Elastic Agent Configured By Fleet - Integrations Using MetricBeat - this action is granted by the index privileges error

I am running into an issue when trying to use Elastic Fleet and the elastic agents. I am using 8.4.1 for all parts (kibana, elastic, elastic-agent).

I was able to setup a elastic-agent on the elastic/kibana server to serve as the fleet server. Then I installed the elastic agent on one of my different servers and was able to get it to show as healthy and reporting in. I am not receiving any logs or metrics though. I installed the integrations for docker and elastic agent, so I should be receiving something.

I noticed in the state/data/logs/default/metricbeat-20220916 the agent is attempting to talk to the elastic server, but getting authentication errors like this:

{"log.level":"error","@timestamp":"2022-09-16T21:01:42.376Z","log.logger":"publisher_pipeline_output","log.origin":{"file.name":"pipelin
e/client_worker.go","file.line":150},"message":"Failed to connect to backoff(elasticsearch(SERVER_ADDRESS_HERE)): 4
03 Forbidden: {\"error\":{\"root_cause\":[{\"type\":\"security_exception\",\"reason\":\"action [indices:admin/get] is unauthorized for A
PI key id [Zx4OSIMB9E5jy0DuiBc3] of user [elastic/fleet-server], this action is granted by the index privileges [view_index_metadata,man
age,all]\"}],\"type\":\"security_exception\",\"reason\":\"action [indices:admin/get] is unauthorized for API key id [Zx4OSIMB9E5jy0DuiBc
3] of user [elastic/fleet-server], this action is granted by the index privileges [view_index_metadata,manage,all]\"},\"status\":403}","
service.name":"metricbeat","ecs.version":"1.6.0"}

For the setup, I only used the kibana web interface to setup the fleet server and adding the integrations to the agent.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.