Hello,
we have recently swapped to use api keys and created api key for logstash monitoring.
As written here: Configuring Security in Logstash | Logstash Reference [7.9] | Elastic
POST /_security/api_key
{
"name": "logstash_host001",
"role_descriptors": {
"logstash_monitoring": {
"cluster": ["monitor"],
"index": [
{
"names": [".monitoring-ls-*"],
"privileges": ["create_index", "create"]
}
]
}
}
}
But than we got 403:
[2021-06-18T13:13:00,558][ERROR][logstash.outputs.elasticsearchmonitoring][.monitoring-logstash][3b38853896d8e0a599613f348f4208e1c52e98c142d5d7336063ce90a8142ec0] Encountered a retryable error. Will Retry with exponential backoff {:code=>403, :url=>"https://10.194.144.62:9200/_monitoring/bulk?system_id=logstash&system_api_version=7&interval=1s"}
I bet we miss some rights?