Version: 7.9.2
ECK 1.5.0
Steps to Reproduce: configure filebeat with enrichment pipeline and start ingestion
Hi,
I am trying to add an automatic enrichment to a filebeat getting PaloAlto firewall logs but enrichment is failing with:
error.message action [indices:data/read/xpack/enrich/coordinate_lookups] is unauthorized for user [siem-filebeat-panos-beat-user]
The document gets added to ElasticSearch with incomplete information.
Unfortunatelly in the user management I cannot locate the user in question to grant extra privileges.
Anyone got some idea ? I managed only to get it working with a custom user but the user that ECK is setting up seems to miss privileges.