Can't get logstash user to authenticate to ES

Hey guys,

I have a user setup with the logstash role:

[root@logs:~] #esusers list|grep ls_admin
ls_admin : logstash

I've got him defined in my elasticsearch section of my output filter:

output {
elasticsearch {
hosts => ["", "", "xx.xx.xx.xx:9200"]
user => "ls_admin"
password => "secret"

And in my roles.yml fie I have my logstash role defined defined this way:

The required role for logstash users

- manage_index_templates
- names: 'logstash-*'
- write
- read
- create_index
- cluster:monitor/nodes/info
- cluster:monitor/health

Restarted elasticsearch. And I am still unable to create indexes with the ls_admin user and I am still unable to access the monitoring API's.

[root@logs:~] #curl -u ls_admin:$ES_PASS localhost:9200/test_index -XPUT
{"error":{"root_cause":[{"type":"security_exception","reason":"action [indices:admin/create] is unauthorized for user [ls_admin]"}],"type":"security_exception","reason":"action [indices:admin/create] is unauthorized for user [ls_admin]"},"status":403}[root@logs:~] #

[root@logs:~] #curl -u ls_admin:$ES_PASS localhost:9200/_cluster/health?pretty
"error" : {
"root_cause" : [ {
"type" : "security_exception",
"reason" : "action [cluster:monitor/health] is unauthorized for user [ls_admin]"
} ],
"type" : "security_exception",
"reason" : "action [cluster:monitor/health] is unauthorized for user [ls_admin]"
"status" : 403

What am I doing wrong and how can I correct this?


The two apis that you tried to use are not authorized for the logstash user based on the role.

Maybe try curl -u ls_admin:$ES_PASS localhost:9200/logstash-test -XPUT and see if that works. This way we can tell if they user is working.

Yeah I just tried that and it's still not working!

[root@logs:~] #curl -u ls_admin:$ES_PASS localhost:9200/logstash-test -XPUT
{"error":{"root_cause":[{"type":"security_exception","reason":"action [indices:admin/create] is unauthorized for user [ls_admin]"}],"type":"security_exception","reason":"action [indices:admin/create] is unauthorized for user [ls_admin]"},"status":403}

Any ideas how I can correct this?

Did you manage to find a solution for this?
I've got the same issue.

Please start a new thread for your issue, and provide as much detail as you can.