Hi. I've installed yet another instance of auditbeat for my SIEM. The configurations is same as other. But it can't connect to elastic because of not enough permissions (monitor/xpack/license/get).
Failed to connect to backoff(
elasticsearch(https://192.168.192.124:9200)):
Connection marked as failed because the onConnect callback failed: cannot retrieve the elasticsearch license from the /_license endpoint, Auditbeat requires the default distribution of Elasticsearch. Please make the endpoint accessible to Auditbeat so it can verify the license.: could not retrieve the license information from the cluster: 403 Forbidden:
{"error":{
"root_cause":[
{"type":"security_exception",
"reason":"no permissions for [cluster:monitor/xpack/license/get] and User [name=usr_logstash, backend_roles=[], requestedTenant=null]"}
]
Should I create new permissions to 'monitor/xpack/license/get'? Can I disable check xpack licence? If no, why it is working on other auditbeat instances?