/read/search[phase/query]] is unauthorized for user [elastic]",
"caused_by" : {
"type" : "illegal_state_exception",
"reason" : "There are no external requests known to support wildcards that don't support replacing their indices"
}
}
},
{
"shard" : 0,
"index" : ".monitoring-es-7-2020.09.29",
"node" : "9FcVASLhQaecOi41I6Nu0g",
"reason" : {
"type" : "security_exception",
"reason" : "action [indices:data/read/search[phase/query]] is unauthorized for user [elastic]",
"caused_by" : {
"type" : "illegal_state_exception",
"reason" : "There are no external requests known to support wildcards that don't support replacing their indices"
}
}
},
{
"shard" : 0,
"index" : ".monitoring-es-7-2020.09.30",
"node" : "Zy4jPFsyR_S6mvlUQJOxDg",
"reason" : {
"type" : "security_exception",
"reason" : "action [indices:data/read/search[phase/query]] is unauthorized for user [elastic]",
"caused_by" : {
"type" : "illegal_state_exception",
"reason" : "There are no external requests known to support wildcards that don't support replacing their indices"
}
}
}
]
},
"status" : 403
}
and response for
curl -XPOST -u elastic:password 'https://myhost:9200/.monitoring-es-7-*/_search?pretty'
is too long and looks as expected.